To print this article, all you need is to be registered or login on Mondaq.com.
The Facts
Man provides credit card number and PIN codes to online
scammers
The case of a man who fell victim to a phishing scam reads as a
textbook example of cyber fraud. The man received an email inviting
him to participate in an online cash survey. The email contained a
web link and instructions to click on the link to complete the
survey.
As part of the survey, the man was asked to provide his credit
card number, which he did. Unbeknownst to him, by doing so, he made
this information available remotely to the scammers who had sent
him the email.
The fraudsters then asked the man to enter one-off PIN codes
sent by his financial services provider to his mobile phone, which
he did.
Transactions made using credit card details
This enabled the scammers to make transactions using the
man's credit card. These transactions totalled over $5,000 and
were with merchants outside Australia.
When the man's financial services provider denied liability
for the losses, he lodged a dispute with the Financial Ombudsman
Service, which had to determine whether he was liable.
case a - The case for the financial services provider
case b - The case for the customer
The only reason the scammers gained access to the
customer's money is that he voluntarily disclosed his one-off
PIN codes by typing them into the email survey he received from the
scammers. He was not supposed to disclose his PINs to anyone.
By disclosing his PINs, the customer breached the passcode
security requirements in the ePayments Code.
While the customer's financial loss is regrettable, we are
not liable to reimburse him for the money the scammers stole,
because he breached the passcode security requirements of the
ePayments Code.
It is the customer who is liable for the loss he incurred, not
us.
I did not authorise the transactions recorded against my credit
card.
I had no idea that the PINs I received on my mobile phone from
my financial services provider were secret passcodes and that I was
not meant to disclose them to anyone. When I received the text
message with the passcodes, there was nothing to indicate that they
were supposed to be kept secret.
I did not "voluntarily" disclose my passcodes to
anyone and I did not breach the security provisions of the
ePayments Code. I thought I was simply responding to a survey.
The Financial Ombudsman Service should find that my financial
services provider is liable for my losses.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
The Early-Stage Venture Capital Limited Partnership (ESVCLP) regime was introduced in 2007 to stimulate the early-stage venture capital sector in Australia.
On 29 February, Jackson J handed down the decision in Australian Securities and Investments Commission v R M Capital Pty Ltd [2024] FCA 151 (ASIC v RM Capital).
On 21 March 2024, the Parliamentary Joint Committee on Corporations and Financial Services announced an inquiry into the wholesale investor test for offers of securities...
The recent case of Cooper as Liquidator of Runtong Investment and Development Pty Ltd (In Liq) v CEG Direct Securities Pty Ltd [2024] FCA 6 (Cooper), shed light on when the Court will intervene...
The FSC in collaboration with the RIAA released an information sheet for members outlining overarching principles in relation to the use of responsible or sustainability-related terms in investment product labelling to promote consistency across the industry.
FREE News Alerts
Sign Up for our free News Alerts - All the latest articles on your chosen topics condensed into a free bi-weekly email.