Consumer advocates have launched an attack on the Banking Ombudsman’s scheme, calling for law changes to broaden the watchdog’s power and better protect consumers who fall victim to bank fraud and scammers.
They
say it’s “preposterous” that victims who have time to visit their bank in person when sending money appear to have more protection than those completing payments online.
It comes as several high-profile Banking Ombudsman decisions have found in favour of the banks and refused compensation to victims who lost hundreds of thousands of dollars.
But Banking Ombudsman Nicola Sladden says each complaint is assessed on its merits and new consumer protections would require buy-in from the banking sector or Parliament.
Auckland businessman James*, who lost $100,000 in October 2022, was knocked back in a preliminary finding last month.
James thought he was investing in a Suncorp term deposit. He wired the money online from his Westpac account to an ANZ account, referencing “Suncorp” in the payee field.
But the money went to an Auckland woman who is believed to have operated an ANZ “mule” account to help steal money from nine victims before funnelling the funds overseas.
Police have identified the alleged mule but are yet to lay charges.
In a precedent-setting decision last month, Sladden recommended BNZ refund nearly $300,000 to two other scam victims due to the bank failing to identify “red flags” or detect references to a known Citibank scam.
The two victims had either visited the bank in person or discussed their money transfers by phone with a bank employee.
James, who completed his transaction online, told the Herald he believed Westpac should have been suspicious as the name entered in the payee field did not match that of the mule account.
He felt Westpac had not taken reasonable care to protect him from fraud and that its systems were not fit for purpose.
However, the Banking Ombudsman found Westpac’s primary duty was to make the payment according to the victim’s instructions.
The direct cause of his loss was being “tricked” into sending money to an account that was not Suncorp’s.
“He is therefore liable for the loss.”
While account matching technology was in place overseas, it was not available here, meaning “for now the onus to check remains solely with the customer”, the decision said.
James said the ruling was devastating.
“It’s the expected apology for my losses and naturally the bank has no liability for their inadequate systems.”
Westpac said the bank empathised with the victim but believed he was ultimately responsible for the loss as he authorised the payment.
After being alerted to the scam, staff immediately tried to recover the money from ANZ.
Westpac’s internal investigation findings had been confirmed by the Banking Ombudsman.
The Herald is aware of several other similar findings in recent weeks declining compensation to investment scam victims.
They include a Whanganui woman who lost $350,000 last year while her husband fought for his life in critical care, and a Taranaki widow who wired $100,000 to an account she believed was under her own name. She referenced “Citibank” in the payee field – a known scam.
In nearly every case, the life-changing losses could have been prevented if our banking sector had “confirmation of payee” technology.
Consumer NZ spokeswoman Jessica Walker said the watchdog was concerned about inadequate protections for Kiwi bank customers.
“The Ombudsman has noted BNZ was in breach of its obligation to identify and act on red flags, which we completely agree with. However, it seems preposterous that such obligations only extend to customers who seek assistance in-branch, but not those banking online. This speaks to an inequitable two-tiered approach to banking protections in New Zealand, which we find unacceptable.”
She said the law needed updating as the Banking Ombudsman was constrained by a legal framework with “clear gaps”.
In her view: “Those gaps unfairly restrict bank liability and leave consumers vulnerable.”
Customers relied on banks to protect them from cyber criminals but recent cases show banks were, in Walker’s opinion, “falling short”.
Financial commentator Janine Starks said the Banking Ombudsman’s decisions were creating a “lottery” and causing confusion for customers.
She said it defied common sense that victims who wrote the name of a known scam in an online payment reference field were more exposed than someone who mentioned the same detail to a call centre worker.
“Banks screen for abuse and swear words in these fields, but not fraud. Why is the Ombudsman allowing such a nonsensical outcome?”
Sladden told the Herald banks were duty-bound to follow customers’ instructions but must act with reasonable skill and care.
Each complaint was unique. Customers who discussed payments with bank staff were more likely to give clues about suspicious activity.
“As a dispute resolution body, we must apply the rules in force at the time of the complaint. The current rules do not require banks to reimburse customers who are the victims of authorised payment scams unless there are ‘red flags’.”
New regulations in the UK had forced banks to reimburse scam victims for authorised payments. Whether Kiwi banks should contribute to victims’ losses was a question for regulators and ultimately Parliament to consider, she said.
“We support a review of the rules governing fraud reimbursement, the development of a mandatory code, establishment of confirmation of payee and an enhanced warning system. In the meantime, we will continue to regularly share best-practice fraud detection and prevention guidance to banks.”
*The victim’s name has been changed to protect his identity.
HOW TO STAY SAFE FROM SCAMMERS
- Always take a second to check before parting with your money or personal information.
- Trust your instincts – if it feels wrong, it probably is. Urgency is a red flag – scammers try to rush you.
- Your bank will never ask you for passwords, log-in details, or two-factor authentication codes, nor will they send you an email or text message asking you to log in.
- Your bank will never tell you to move your money to a “safe” account, or ask you to use your money to help catch a scammer.
- Think carefully before entering your credit card details online.
- Be cautious with unsolicited texts, emails, or calls – don’t give out details that could be used to impersonate you.
- Don’t click on links or open attachments from people you don’t know, or seem out of character for someone you do know. Hover over links to reveal the actual site.
- Don’t respond to instructions to download unknown software – it could be malware to access your accounts.
- Be careful of deals or investments that sound too good to be true – they probably are. Contact investment firms or businesses via their official New Zealand-based websites, and never via online contacts, emails, links, or phone numbers sent to you directly or from other websites on the internet.
- Use strong, unique passwords and PINs for your banking – don’t write them down or record them.
- If you think you’ve been scammed report it to your bank immediately.
Source: New Zealand Banking Association
Lane Nichols is a senior journalist and deputy head of news based in Auckland. Before joining the Herald in 2012, he spent a decade at Wellington’s Dominion Post and Nelson Mail.