Recommendation - 14 June 2017

Key Issues: Victim of internet banking fraud | Liability for unauthorised transactions | e-Payments Code | Savings account | Deposit-taking institution

Case summary

The consumer was the victim of internet banking fraud.  In this case, we found that the FSP acted in due, care and skill by implementing protection procedures, such as requiring a one-time password for new third party transactions, blocking an account when the one-time password was entered incorrectly, having a caller identification policy and freezing an account immediately after receiving a fraud alert. However, we had to determine whether the consumer should be held liable for the loss suffered. 

Under the ePayments Code, a consumer will be liable for the loss where the FSP can prove on the balance of probability that the consumer contributed to his loss by disclosing his pass codes to a third party. In this case, we found that the consumer should not be held liable for the loss suffered because there was no evidence that he voluntarily disclosed, did not keep secret or failed to protect the security for his pass codes.  

Follow this link for a full copy in PDF    Review |   Recommendation - 14 June 2017