HERE’S a quick quiz for anyone planning to make an online bank transfer or payment in the next few days.
First question. Do you know what happens if you get a digit wrong for the intended account when you send off a payment?
Second question. If you do know, how comfortable are you that you’ll be able to recover your money if you stuff things up?
By the time we get to the end of this I hope we’ll all be far less gung ho about keying in numbers and pressing “Proceed” than we were at the start – and yes, I must admit to making the occasional payment without wearing my glasses or while on the phone or otherwise distracted.
But I’ve become far more careful after working my way through a few Financial Ombudsman Service Australia (FOSA) decisions that make clear the convenience of making payments online doesn’t come without a cost, and you can easily end up wearing that cost when things go wrong.
Let’s start with the case of the nice dad who transferred $10,000 to his daughter’s account in June, 2015. Or at least he thought he did until she contacted him two days later to say she was one digit out when she gave him her account details.
The money was credited to an “unintended third party account”. In other words it could have gone anywhere. Someone went to bed one night with a certain bank account balance and woke next day $10,000 richer thanks to a missed digit.
Someone went to bed one night with a certain bank account balance and woke next day $10,000 richer thanks to a missed digit.
When the daughter told the dad of her mistake he immediately contacted his financial services provider (FSP) – the term FOSA uses without specifying bank, building society, credit union or society. The following day his FSP contacted the receiver’s FSP and asked for the money – called a mistaken internet payment (MIP) – to be recalled and returned.
Five days later the receiver’s FSP contacted the dad’s FSP and said the money was unavailable. Two days after that the dad’s FSP had a second go at it, with the same results.
Now here’s the bit you have to pay attention to.
The dad complained to the Financial Ombudsman. Among other things he argued that when a bank requests a payer to include the account name of the intended receiver it is reasonable to infer the transaction won’t proceed if the receiver’s name and account details don’t match.
But you have to read the fine print. This is Australia’s bank and financial system we’re talking about after all. There’s always fine print.
In this case it’s the warning that appears before you press “Proceed” or “Send” to complete a transaction, that advises you to ensure all details are correct, that the financial services provider can’t check whether names match account numbers in online transactions, and “an incorrect BSB or account number will result in your money being paid to the wrong account and may result in the loss of your funds”.
And yes, like probably hundreds of thousands of other Australians I have skipped right over that when paying my bills online.
The dad lost his $10,000.
The Financial Ombudsman found the warning appeared on the dad’s transaction and his bank or building society complied with the ePayments Code and contacted the receiver’s bank or building society to request return of the funds within five days of it being sent.
But the clincher was that “unfortunately the unintended recipient had withdrawn the funds” so they could not be automatically returned.
“The (dad’s) financial service provider has therefore complied with its obligations to try to recover the funds within a reasonable time and has been unable to do so due to circumstances outside its control,” the Financial Ombudsman found.
Which is a very nasty way to drop $10,000.
And it gets worse.
There are certainly cases where banks and building societies have had to return sometimes large sums of money when they’ve been found not to comply with their ePayments obligations.
But in fraud cases things can get very ugly, fast.
In 2015 a company used internet banking to pay $10,000 rent to a real estate agent’s account. The money was instead directed to a fraudster’s account after the company was sent a fraudulent email purporting to be the real estate agent and providing new payment details.
The company complained to its bank or building society the next day. The bank or building society sought to trace the funds the following day but did not seek to recover the funds for another 10 days.
By that stage the money was long gone.
The Financial Ombudsman found in favour of the bank or building society, despite finding the recall request should have occurred as soon as the complaint was received. But because the funds were withdrawn from the fraudster’s account almost as soon as they appeared – because that’s what fraudsters do – even immediate action wouldn’t have saved the day, the Ombudsman concluded.
In another similar case involving a credit card and a lost $8000 the Financial Ombudsman refused a woman’s request for compensation because her bank or building society complied with its obligations and provided a warning. The Financial Ombudsman did “appreciate” that the woman “has been scammed and is in a very unfortunate situation”, but allowed the bank or building society to charge her for “the disputed transaction and related interest and fees”.
So we have the twin issues – deliberate online fraud and the kinds of mistakes we can all make by not paying enough attention to the details, often with the idea that an online “mistake” transaction can be rectified with a phone call and the stroke of a key.
Online banking might be incredibly convenient, but a layer of protection afforded by the old over-the-counter banking - when an actual person would check if details matched - has disappeared with it.
It’s all on our heads now.