What do you do if someone steals your ATM card, hacks your internet banking account, skims your A debt that does not have to be paid until some future time. Being allowed to pay later, in the future, for something you are getting now. card or subjects you to some other form of electronic banking An intentionally dishonest act, or lack of action, done to deceive someone and bring some advantage over those who have been deceived.?
First, if you suspect your credit or EFTPOS card has been misused, lost or stolen, or the Money or property promised to be handed over as a guarantee for repayment of a loan, or as a guarantee that a defendant will meet their bail conditions. of your Personal Identification Number (PIN) or password has been breached, notify your financial institution immediately. Be aware that delays of even minutes may cost you thousands of dollars.
Prevention is the key; for example, keep your PINs and passwords secret and make them hard to guess.
For consumers who do encounter unauthorised transactions, their rights fall under An agreement that the law will enforce. law, the ePayments Code (see ‘ePayments Code’, below) and the Mastercard and A permit that allows a person who is not a citizen to stay in a country on certain conditions, for the length of time stated in the visa. card Rules.
Who is responsible for unauthorised transactions?
A financial institution is only allowed to deduct money from your account if you have authorised the transaction. You can authorise a transaction by:
- signing a withdrawal slip; or
- using a PIN or password; or
- providing authorisation over the phone; or
- giving someone else authority to access your account.
A financial institution does not have a general An obligation to take reasonable care to avoid harming other people or their property. Breach of a duty of care that causes damage or loss to another may give rise to an action in tort. to its customers, but it is not entitled to turn a ‘blind eye’ to known facts that indicate a customer is being defrauded or that funds are being misappropriated (see Lipkin Gorman (A Firm) v Karpnale Pty Ltd & Lloyds Bank  2 AC 548).
Financial institutions usually have a term in their contracts stating that you are liable for unauthorised transactions when you contributed to the transaction; (e.g. by sharing your PIN with another person). In these disputes, your rights are determined by the ePayments Code.
The ePayments Code applies to ATM, EFTPOS and credit transactions, online payments, internet and mobile banking, and BPAY transactions. The code applies to transactions authorised using a PIN or a password.
Among other things, the ePayments Code:
- deals with recovering mistaken internet payments (cl 24–34);
- sets out the rules for determining who pays for unauthorised transactions (cl 9–17);
- requires subscribers to give consumers terms and conditions, information about changes to terms and conditions (e.g. fee increases), receipts and statements (cl 4–6).
The ePayments Code is a Done by your own free will. See also community treatment order (CTO). code that almost all banks, credit providers and building societies follow. A list of code subscribers is available on the website of the Australian Securities and Investments Commission (ASIC) (https://asic.gov.au). In addition, external dispute resolution schemes consider it to be good industry practice. A copy of the code is available on ASIC’s website.
Clause 10 of the ePayments Code deals with electronic payment transactions that were not authorised by the account holder, but were authorised using a PIN or password. The clause attempts to answer the question: Who is responsible for the loss?
Where you are not liable for losses
Generally, you are not liable for any losses that are incurred after you notify your financial institution of an unauthorised transaction.
In addition, you are not liable for losses:
- that are caused by the fraud or An act that breaches a duty to take reasonable care and results in loss or damage to another person. See also tort. of employees or agents of the financial institution or merchant, or a third A person or organisation directly involved in a court case. Parties include the plaintiff or applicant, the defendant, and any third party added to the action, but not independent witnesses. involved in networking arrangements;
- that are caused because a device, identifier or passcode that is forged, faulty, expired or cancelled;
- that occur before you receive the relevant bank card and/or related PIN;
- that are caused when the same transaction is incorrectly debited more than once to the same account;
- where it is clear that you have not contributed to the loss.
Where you are liable for losses
You may be liable for losses arising from an unauthorised transaction that occurs before you report the theft of your card etc., if your financial institution can prove on the More likely than not. The plaintiff in a civil case (a non-criminal case) must prove that what they are arguing is more likely to be true than false. This is called the standard of proof. See also beyond reasonable doubt. that you contributed to the loss through fraud or because you:
- voluntarily disclosed your PIN or password to another person;
- kept a record of your PIN with your bank card;
- acted with extreme carelessness in failing to protect the security of your PIN or password;
- chose a PIN or password that is your birth date or includes part of your name; or
- unreasonably delayed reporting the misuse, loss or theft of a bank card, or that the security of your PIN or password was breached.
You may be liable if you leave your card in an ATM that incorporates reasonable safety standards that mitigate against the risk of you doing so.
However, the ePayment Code limits the amount of loss you can be liable for. Even if you are generally liable because of the circumstances above, you A document that sets out what a person wants to happen to their money and other property after they die. not have to bear the loss of any amount:
- in The amount a person does not get back from the insurer when they make a claim on their insurance. For example, if a car is insured for an agreed value of $10 000 with an excess of $1000, the insurer will pay only $9000 on a claim if the car is written off. of your daily transaction limit that is taken from your account on a single day;
- in excess of the balance of your account at the time of the transaction, including any pre-arranged credit; or
- taken from an account in relation to which you had not agreed could be accessed by the card, PIN or password.
Where Legal responsibility, enforced by civil or criminal courts. is split between you and the financial institution
If the financial institution cannot prove that you have contributed to losses in the ways described in section B above, but you cannot avoid liability for the reasons described in section A above, you will be be liable for the least amount of the following:
- $150 or a lower amount as determined by the financial institution;
- the balance of the relevant account(s), if you agreed the account could be accessed by a PIN or password; or
- the actual loss at the time you notified the financial institution of the misuse, loss or theft of your card (or that the security of your PIN or password was breached), excluding any amount exceeding the daily transaction limit.
A ‘chargeback’ is where a cardholder reverses an unauthorised transaction under the Visa card and Mastercard Rules. Chargebacks apply to disputes where the unauthorised transaction relates to the use of a Visa card or Mastercard and the transaction was not authorised by a signature, PIN or password. Chargebacks often apply to transactions made over the telephone and to mail orders.
Most banks are required to consider ‘chargeback’ disputes under the Banking Guidelines setting out proper practice in an industry or occupation. For example, the franchising code of practice sets out rules for businesses operating under a franchise. Codes can be voluntary or statutory (required by legislation). (see below). However, strict timeframes apply, so contact your financial institution as soon as possible.
If a financial institution fails to properly process a chargeback dispute, you can make a complaint to the Australian Financial Complaints Authority (see ‘Contacts’ at the end of this chapter).