Cecilia fell victim to a scam. Cecilia was working on her computer when a pop up appeared asking her to contact her anti-virus company. The pop up included a contact number. Cecilia phoned the number, and the agent requested access to her computer. Unfortunately, Cecilia was not talking to the anti-virus company, but to a scammer pretending to work for them.
After Cecilia gave the scammer access to her computer, they encouraged her to log into her banking app. The scammer then transferred $30,000 out of Cecilia’s bank accounts. Some funds went to the scammer’s bank account, and some went to the scammer’s account with a money transfer service.
As soon as Cecilia realised that she had been scammed, she unplugged her computer and called her bank. Cecilia’s bank was able to recover $13,500 that was transferred to the scammer’s bank account but was unable to recover the funds sent to the account held with the transfer service. Cecilia, who didn’t have an account with the transfer service, called them directly and asked them to investigate and return her money. The transfer service said that the money was already transferred out of the account, and it was impossible to get back.
Cecilia complained to FSCL about the transfer service.
Dispute
Cecilia complained that the transfer service’s security measures weren’t up to standard. She said that the transfer service didn’t properly verify her identity or the source of the money, which she said was in breach of their obligations under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009 (AML/CFTA).
The transfer service said that:
- they complied with their legal requirements under the AML/CFTA
- it was Cecilia’s bank’s responsibility to verify the validity of the transaction and Cecilia’s identity
- the transaction itself did not raise any red flags.
Review
We found that the transfer service complied with their AML/CFTA requirements. The money transfer service verified the scammer’s identities when they opened their account. There was also nothing to suggest that the transfer service knew, or could have known, that the accounts would be used fraudulently sometime in the future.
We also found that the transfer service wasn’t required to proactively contact Cecilia to confirm that she had made the transfers. Cecilia wasn’t a customer of the transfer service, the transactions had been made using her computer and her log in details and had been approved by her bank. Nothing about the transactions raised any red flags with the transfer service and there was no requirement for them to take additional steps.
Resolution
We explained to Cecilia that the transfer service had done everything expected of them, and it would be unfair to expect them to have known that the transactions were fraudulent. We decided that Cecilia should discontinue her complaint.
Insights for consumers
Consumers should be careful to make sure that they are talking to a legitimate employee of a company before providing any personal information. Also, allowing someone remote access to your computer is risky. You should never log into your banking app when someone has remote access to your computer, because doing so will likely show them your log in details and give them access to your bank account.