Stacks Law Firm is a leading Australian legal service provider with more than 250 people operating locally in many Australian communities.
We are committed to supporting the legal needs of everyday Australians and businesses across every stage of life.
Man provides credit card number and PIN codes to online
scammers
The case of a man who fell victim to a phishing scam reads as a
textbook example of cyber fraud. The man received an email inviting
him to participate in an online cash survey. The email contained a
web link and instructions to click on the link to complete the
survey.
As part of the survey, the man was asked to provide his credit
card number, which he did. Unbeknownst to him, by doing so, he made
this information available remotely to the scammers who had sent
him the email.
The fraudsters then asked the man to enter one-off PIN codes
sent by his financial services provider to his mobile phone, which
he did.
Transactions made using credit card details
This enabled the scammers to make transactions using the
man's credit card. These transactions totalled over $5,000 and
were with merchants outside Australia.
When the man's financial services provider denied liability
for the losses, he lodged a dispute with the Financial Ombudsman
Service, which had to determine whether he was liable.
case a - The case for the financial services provider
case b - The case for the customer
The only reason the scammers gained access to the
customer's money is that he voluntarily disclosed his one-off
PIN codes by typing them into the email survey he received from the
scammers. He was not supposed to disclose his PINs to anyone.
By disclosing his PINs, the customer breached the passcode
security requirements in the ePayments Code.
While the customer's financial loss is regrettable, we are
not liable to reimburse him for the money the scammers stole,
because he breached the passcode security requirements of the
ePayments Code.
It is the customer who is liable for the loss he incurred, not
us.
I did not authorise the transactions recorded against my credit
card.
I had no idea that the PINs I received on my mobile phone from
my financial services provider were secret passcodes and that I was
not meant to disclose them to anyone. When I received the text
message with the passcodes, there was nothing to indicate that they
were supposed to be kept secret.
I did not "voluntarily" disclose my passcodes to
anyone and I did not breach the security provisions of the
ePayments Code. I thought I was simply responding to a survey.
The Financial Ombudsman Service should find that my financial
services provider is liable for my losses.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.