Bank rules may allow rejected claims of account fraud

By Michael Lloyd

If your bank account is compromised, your first reaction would likely be to call your bank to report the breach and get your money back. But if you look at your bank's terms and conditions, you may find some wording allows the institution to turn down your claim, saying you broke the contract. The Financial Conduct Authority (FCA) is investigating such practices, but for now, it remains your job to make sure you haven't broken any rules if you want your refund.

FCA guidelines state that victims of unauthorised payments should always receive a full refund unless they behaved with "gross negligence" in failing to keep their personal information safe. According to The Guardian, however, the FCA estimates some 170,000 fraud victims a year are wrongly denied compensation after having money taken from their accounts.account-claim-rejected

The FCA's 2014-2015 Business Plan looks at whether consumers that suffer unauthorised transactions are getting fair outcomes, or if banks are using the "gross negligence" rule to avoid compensating victims.

Vague, all-encompassing rules can set you back
Critics say banks employ vague or catch-all terms and conditions that empower them to turn down fraud refund requests too easily.

For example, Barclaycard's internet terms and conditions state: "It's your responsibility not to share, disclose or in any way compromise your membership numbers, passwords, pass codes or memorable words."

Santander's online security terms and conditions are considerably weightier, but also include clauses that say customers should not use password managers and should take steps to make sure their computer equipment is secure.

Both sets of rules give each lender leeway to turn down online fraud refund requests that result from common scenarios. A customer can fall foul of the rules by failing to PIN-protect a smartphone that is subsequently stolen, using the same simple password across a number of online accounts, or neglecting to protect a computer used for online banking with a decent anti-virus program.

Call for clearer compensation eligibility
This state of affairs has brought calls for card issuers to tighten up their terms and conditions and make it clear exactly what circumstances would cause customers to not receive compensation after fraud.

"The terms and conditions could be made a lot clearer -- banks can do more to make sure they are understood by consumers to prevent this from happening," a Money Advice Service spokesperson wrote in an email response to questions.

The FCA has also raised concerns that these rules might put consumers off making claims after being defrauded. For instance, a consumer may read Santander's lengthy rules and become convinced they've done something to contravene them, so they may hesitate to bring up a breach with Santander out of fear of exposing their "misconduct".

"Consumers must have confidence in the banks for the credit card system to work," John Mann, Labour MP for Bassetlaw, said in an email response to questions. "Examples of banks attempting to avoid their responsibilities to consumers will undermine this. The FCA must intervene to ensure banks behave appropriately."

How to avoid, fight rejected fraud claim
The card issuers that responded to's request for comment on what their customers can do to avoid rejection struck a tone that was nearly as all-encompassing as their terms and conditions. 

"Our terms and conditions say customers shouldn't share any personal identification, PIN or log-in details with anyone," Adrian Russell, corporate communications interim at Santander, wrote in an email response to questions. "If customers do hand over login details, they could be in breach of the terms and conditions of their bank account, and if they lose any money as a result of a fraud by any third party after disclosing their details, it's very unlikely they'd get anything back."

Emma Varty, head of media relations for Lloyds, wrote in her email response to UK.CreditCards.Com, "Firstly, we would not encourage the use of password managers. In addition, we actively advise customers to create unique passwords for their accounts rather than using the same one for multiple accounts."

However, Varty said, the use of either of these things alone would not automatically disqualify customers from being refunded.

The FCA has the power to force banks to change the way they handle fraud refunds if its ongoing investigation finds a need for improvement. In the meantime, card fraud claimants who have had their compensation claim rejected can refer their complaint to the Financial Ombudsman Service.

"Where someone has fallen victim to a scam, we would expect the bank to conduct a thorough investigation and be able to provide a full explanation as to why they have reached that conclusion," Rory Stoves media manager for the ombudsman, wrote in an email response to questions.

See related: FCA: Unauthorised credit providers put consumers at risk, FCA investigates: Is credit card market fair for all consumers?

Published: 5 September 2014