Banks could be held partially liable when their clients fall victim to credible-looking scams, according to new guidelines issued by a financial watchdog.
The Financial Arbiter has devised a model to apportion blame when banks and other payment providers fail to adequately alert their clients about scams that replicate their normal channels of communication.
These often come in the form of an SMS that appears to originate from your bank, and often contains a link taking you to a fake website designed to steal your personal and financial information.
In two recent decisions highlighted on the arbiter’s website, Bank of Valletta (BOV) was held party responsible when its clients lost money due to scams.
One decision saw financial arbiter Alfred Mifsud order BOV to refund 40% of the losses incurred when a client clicked on a link in an SMS that he believed was from the bank.
Following the instructions given after clicking on the fraudulent link, the BOV client made a payment of €4,250 to a bank account in Lithuania.
During the hearings before the arbiter, the client blamed BOV for allowing the fraudster to penetrate its SMS channel and for failing to notice that the payment was fraudulent.
On the other hand, the bank maintained that it was fully compliant with the law and that the complainant was entirely to blame for being defrauded due to gross negligence.
After consulting with a security expert, the arbiter confirmed that the SMS was a spoof rather than a penetration of the BOV’s systems, and there was nothing the bank could have done to prevent it, other than issue adequate warnings to customers.
In this case, the arbiter found the client was 60% at fault for the fraud, with the rest of the responsibility falling on BOV.
The client’s fault was increased due to his “full cooperation” with the scammers in making the fraudulent payment.
However, the bank was also held partially liable as the client had not received any direct warning about such fraudulent schemes in the months leading up to the scam. The fact that the client did not have experience in carrying out similar payments was also deemed as a mitigating factor.
In another decision, a BOV client fell victim to a fraudulent SMS that he thought came from the bank. The message contained a link leading to a website that appeared identical to the bank’s. The client then went on to make a €3,259 payment to the fraudster’s bank account in the Baltics.
While the bank argued that the payment could only have been executed because the client followed the fraudster’s instructions, the complainant claimed that BOV had failed to adequately protect him from the scam.
In this case, the arbiter initially decided that the client had shown gross negligence, allocating 100% of the blame to him.
In conclusion however, the arbiter decided that the responsibility for the fraudulent payment was to be shared between the complainant and the bank, with the bank bearing 20% of the responsibility and the complainant bearing 80%.
As a result, the arbiter ordered the bank to pay the complainant €651.80, or 20% of the total amount lost.
Victims urged to lodge formal complaint with bank
Geoffrey Bezzina, who chairs the management board within the arbiter’s office, urged all customers who believe they have fallen victim to a financial scam to first lodge a formal complaint with their bank.
“Provide as much detail as possible about what occurred. If you disagree with the outcome determined by your bank, you have the right to escalate your complaint to our office,” Bezzina said.
Bezzina said that to ensure fairness, consistency and transparency, the arbiter has developed a model to determine responsibility in these cases, thus ensuring that decisions are evidence-based and consistent.
“In fact, we encourage banks to revisit complaints from the past few months and proactively apply this model, potentially enabling reasonable reimbursements,” Bezzina said.
The arbiter’s office can be reached via the website financialarbiter.org.mt, via freephone 8007 2366 or Whatsapp on 7921 9961.