Consumer responsible for unauthorized transactions after not taking enough care to protect his debit card and PIN
Key lessons:
- If you have a debit card, you have agreed to use it subject to the obligations in the cardholder agreement you made with your bank when the card was issued. Breaching these requirements can leave you responsible for any financial losses that occur.
- Cardholder agreements include a number of important obligations, including being careful to keep your card number, PIN (personal identification number) and bank passwords confidential at all times. If you have not protected your account or have shared your account information with others, your bank can hold you responsible for any losses that result from unauthorized transactions.
- You should never share or give others access to your bank account information. If you do, your account information could fall into the wrong hands and leave you the victim of fraud.
Consumer learns of fraudulent activity after closing bank account
Mr. J had a debit card and used his computer and mobile device to access his account through online banking. He protected both devices with a long password, but he also took some risks with his account information. For example, sometimes, Mr. J would give his roommates access to his computer, which had a password similar to the one he used for online banking.
When Mr. J was in the process of moving to a new residence, he left a bag containing his debit card and other items in the building’s storage locker. The building’s superintendent and Mr. J’s roommates also had access to the storage locker.
Four weeks after his move, Mr. J contacted his bank to close the account associated with the debit card because he had established a banking relationship with another bank. The bank closed the account, as requested, and the balance in the account was zero.
Shortly afterwards, the bank contacted Mr. J to tell him that two mobile cheques deposited into his old account prior to closure had been returned as fraudulent, so they had reopened his account with a negative balance to reflect this. During this phone call with the bank, Mr. J told the representative he hadn’t made any deposits and that his debit card must have been stolen from his storage locker. Later that day, Mr. J visited a bank branch to document in writing that the cheque deposits to his old account were unauthorized transactions. The bank submitted the paperwork to their fraud department to review.
Following Mr. J’s visit to the branch, the bank discovered that another three mobile cheques had been deposited, and multiple withdrawals and purchases had been made using the debit card before Mr. J’s account was closed. These cheques, like the ones before, were also returned as fraudulent and the amounts were added to the negative balance in Mr. J’s account. Mr. J went back to the bank branch to dispute these additional transactions.
At this point, he was disputing over $7,000 in fraudulent deposits and withdrawals from his account before he had closed it.
Bank finds no evidence of fraud
The bank investigated but could not confirm whether any of the transactions Mr. J disputed were fraudulent. When reviewing these transactions, the bank found that the fraudulent deposits had been made by someone who knew the debit card number and password required to make mobile cheque deposits to Mr. J’s account as well as access to Mr. J’s mobile device, which he still had in his possession. The bank also found that the person who had made these purchases and withdrawals had been in possession of Mr. J’s debit card and had correctly entered his PIN. The bank noted that there were no incidences when Mr. J’s PIN or password had been entered incorrectly.
Based on its fraud investigation, the bank concluded that if Mr. J had not made these transactions, the fraudster responsible had been able to compromise his account because Mr. J had not appropriately protected his card, PIN, and password. As a result, the bank refused to forgive the negative balance of over $7,000 in Mr. J’s closed account and sent it to their Collections department.
Mr. J believed that he had been a victim of fraud and the bank should cover his loss because his debit card had been stolen. Upset by the bank’s decision, he contacted OBSI to help.
Our findings
During our investigation, we reviewed the details of the bank’s fraud investigation that had led to its decision not to forgive Mr. J’s negative account balance. We found that:
- it was very unlikely that anyone could have correctly guessed Mr. J’s 4-digit PIN and online banking password on the first attempt.
- all the evidence indicated that Mr. J had not exercised reasonable care to safeguard his debit card, PIN, and bank password.
- while some of the transactions in his account may have been unauthorized, Mr. J was responsible for his loss because he had not protected his debit card, PIN, and bank passwords as required by his cardholder agreement.
We concluded that the bank’s decision to hold Mr. J responsible for the unauthorized transactions was reasonable in these circumstances and we had no basis to recommend that the bank reverse their decision to pursue Mr. J for the outstanding funds.