The Law Handbook 2024

Chapter 5.10: Unauthorised transactions and ePayments Code 461 • not ask a prospective guarantor to sign a guarantee unless it has allowed them three days to consider the information referred to above (unless the prospective debtor has received independent legal advice after receiving the information, or the credit relates to some business guarantees) (cls 107, 108); • not give the guarantee instrument to the debtor or their representative to arrange the signing (cl 109); • generally ensure the guarantee is signed in the absence of the debtor where the guarantee is signed at the bank (cl 110); • comply with the Australian Competition and Consumer Commission and the Australian Securities and Investments Commission’s Debt Collection Guideline for Collectors and Creditors (‘ Debt Collection Guidelines ’) (cl 180); • only sell a debt to a debt collector who has agreed to comply with the Debt Collection Guidelines (cl 182); • generally not assign a debt while considering a customer’s hardship request or while a customer is complying with an agreed hardship arrangement (cl 184); however, it will do so in the limited circumstances set out in clause 185. Other codes Other similar industry codes that may assist consumers include the Mortgage and Finance Association of Australia Code of Practice (whose signatories include mortgage and finance brokers and managers), the Customer Owned Banking Code (formerly the Mutual Banking Code of Practice for credit unions and mutual building societies) and the SEQUAL Code of Conduct (for providers of equity release products, such as reverse mortgages). Solving disputes with creditors Complain to the creditor A consumer should first complain to the creditor. Every credit licensee must have an internal dispute resolution process to handle complaints (s 47(j) National Consumer Credit Protection Act 2009 (Cth) (‘ NCCP Act ’)). If that fails, a complaint can be made to an ombudsman. Unauthorised transaction disputes are difficult. It is usually not enough to simply assert that you did not authorise the transaction. You need to provide evidence that: • the transaction was made by someone else; and • you did not authorise the other person to make the transaction. This is especially the case in disputes involving transactions made with a PIN or password. The ePayments Code states that the onus of proof is on the financial institution to show the transaction was authorised. The code also states that using the correct PIN is significant, but not overwhelming evidence that the transaction was authorised. Despite this, financial institutions and the Australian Financial Complaints Authority ( AFCA ) often regard the use of a correct PIN or password as sufficient proof that the transaction was authorised (i.e. you must have disclosed your PIN or password to someone else). To combat this approach, you need to find facts that rebut this. First, identify how the unauthorised transactions took place. Review the pattern of the unauthorised transactions to see whether the time and place of the transactions are inconsistent with you making the transactions. Also, consider whether the time and place of the transactions suggest how the unauthorised transaction may have taken place. For example, in one dispute, all the unauthorised transactions took place at around 3 am at an ATM close to the consumer’s share house. This suggested that someone in the share house was taking the consumer’s bank card at night and had observed the consumer entering their PIN on an earlier occasion. Second, consider where you keep your bank card and who else may have had access to it. Third, consider whether you keep a record of your PIN and where that record is kept. If you keep your PIN with your bank card and it is liable to be lost or stolen at the same time as your card, then you are likely to be liable for all transactions. If not, consider how someone else could have discovered your PIN. For example, you could have been ‘shouldered’ – this is where someone stands behind you and watches you enter your PIN. Fourth, request the financial institution review whether there have been other claims of unauthorised use at the particular ATM or EFTPOS machine. This can indicate that cards have been ‘skimmed’