Bank fraud: know your rights
Adam Courtenay
August 10, 2010
Short of being physically held up by thieves, one of the more disquieting modern day experiences is being pilfered electronically.
Anyone who has had an account stripped clean of cash, either online, through credit card fraud or by card skimming, will know all about the panic and fear that ensues.
These were the emotions that overcame Peter Westhuyzen* when he discovered on a Monday morning earlier this year that his cheque account at St George had been plundered of $4000.
He immediately phoned St George, who asked him to report the theft to his branch in central Sydney. He knew one thing – he only ever used a single ATM in Sydney’s CBD. When he arrived early at the branch, Westhuyzen discovered about 30 other people waiting outside who had been similarly hit over the weekend.
All had used the same ATM and all had had money stripped via another ATM based in Canberra. Some had even been double-fleeced, once from the Canberra ATM and a second time from another in London.
It is believed a skimming device had been fitted at the “mouth” of the machine to copy the person’s card details. A micro-camera would then have been installed by the thieves to capture the pin number as the person keyed it in. The gang would have then transferred the skimmed data to a counterfeit card and the robberies were easily perpetrated remotely.
Most new machines have shields placed onto their key pads, or are chip and pin “capable”. That is, they use computer chips to store information rather than the more easily-cloned magnetic stripes. All Australian ATMs must be chip and pin “capable” by January 1, 2011. Westhuyzen was swiftly reimbursed as it was clear the fraud had occurred on a large scale. Generally, in obvious cases such as the above, banks refund quickly.
What basic protections do customers have? Banks, credit unions and building societies must subscribe to the Electronic Funds Transfer Code, which protects consumers who use electronic banking such as ATMs and Eftpos, or telephone and internet banking, to transfer funds.
The Australian Securities and Investment Commission has a detailed “Fido” page on its website, which clearly details the rights of customers – and the obligations of banks – when fraud occurs.
Customers are only liable if they are said to have acted with “extreme carelessness”. This may mean that they had given their pin number or online contact details to a friend or family member, but questions may also arise if a theft has not been promptly or accurately reported.
ANZ has a Fraud Money-Back Guarantee which will fully re-credit a customer’s account “as long as they have not contributed to the loss and have notified the bank promptly”. The bank will reimburse claims of up to $10,000 within five business days of receiving completed documentation.
In most cases customers are sent out dispute forms and asked to indicate which transactions were fraudulent. “We send this through to customer repatriation and people generally get their money back within a week," says Brett Small, head of financial crime at National Australia Bank.
Online, things are less clear. Is responding to a convincing “phishing” email tantamount to “extreme carelessness”? In these cases customers are sent an email, and from there induced by a fake website to give out account details. If a bank site has been cloned, is it the fault of the bank or personal negligence on the customer’s part?
Gary Schwartz, an IT expert who runs the website jargonfreehelp.com, says it is worth having up-to-date security software on personal computers to help disprove any possible charge of negligence. All the same, he agrees software plays only a small part in protecting bank, credit card details and other accounts like PayPal, where money is moved.
"Common sense plays the biggest part in all this," Schwartz says. "If you get an email with links to your bank, PayPal or any other website that requires a login to an account, do not click on the link, go to your browser and type in the website address to see if it is the real thing."
Banks claim their protective technology is now more proactive than reactive. Small says NAB can now detect 90 per cent of fraud cases “within minutes or seconds”. The big four banks use technology that throws up red flags when transactions fall outside the customer’s normal usage patterns – patterns based on geography, amount and time.
“It would ask why a transaction is happening at 2.00 am, and why in the UK? We can see hundreds of anomalies in real time and stop it in real time if necessary,” Small explains.
There are now also extra layers of security such as tokens which display changing numbers that must be punched in to complete an online transfer, as well as SMS alerts to inform customers of any large money movements.
There are times when the bank will question the validity of a fraud, and in these situations, things may not go so smoothly. Small says a bank has to protect itself from false “victims” and the bank has a highly trained team of fraud examiners which will question customers – politely, of course.
“We ask the customer to fill out a statutory declaration and also a police report. These are measures designed to make them think twice [about committing a fraud],” he says.
*Not his real name.
http://www.smh.com.au/money/on-the-money/bank-fraud-know-your-rights-20100810-11ums.html
No comments:
Post a Comment