Insights for consumers
Whether you are entitled to reimbursement from a credit card company for fraudulent transactions made on your credit card will depend on your account terms and conditions and how the transactions were made.
In Ruby’s case, it was probable that she had breached the terms and conditions of the account that she held with her credit card issuer by not properly protecting her phone or credit card information. This meant that the credit card issuer was not required to reimburse her for the fraudulent transactions.
What happened?
Ruby* had two credit cards with different credit card issuers, the first with credit card issuer A and the second with credit card issuer B.
In October 2024, Ruby went home early from work because she was feeling unwell. Ruby fell asleep, and when she woke up, she realised that her phone was missing. Ruby transferred her phone number to a new SIM card and received text messages from credit card issuer B notifying her that several transactions had been made on her credit card. After checking her statements, Ruby could see that $7,750 had been spent from her credit card with credit card issuer A and $4,500 had been spent from her credit card with credit card issuer B.
Ruby contacted both credit card companies about the transactions, saying that they were fraudulent. Credit card issuer B reimbursed Ruby $4,500 for the transactions. Credit card issuer A attempted to recall the money from the online betting website to reimburse Ruby, but the online betting website disputed the recall request saying that the transactions were legitimate because they had been made in Ruby’s name, on Ruby’s online betting account, using a credit card that Ruby had authorised previously. Credit card issuer A declined to reimburse Ruby for the $7,750.
Ruby complained to FSCL about credit card issuer A.
What were the parties’ views?
Ruby said that the transactions were fraudulent, had not been made or authorised by her, and had probably been made by someone using her lost phone. Ruby said that it was a lot of money spent in a short period of time and that the transactions should have triggered an alert or text message to her from credit card issuer A. She said that credit card issuer B had reimbursed her, so credit card issuer A should too.
Credit card issuer A said that Ruby must not have protected her credit card, credit card details, or phone password, if someone had been able to make the transactions using her lost and locked phone. Not properly protecting this information was a breach of the terms and conditions on Ruby’s account. Credit card issuer A said that an alert was not triggered because Ruby had authenticated the use of her credit card on the online betting website months earlier, had regularly used her credit card on the website, and the transactions were not out of the ordinary for her usual account history.
FSCL Findings: Breach likely and fraud alerts unlikely
We found that:
- it was probable that Ruby had breached the terms and conditions of her account that she had with credit card issuer A by not properly protecting her phone or credit card information. Ruby had acknowledged that her phone password could be easily guessed and that she was logged into the online betting website’s app on her phone, suggesting that her information likely was not as protected as it should have been.
- It was unlikely that the transactions would have registered as fraudulent on credit card issuer A’s system. Ruby made 25 transactions on the online betting website in the month and a half prior to the fraudulent transactions and had made another 89 on another online betting website in the three months prior to that. Several showed amounts between $950 to $3,500 being spent legitimately over a short period of time, and Ruby had used her credit card primarily for online betting. The fraudulent transactions would have appeared consistent with Ruby’s account history.
- We could not take into account any information Ruby provided about credit card issuer B reimbursing her, as credit card issuer B had different terms and conditions than credit card issuer A.
Although it was very unfortunate that Ruby had lost money, we found that it would not be fair to require credit card issuer A to reimburse Ruby when it was probable that Ruby had breached the terms and conditions on her account by not properly protecting her credit card information or phone.
What was the outcome of FSCL’s investigation?
We recommended Ruby discontinue her complaint. Although Ruby did not agree with our recommendation, she did not have any other information to provide us to support her complaint and agreed to discontinue. We then closed our file.
