What do you do if someone steals your ATM card, hacks your internet banking account, skims your credit card or subjects you to some other form of electronic banking fraud?
First, if you suspect your credit or EFTPOS card has been misused, lost or stolen, or the security of your PIN or password has been breached, notify your financial institution immediately. Be aware that delays of even minutes may cost you thousands of dollars.
Prevention is the key; for example, keep your PINs and passwords secret and make them hard to guess.
For consumers who do encounter unauthorised transactions, their rights fall under the ePayments Code (see “ePayments Code”).
Clause 10 of the ePayments Code deals with electronic payment transactions that are not authorised by the account holder. It attempts to answer the question: Who is responsible for the loss?
Generally, you are not liable for any losses that are incurred after you notify your financial institution of an unauthorised transaction. In addition, you are not liable for losses:
• that are caused by the fraud or negligence of employees or agents of the financial institution or merchant, or a third party involved in networking arrangements;
• that are caused because a device, identifier or passcode that is forged, faulty, expired or cancelled;
• that occur before you receive the relevant access card and/or related PIN;
• that are caused when the same transaction is incorrectly debited more than once to the same account;
• where it is clear that you have not contributed to the loss.
You may be liable for losses arising from an unauthorised transaction that occurs before you report the theft of your card etc., if your financial institution can prove on the balance of probabilities that you contributed to the loss through fraud or because you:
• voluntarily disclosed your PIN or password to another person, including a family member or friend;
• kept a record of your PIN together with your access card;
• acted with extreme carelessness in failing to protect the security of your PIN or password;
• chose a PIN or password that is your birth date or includes part of your name; or
• unreasonably delayed reporting the misuse, loss or theft of an access card, or that the security of your PIN or password was breached.
You may also be liable if you leave your card in an ATM that incorporates reasonable safety standards that mitigate against the risk of you doing so.
However, the ePayment Code limits the amount of loss you can be liable for. Even if you are generally liable because of the circumstances above, you will not have to bear the loss of any amount:
• in excess of your daily transaction limit that is taken from your account on a single day;
• in excess of the balance of your account at the time of the transaction, including any pre-arranged credit; or
• taken from an account in relation to which you had not agreed could be accessed by the card, PIN or password.
c Where liability is split between you and the financial institution
If the financial institution cannot prove that you have contributed to losses in the ways described in section B above, but you cannot avoid liability for the reasons described in section A above, you will be taken to be liable for the least amount of the following:
• $150 or a lower amount as determined by the financial institution;
• the balance of the relevant account(s), if you agreed the account could be accessed by a PIN or password; or
• the actual loss at the time you notified the financial institution of the misuse, loss or theft of your card (or that the security of your PIN or password was breached), excluding any amount exceeding the daily transaction limit.