However, the scammer was able to access Antoinette’s banking via her mobile banking app and make unauthorised transactions totalling $32,000. The scammer accessed Antoinette’s mobile app by entering a PIN and then confirmed the transactions by sending an authentication code back to the bank via Antoinette’s mobile.
The bank refused to reimburse Antoinette for her loss, saying it considered she had been negligent by allowing the caller to gain remote access to her mobile.
Our investigation
We did not consider Antoinette had failed to take reasonable steps to protect her banking when she downloaded the remote access software on to her phone. She genuinely believed she was allowing her telecommunications provider to help fix a problem she was having with her phone.
The crucial question was how the scammer was able to access Antoinette’s banking app on her phone. The bank’s records showed numerous successful logins to the app using Antoinette’s app PIN. The bank’s view was that the only explanation was that Antoinette either disclosed the PIN to the scammer or logged in to her banking app herself while the caller had remote access to the device. However, we considered there was not sufficient evidence to support either scenario. Antoinette was adamant she never disclosed her banking app PIN and, in fact, never went near her banking app or discussed her banking with the scammer. She was equally adamant she kept her mobile face down and touched it only in order to enter a sequence of numbers to allow the remote access session to continue.
There were several other possibilities to explain how the scammer had been able to access Antoinette’s banking app. Antoinette had been receiving emails purportedly from her telecommunications company’s support team in the weeks before the scam, and these emails contained links to click on. On at least one occasion, Antoinette clicked on such a link. Also, scammers are increasingly embedding malware in links that can help them defraud anyone clicking on such a link. The bank did not look into any of these alternative possibilities.
In the circumstances, we were not satisfied Antoinette had failed to take reasonable steps to protect her banking.
Outcome
The bank offered Antoinette $25,000 to resolve the complaint, and Antoinette accepted the offer.
Print this page