determination - financial ombudsman service · case no: 404469 determination page 3 of 4 process...

Determination

Case No: 404469 Determination of 4

Case number: 404469 18 April 2016

1 Overview

1.1 Dispute

The Applicant lost $360,324.73 in credit card payments to a scam. ASIC had notified

the FSP of the scam in relation to particular bank accounts and the FSP put in place

a process to detect payments but not in relation to the merchant facility. The

Applicant said the FSP should have warned him about the scam, should not have

allowed the transfers and should have charged back the transactions.

The Case Manager provided the parties with a Recommendation on the issues in

dispute. The Recommendation (copy attached) was substantially in favour of the

Applicant and the FSP rejected it saying it should not have been obliged to have

detected the payments going to a merchant name different than that contained in the

ASIC advice and that it attempted to investigate chargeback opportunities but the

Applicant failed to cooperate.

1.2 Issues and Key findings

Were the findings of the Recommendation correct?

The findings contained in the Recommendation were correct and are adopted in this

Determination. Further submissions provided after the Recommendation have been

considered.

Should the FSP’s process have detected the payments?

Yes, at least after the first three payments. The difference between the merchant

name and the company name mentioned in the ASIC email were not materially

different and the FSP should have detected the payments and blocked them.

Is the Applicant liable in any event as a result of any failure to cooperate with

the chargeback process?

It is speculative whether or not any chargeback would have succeeded but even so,

the Applicant is not liable.

1.3 Determination

This Determination is substantially in favour of the Applicant.

I agree with the case manager‟s reasons for the Recommendation and the

recommended outcome. The FSP should pay the Applicant $235,539.06.


2 Reasons for Determination

2.1 Were the findings in the Recommendation correct?

I have decided this case on its merits, having regard to the relevant law, good

industry practice, codes of practice and previous FOS decisions. I have taken into account all the material submitted by the parties, both before and after the

Recommendation. I am satisfied that the documentation I have relied on has been provided to both parties.

I am satisfied that the case manager‟s Recommendation contains an accurate

summary of the dispute, the issues to be determined, any applicable paragraphs of

the Terms of Reference and any relevant law save for the issue of chargeback raised

by the FSP in response to the Recommendation.

2.2 Should the FSP have detected and stopped the payments?

In rejecting the Case Manager‟s Recommendation, the FSP said the processes it

implemented in response to ASIC‟s notification were robust but the merchant name

was different. It says the merchant may not be connected to company perpetuating

the scam (A company) and to be required to search all permutations and

computations of possible variations of the A company name could have a significant

and negative impact on customer experience and legitimate merchants.

I am satisfied it is more likely than not that the merchant was A company and whilst I

agree that it would not be reasonable to expect the FSP to search based on endless

possible variations of the A company name, that does not apply in this case. The

difference between the name mentioned in the ASIC email and the merchant were

not material as i llustrated below in a de-identified way:

ASIC email Merchant

The Company Name Ltd thecompanyname.com London

I therefore agree with my Case Manager‟s conclusion that the FSP ought to have

detected and blocked the transactions in this case after its fraud area became

involved following the first three transactions and the apportionment of loss she

awarded.

2.3 Is the Applicant liable in any event as a result of any failure to

cooperate with the chargeback process?

The Applicant wrongly claimed in May 2015 that all but the first of the transactions

were unauthorised. It was only later, in the course of the FOS dispute and after any

chargeback entitlement had lapsed, that he conceded he authorised all transactions.

The records show that, in response to the Applicant‟s initial claims, the FSP

completed an investigation and concluded the transactions were authorised. It

informed the Applicant that it would attempt a chargeback using an alternative


process and asked the Applicant for information to facilitate this. The Applicant did

not provide the information, he says, because the FSP threatened legal action.

An Applicant has a duty to themselves to take reasonable steps mitigate loss, even if

not of their original making There was the potential, albeit a remote one according to

the FSP, to reduce the loss by chargeback in this case.

A financial services provider also has obligations under the Code of Banking Practice

(CBP) to „act fairly and reasonably … in a consistent and ethical manner’, and, under

clause 22.1(a), in the case of chargeback to „claim a chargeback right, where one

exists, for the most appropriate reason…‟

The Applicant says the FSP threatened it (the FSP itself) would take legal action

against him. There is no verifiable record of this claim but the FSP does mention

legal action by the merchant in an email dated 7 July 2015 (reproduced in Section

3.1 of this Determination) and refers to discussions. In response to FOS, the FSP

said:

„In reply to your question asking why I mentioned the merchant may be at risk of legal

action, as the customer appeared to have entered into a contract of sorts with the

merchant, in the event [the FSP] was able to recover his funds transacted from his

credit card account, I wanted to provide [the Applicant] notice that he should seek legal

advice.‟

Even so, the mention of legal action even if only in the email was inappropriate,

unnecessary and not consistent with the FSP‟s obligations set out above.

Additionally in the same email the FSP mentioned limitations as a result of the

transactions being „Verified by Visa’ and a low likelihood of chargeback success.

Even if the merchant is „Verified by Visa ’, this does not prevent a financial services

provider from claiming a chargeback right although this is not the inference from the

FSP‟s email.

When taken together, the mention of legal action, the limitations under „Verified by

Visa‟ and the FSP‟s opinion there was a low likelihood of success, the email did

provide a level of deterrence.

Ultimately, however, it is speculative as to whether or not the FSP would have been

able to successfully chargeback all or any of the transactions. But even if part or all

of monies could have been recovered, I do not accept that the Applicant‟s conduct

transfers liability for the failure to achieve this because:

The FSP should not have allowed the transactions in the first instance;

The FSP was on notice of the scam and so could have attempted to charge

back the transactions using an alternate reason code such as services not

received or escalated it to Visa even without the Applicant‟s information; and

Even if the Applicant could have assisted in mitigating the losses, the FSP failed

to properly assist him with the chargeback process by raising the prospect of

legal action to a person who was already facing losses of about $360,000

together with its opinion there was a low likelihood of success .

I do not, therefore, accept that the compensation amount awarded by my Case

Manager should be adjusted as a result of a failure to pursue a chargeback.


3 Supporting information

3.1 Chargeback

In an email to the Applicant on 7 July 2015, the FSP said:

„Verified by Visa transactions provide enhanced security for online transactions and as such [the FSP] does not have the ability to chargeback the transactions for any unauthorised reasons.…

[The FSP] however will attempt to chargeback some of your transactions using an

alternative process. This process can take up to three months before it is finalised

and may expose you to legal action by [A company] if successful. As discussed, in

terms of managing your expectations, I do not believe this will succeed. If you are

concerned about possible legal exposure, please contact me as soon as possible so I

can cease [the FSP‟s] efforts…‟

On 9 July 2015, it sent another email saying:

„Dear [Applicant]

As per our discussion, it would be appreciated if you could provide [the FSP] with: - A copy of your contract with [A company] - Copies of email correspondence with [A company] - Any correspondence from [A company] supporting your comments regarding the control of Your [the company] account

Please also confirm what the balance is of your [A company] account (if applicable) with evidence.

[The FSP] will require the requested documents within 24 hours in order to establish whether [the FSP] can represent your case against the acquiring financial institution.

Given the mandated Scheme rule timeframes for lodging such disputes, failure to respond within this period will adversely impact [the FSP‟s] ability to represent your claim.‟

Recommendation

Case No: 404469 Recommendation Page 1 of 10

Case number: 404469 11 February 2016

4 Overview

4.1 Dispute

Between 28 April and 15 May 2015, the Applicant made twenty one credit card

payments totalling $360,324.73 to an overseas company representing it traded in

sophisticated financial products. The Applicant has not been able to recover any of

the monies and ASIC has advised that the company is operating a scam.

The Applicant says the FSP:

Was on notice of the scam and should have warned him.

Improperly allowed transfers in excess of the credit card limit.

Should have charged back the transactions.

4.2 Issues and key findings

Was the FSP on notice of the scam and so under an obligation to block the

transactions?

The FSP was on notice of the scam and should have established processes which

would have detected the Applicant‟s credit card payments and blocked them at least

after the first three payments.

The FSP is liable for part of the Applicant‟s losses as the Applicant shares some

responsibility for his losses due to his failure to protect his own interests.

Did the FSP otherwise breach an obligation owed to the Applicant in relation to

the level of credit card transfers it allowed or by failing to chargeback the

transactions?

There were no breaches in this regard entitling the Applicant to compensation.

4.3 Recommendation

This Recommendation is substantially in favour of the Applicant.

The FSP should pay the Applicant $235,539.06 if both parties accept this

Recommendation.


5 Reasons for Recommendation

5.1 Was the FSP on notice of the scam and so under an obligation to

block the transactions?

ASIC issued a scam alert

On 15 April 2015, approximately 2 weeks before the Applicant began sending

payments to the company, the regulator, the Australian Securities and Investment

Commission (ASIC), sent an email to financial services providers, including the FSP,

saying the company and an associated company were making unsolicited calls to

Australian “victims” seeking investment in “non existent financial products” and that

consumers were being “directed to deposit funds into an identified foreign bank

account”.

The email then went onto list nine company accounts located in various countries

and made recommendations to the FSP to implement processes to avoid further

fraud. A copy of the ASIC email has been supplied to the Applicant.

The FSP was under an obligation to implement ASIC’s recommendations in

relation to the scam

To comply with its obligations at law and under the Code of Banking Practice (CBP)

as a prudent and diligent credit provider, the FSP should not turn a blind eye to

known facts that indicate there is a serious possibility that a customer is being

defrauded or that funds are being misappropriated.

On receipt of the email, therefore, it is my view that the FSP was obliged to put in

place ASIC‟s recommended processes to detect and block payments.

The FSP says that the ASIC notice itself did not confirm the company was engaged

in fraud; rather that ASIC had formed an opinion and that the loss could arise from

the speculative nature of the investment with the company‟s website carrying

warnings in this regard.

I do not accept that the FSP was entitled to ignore ASIC‟s information when on notice

of potential fraud regardless of whether or not a website appeared legitimate which

would not be unexpected in the case of such a scam.

The FSP’s obligations extended through to credit card payments and merchant

facilities

The FSP says it loaded information about the specific accounts ASIC had identified

into its “sanctions screening database” on 17 April 2015 to flag all international

money transfers specific to these accounts but the system did not cover credit card

payments.

The ASIC email did not specifically mention credit card payments or the company

processing such payments as a credit card merchant.


However, ASIC informed the FSP that the company was defrauding customers.

Whilst it specifically mentioned only nine specific accounts and failed to mention

there may be others, it would be reasonable and prudent for a financial services

provider to make its own assessment of the risk to its customers including the

obvious risk that a scam organisation may defraud through other accounts opened

from time to time and through credit card payments.

Further it was evident from a cursory review of the company‟s website that it took

credit card payments.

For these reasons, in my view, the FSP should have monitored all outward payments

to the company (rather than restricted to account number) including in relation to

credit card payments whether using its credit card payment security tools or, as a

minimum, by alerting its fraud areas including the credit card fraud area.

The FSP’s fraud area should have blocked the Applicant’s credit card

transactions after 22:37:58 pm on 28 April 2015

The FSP detected the transactions on 28 April 2015 and twice imposed blocks; the

first after the Applicant completed two transactions and the second, after the

Applicant completed a third (see below). The FSP has given a number of reasons

why the blocks were imposed (see Section 3.2 of this Recommendation) including

that it was and was not because of the ASIC email.

Time of

transaction (EST)

AUD

amount

Processing Code information

22:37:58 $10,576.61 Declined - do not honour


22:37:58 $6,610.38 Approved completed successfully




Whether or not the block was imposed as a result of the ASIC email is irrelevant

because the FSP should have had a detection process in place and blocked the

transactions in any event.

The FSP says the merchant name and the company name on the email were slightly

different. To clarify the difference in a de-identified way, the ASIC email represents

the company as The Company Name Ltd or The Company Name whereas the

merchant is identified as thecompanyname.com.

I do not consider the difference sufficiently substantive. The FSP should have put in

processes sufficient to identify the company name even without the spaces.


After the transactions at 22:37 and the second block, the Applicant contacted the

credit card payments area and the banker referred the matter to the fraud area. A

transcript of this conversation is set out in Section 3.3 of this Recommendation.

At least by that stage, the FSP should have informed the Applicant of the ASIC

warning of a scam and retained the block. I am satisfied that had the Applicant been

provided this advice, he would have ceased any transactions with the company

meaning he would have avoided paying over the remaining $314,052.08.

Both parties have some liability for the Applicant’s loss

For the reasons given above, the FSP has some liability for the loss, but, in my view,

the Applicant shares some responsibility.

In the normal course, FOS is of the view that an applicant has a duty to themselves

to protect their own position and to take reasonable steps to mitigate loss. This

would include making reasonably enquiries about an investment and the entity with

which they were dealing.

Regardless of whether or not he was aware of the scam, the Applicant would

reasonably have been aware or ought to have been aware, that his decision to invest

with the company was high risk and there was the potential for loss. The Applicant:

Paid over $360,000 to an overseas investment company he had not previously

dealt with;

Made 21 separate transactions over a period of more than two weeks

progressively losing a greater and greater amount of funds.

Used monies he could not afford to lose. The Applicant says, as a

consequence of the loss of the monies, he has had to sell property to clear

debts and has suffered financial difficulty.

The Applicant has not provided any information to show he made any detailed

enquiries beyond the company‟s own website. However, there was information

readily available from a detailed internet search which would have alerted him to the

scam. This includes ASIC‟s Moneysmart website which, according to its April 2015

email and which I have confirmed with ASIC, had listed the company on 15 April

2015 as a company consumers should not deal with.

By failing to take any reasonable steps to protect his own interests including to cease

as his position deteriorated, the Applicant bears some responsibility for the losses he

has suffered.

I have dealt with the appropriate compensation later in this Recommendation after

considering the matters below.


5.2 Did the FSP otherwise breach an obligation owed to the Applicant in

relation to the level of credit card transfers it allowed or by failing to

chargeback the transactions?

The FSP did not breach transfer limits

The Applicant transferred funds available in his line of credit to his credit card to

cover the credit card payments.

There was no maximum daily transfer limits in place and no obligation on the FSP to

apply any such limit. Under the terms and conditions, the transfer and credit card

authorisations depended on available funds which included any credit funds

deposited into the credit card account from the line of credit.

The FSP complied with its chargeback obligations

The FSP‟s obligation when a customer disputes a credit card payment is to “claim a

chargeback right, where one exists, for the most appropriate reason…” (CBP

Paragraph 22).

The Applicant notified the FSP on 25 May 2015 that all transactions, other than the

first completed with the company, were unauthorised. The FSP stopped the card

and sought further information from the Applicant in order to pursue any chargeback

right.

The FSP says the Applicant failed to respond to a request for further information it

required to process any chargebacks but the Applicant says he was deterred from

doing so because the FSP threatened legal action. In an email to the Applicant on 7 July 2015, the FSP said:

“Verified by Visa transactions provide enhanced security for online transactions and as such [the FSP] does not have the ability to chargeback the transactions for any unauthorised reasons.…

[The FSP] however will attempt to chargeback some of your transactions using an

alternative process. This process can take up to three months before it is finalised

and may expose you to legal action by [the company] if successful. As discussed, in

terms of managing your expectations, I do not believe this will succeed. If you are

concerned about possible legal exposure, please contact me as soon as possible so I

can cease [the FSP‟s] efforts…”

On 9 July 2015, it sent another email saying: Dear [Applicant]

As per our discussion, it would be appreciated if you could provide [the FSP] with: - A copy of your contract with [the company] - Copies of email correspondence with [the company] - Any correspondence from [the company] supporting your comments regarding the control of Your [the company] account


Please also confirm what the balance is of your [the company] account (if applicable) with evidence. [The FSP] will require the requested documents within 24 hours in order to establish whether [the FSP] can represent your case against the acquiring financial institution. Given the mandated Scheme rule timeframes for lodging such disputes, failure to respond within this period will adversely impact [the FSP‟s] ability to represent your claim.”

The Applicant says the FSP threatened him with legal action in the phone call. Aside

from the above email dated 7 July 2015, there are no records to substantiate his

claim.

There may or may not have been a right to chargeback in this case. The problem for

the Applicant is that he wrongly informed the FSP the transactions were

unauthorised. Further, whilst the mention of legal action in the FSP‟s email is

inappropriate because a customer is entitled to dispute a transaction and any issues

with the merchant are a matter for it, it is irrelevant in this case. This is because the

Applicant was falsely claiming the transactions were unauthorised so a chargeback

entitlement on this basis did not exist.

If the Applicant had provided accurate information to the FSP about the

circumstances in May 2015 when he contacted the FSP, there may have been the

potential to chargeback. However, by the time the Applicant confirmed to FOS that

the transactions were in fact authorised, the time elapsed meant any chargeback

right had also lapsed so preventing the FSP from claiming any chargeback right.

Accordingly the FSP would not be liable for any failure to charge back.

5.3 What is the appropriate level of compensation?

The assessment of compensation is limited to the failure to block the credit card and

warn following the third credit card transaction on 28 April 2015. Subsequently the

Applicant sent a further $314,052.08 to the company.

When weighing up the contribution of the parties, i t is my view that the FSP‟s failure

to warn and block carries more weight than the Applicant‟s failure to protect his own

interests. In particular this is because if the monitoring been in place it is likely that

the FSP may have had many opportunities to block and warn.

On balance, it is my view that the FSP is liable for 75% of the payments made to the

company following the first three transactions.

The Applicant financed the payments from a line of credit and says he has sold

properties to settle the outstanding debt but I have not awarded compensation in this

regard. The Applicant‟s decision to commence a high risk investment strategy and to

risk additional debt and loss of assets principally rest with him and the FSP

compensating for part of the principal payments is sufficient.

Accordingly, the FSP is liable to pay the Applicant $235,539.06.

If the Applicant and FSP accept this Recommendation, the payment should be made

within seven days of the date of the latter of either parties‟ acceptance.


6 Supporting information

6.1 History of transactions

CC – credit card

LC – Line of Credit

DATE Central Time (*)

Aust EST Aust EST AMOUNT

CC 25-May-15 5:58:30 $1,319.71 Declined

LC 15-May-15 22:20:03 $100,000.00 Paid to credit card

CC 15-May-15 12:18:04 15-May-15 22:18:04 $6,389.73 Approved






CC 05-May-15 13:27:46 05-May-15 23:27:46 $66,019.03 Declined - no sufficient funds

















CC 30-Apr-15 12:18:23 30-Apr-15 22:18:23 $2,583.46 Approved


LC 30-Apr-15 22:17:20 $2,500.00 Paid to credit card

CC 30-Apr-15 11:58:19 30-Apr-15 21:58:19 $2,583.46 Declined - no sufficient funds





LC 30-Apr-15 21:36:15 $32,000.00 Paid to credit card






CC 28-Apr-15 12:37:58 28-Apr-15 22:37:58 $6,610.38 Declined - do not honour





LC 28-Apr-15 28-Apr-15 22:12:05 $55,000.00 Paid to credit card

6.2 The FSP blocked transactions

The FSP has provided the following responses as to how the transactions were

detected and the reasons why they were blocked:

Date of FSP

response

FSP information

22 July 2015 “The merchant was considered a high risk merchant. This is why a restraint

was placed on [the Applicant‟s FSP] credit card account on 28 April 2015.”

7 December 2015 “[the FSP] was aware that the merchant was considered a high risk merchant

and that ASIC had provided notice to [the FSP] that the merchant was

considered to be a scamming merchant”

18 December 2015 “For the purposes of clarification, the initial restraint was placed on the credit

card account as the transactions were identified as being processed to a high

risk merchant by [the FSP‟s credit card security system]. The restraint was

not placed on the credit card account as a result of the ASIC notification

which referred to transfers to specific accounts rather than credit card

transactions. Once [the FSP] is satisfied that the transactions are authorised

then it will lift a restraint …”


23 December 2015 The company was designated a “high risk merchant” by the operator who

reviewed the transactions and made his/her own judgment that they were

“high risk” and were potentially fraudulent (rather than the me rchant

specifically).

6.3 Transcript of call recording on 28 April 2015:

Who Comment

FSP Hello welcome to [the FSP] this is [banker name], how can I help

Applicant [Banker name] How are you?

FSP Good thankyou what about yourself

A Not too bad thanks, um I was just wondering have you guys put a stop on transactions on my

credit card?

FSP Ooh I can‟t tell that Sir. Our credit card system is actually down for scheduled maintenance.

So what would be – so are you trying to use it today?

A Well, I transferred 30, 35 thousand US Dollars and I need to transfer another 12.

FSP OK and how were you actually transferring them?

A AS a purchase, oh as a .. yes as a purchase

FSP OK what was your full name please?

A [Applicant name]

FSP Any your security code it‟s numbers

A [gave code]

FSP OK that is fine. At the moment it doesn‟t appear that there‟s a block. I can see that you‟ve had

3 transactions is that is that [company name].com?

A Yep

FSP OK if I could just place you on hold. What I‟ll do is I will contact our fraud team to see if there‟s

any block on the card so I won‟t be a moment

A Ok

ON HOLD FOR JUST OVER 3 MINS

FSP Thanks for much for your patience here [Applicant]. It does appear that there is a aah

currently a block on the card. We can have that removed. I just need to confirm the

transactions that you‟ve made however so can I just confirm I can see 3 transactions, one for 6

A One for 6000, one for 20,000 and one for 5,000 US Dollars

FSP OK so that would we‟ve got the transactions in Australian Dollars, one for 6610.38 which I

would say would cover off the 5000 , got one there for 26,441.51

A Mmm correct


FSP Let‟s see there is also a 3rd

one for 13,300 and, sorry 13,220.76. Would that be right?

A Yes

FSP Ok perfect and could you also tell me what other transactions you expect to make?

A Aah it‟s another 12,000 in US so it‟ll be probably about another 15 or 16,000

B Alright what I‟ll need to do I‟ve got to go back to the fraud team again. I‟ll send them this

information. What will happen is that they will take the block off the card. You‟ll need to give

them 30 minutes to do that and then you should be able to make the transactions.

A In 30 minutes

B Yep in a half an hour‟s time.

A OK

B Ok perfect. Was that all today [Applicant]

A Oh, that‟s all? I don‟t have to wait?

B NO, that‟s all, Alright then

A Ok

B Thanks so much

A Thankyou

B OK Bye

determination - financial ombudsman service · case no: 404469 determination page 3 of 4 process...

Documents