Consumer a victim of fraud but bank not responsible for loss
Mr. E had a personal chequing and savings account at Bank Y. He enjoyed the convenience of online banking on his laptop and cell phone, and often accessed his bank accounts using Bank Y’s mobile application. Through e-mail, he received notifications from the bank about his account activity and liked being able to confirm account balances online. Mr. E had been a Bank Y customer for over 40 years.
One day, Mr. E received a notification that his chequing account balance was low. He logged in to check and nothing seemed out of the ordinary. But, shortly afterwards, Mr. E received another notification that e-transfers sent from the account were successful. Mr. E did not recognize the transactions and worried that fraud had occurred.
Mr. E used online banking to access his account again. According to his account activity, $10,000 had been transferred from his savings account to his chequing account and two e-transfers equal to $3,000 had been sent. Mr. E immediately notified Bank Y to report the transactions and the bank suspended access to his accounts. The bank also advised Mr. E to visit his branch.
At the branch, Mr. E disputed the transactions. The branch escalated his concerns to the internal fraud department for a thorough investigation. The fraud department later found that the transfer between Mr. E’s accounts and the e-transfers were initiated using his debit card number and the correct password. The evidence further indicated that Bank Y had fulfilled its obligation to protect Mr. E from fraud by sending a one-time passcode (OTP) which was successfully entered from his cell phone and authenticated. Consequently, Bank Y refused to reimburse Mr. E for his financial losses.
Mr. E believed that Bank Y failed to protect him from fraud and should replace the lost funds because he was a loyal customer.
Frustrated with the situation, Mr. E came to OBSI for help.
Complaint not upheld
During our investigation, we reviewed the details of Bank Y’s investigation and interviewed Mr. E. Mr. E said his devices were password protected, all his passwords were kept confidential, and no one else had access to his bank accounts. He told us that he did not receive any suspicious emails, phone calls or text messages at the time of the disputed transactions nor had he received an OTP on his cell phone.
Bank Y told us that they had provided protections against fraud when, in addition to password protecting Mr. E’s accounts, it sent an OTP to his cell phone and required authentication to verify his identity. Bank Y provided us with detailed records of the transactions in Mr. Y’s account which showed that the transactions were appropriately authorized with the entry of the correct OTP.
We concluded that if Mr. E had not authorized the e-transfers, someone else had accessed his account information and one-time passcode. As a result, Mr. E had contributed to the unauthorized transactions by not adequately safeguarding his accounts – an important obligation outlined in his account-opening agreements. Given the evidence, we had no basis to recommend compensation.