In January 2024, Keith discovered there were transactions on his business account with a transactional service provider that he did not recognise. He went through his account, and found 190 transactions totalling $30,000 that he did not believe he had made. They tended to be small amounts for online purchases to overseas merchants and were from July 2023 onwards.
Keith contacted his transactional service provider who declined to reimburse him, saying that there was no sign that any other person had accessed his account. Further, the transactions had occurred over a long period, and Keith had not noticed what was happening.
Keith had a card which accessed his account as well as an online account.
Keith asked FSCL to look into his complaint.
Review
We reviewed the transactional service provider’s record of transactions on the account and Keith’s list of disputed transactions. Most were online payments to overseas merchants, though there were transactions of about $2,000 made using the card and PIN at shops in New Zealand. Keith said he lived alone, no-one else could access his devices, his card was kept with him at all times, and he had not written down the PIN. Keith thought someone may have hacked the transactional service provider’s system.
There was no evidence to show that the transactional service provider’s system had been hacked.
We were satisfied the transactions made at shops in New Zealand were made by Keith. Some were made to merchants he had dealt with before and, given the transactions were made using the PIN which Keith said had not written down, it seemed likely he had made them but forgotten he had done so.
With the online transactions, we noted if they had been made by someone other than Keith, that person would have to have the debit card number, the name on the card, the card expiry date, and CVV number. Fraudsters can obtain such details without any negligence on the part of the account holder. The online transactions in this case appeared to be outside Keith’s normal pattern of use, and there was nothing to indicate Keith had received any benefit from them.
While the transactional service provider appeared certain Keith had made these transactions, they did not provide any evidence in support of this. We had no evidence to show that Keith authorised the online transactions.
We then looked at the terms and conditions for the account, which said the transactional service provider would reimburse the customer for unauthorised transactions unless the customer had acted fraudulently or with gross negligence. There was no evidence that Keith had acted fraudulently or with gross negligence. The terms and conditions also said the customer must check their account regularly and tell the financial services provider about any unauthorised transactions immediately, but no later than 13 months from the transaction. Keith had notified the transactional service provider within this timeframe, and so had not breached the notification obligation.
We then considered what would be a fair way to resolve Keith’s complaint. The account terms and conditions said the transactional service provider relied on customers to regularly check their account history and contact them if there was any problem. While this clause was not expressed as an obligation, we noted that a reasonable and prudent customer should keep an eye on their accounts. Further, Keith was aware of the need to review his account, but did not do so because he had experienced difficulties in accessing his transaction information online. We considered Keith should have contacted his transactional service provider for advice about accessing transaction information if he was experiencing difficulties. If he had done so, he would have discovered the unauthorised transactions much sooner, and the loss would have been much lower. In our view, a fair resolution was for the Keith and transactional service provider to share the loss 50/50.
Resolution
Both Keith and the transactional service provider accepted our preliminary decision, and the transactional services provider paid Keith $14,000.
Insights
For consumers
Consumers should regularly check their accounts for irregularities, such as unauthorised transactions, or mistaken or duplicated transactions even if they do not use the account often. If they do not do so, they may not be entitled to ask their financial service provider to reimburse them for unauthorised transactions.
For financial service providers
If a financial service provider considers a customer is responsible in some way for disputed transactions on their account, they will need to point to some evidence that this is the case.