When should a customer be reimbursed for fraud and at what point do the customer’s own actions come into play? The New York Attorney General’s decision to sue Citibank last week for failing to reimburse customers who’d been victimized by fraud raised some interesting issues for business that go beyond just Citibank.
Financial institutions have been routinely refusing to reimburse customers who have done nothing wrong. The far trickier issue is when the customer does indeed do something wrong.
Consider three scenarios:
1. A customer gets a phone call supposedly from the financial institution; the caller says they’re investigating a fraud and asks the customer to reveal their confirmation code.
2. The customer is standing at an ATM about to make a withdrawal when someone stands next to them, points a gun at their head and says “Give me $5,000 or I will kill you.”
3. The customer is conned by a relative who says he needs money for an operation. The person takes the money out of their account and hands it over to the relative.
All three are frauds against that customer. Is the financial institution required to return the funds under scenario 3? What about scenario 2?
Many financial institutions say that if the customer did not strictly follow the rules, they are under no obligation to reimburse. But what if the customer in scenario one truly believed the caller was from their bank? Should that play a role in the reimbursement decision?
This kind of fraud reimbursement decision could affect all enterprises. If a utility or a retailer or a hotel or a car dealer has customers who are ripped off due to fraudsters, where does the reimbursement obligation start and end?
The New York case points out that financial institutions are using obscure and outdated rules about wire transfers to avoid customer remibursements.
“Citi does not apply the EFTA (the Electronic Funds Transfer Act of 1978) to its own unauthorized EFTs initiated electronically by scammers, citing a narrow but inapplicable exclusion for bank-to-bank wires,” the AG’s legal filing said. “Citi also does not apply its most robust verification procedures to Payment Orders received within minutes of rejected Payment Orders involving the same accounts. At times, Citi cancels fraudulent Payment Orders after it is unable to verify those orders directly — either because Citi is unable to contact consumers directly or because scammers provide inaccurate information when contacted.
“Yet when scammers submit new…
2024-02-06 09:00:05
Original from www.computerworld.com