Fraudulently triggered payment

Category Abuse and fraud | Source Annual Report 2019/17

The customer’s e-mail account has been hacked. The unknown perpetrators then succeeded in triggering a payment of CHF 9,000 to a recipient account at an overseas bank by sending an e-mail containing the customer’s sender address. The amount could not be made available at the recipient bank after the incident was discovered. In the customer’s view, the bank was obliged to credit the amount back to her account because it had not checked the order carefully enough. This had been unusual for her, both in form and content. In addition, the signature which the bank had requested by e-mail for the execution of the order had been recognisably forged. After having been unable to reach an agreement with the bank, she submitted the case to the Ombudsman. In the mediation procedure, the dispute was settled by way of a settlement.

The bank allegedly received an e-mail from the customer with an attached document. This document contained the disputed payment order for CHF 9,000, which was not signed by the client. The bank then asked the client by e-mail to sign the order and to send it to the bank again, either in the original or as a scanned copy. The bank then received the signed order as a scanned copy by e-mail and executed it. It turned out that the e-mail was written by fraudsters who had hacked the customer’s e-mail account. These fraudsters had added a forged signature to the order in response to a query from the bank. The bank had not recognized the forgery and executed the order.

According to the customer, the signature on the order did not correspond to the specimen signature deposited with the bank. Moreover, she had never given an order for this amount and had never transferred money to recipients abroad. She had always announced payment orders by e-mail in advance by telephone. She was therefore of the opinion that the bank had not examined the order with the necessary care. If it had done so, the forgery should have been detected. The bank’s efforts to recover the amount from the recipient bank were unsuccessful. The customer complained to the bank and demanded that the amount be charged back. The bank did not want to comment on her complaint for the time being, as it wanted to wait for the result of the police investigation. The customer then approached the ombudsman. The Ombudsman contacted the bank and asked it various questions about the incident. After presenting the police report, the bank suggested that the customer be credited with CHF 4,500, i.e. 50% of the amount transferred. It sent this letter directly to the client without answering the Ombudsman’s questions.

The Ombudsman therefore contacted the Bank again and asked it to comment on his questions. He asked it whether it had concluded an e-mail agreement with the customer. If a client wishes to give orders to the bank via e-mail, and if a bank is prepared to accept orders in this form despite the risks of this communication channel, this is usually regulated in an agreement, according to the Ombudsman’s experience. Such agreements usually contain a risk explanation including a provision on liability in the event of misuse, as well as a regulation of the exact process, e.g. whether and in what form e-mail orders must be reconfirmed before execution. The documents only showed that the bank assured customers in its General Terms and Conditions of Business that it would take appropriate measures against fraudulent activities and that it would bear the resulting losses if it failed to exercise the customary business diligence. It was not apparent whether it had concluded an e-mail agreement with the customer. The Ombudsman stated that, irrespective of such an agreement, queries relating to orders placed by e-mail should not be made via the same e-mail channel, as this would in most cases mean that the orders would fall back into the hands of the unknown fraudsters, who could then maintain their deception. Furthermore, the Ombudsman found considerable discrepancies between the customer’s signature on the letters which she sent him and that on the forged payment order. Since he did not have the specimen signature deposited with the bank and experience shows that signatures can change over time, he asked the bank to comment on the customer’s accusation that the signature had not been verified carefully enough. He also asked the bank to comment on the customer’s accusation that she had not placed any orders of this kind in the past and that the payment was unusual for her. Finally, he informed the bank that, on the basis of the information currently known to him, a settlement of only 50% of the amount of the loss was, in his view, not appropriate and asked the bank to consider increasing the settlement offer.

In its reply, the bank continued to hold the view that it had not detected anything unusual about the payment order and had taken the usual care to clarify the customer’s legitimacy. In the end, however, it showed itself willing to increase its settlement offer to 2/3 of the loss amount, i.e. to a total of CHF 6,000. The Ombudsman had to assume that a further increase of the settlement offer in the course of the mediation procedure was not realistic and recommended that the client accept the offer in view of the risks of legal proceedings. She was satisfied with this and accepted the settlement offer.

More from this Category