Who is to Blame in a Bank Fraud?

                    According to a feature article by Bank Negara Malaysia in 2024, globally, one in five customers fell victim to fraud in the last four years.  This ultimately raises the question, which party is to be blamed if such unfortunate events were to happen? 

                   In 2022, an 85-year-old elderly had fallen victim to a bank fraud where a total of RM529,774.79 was withdrawn from him.  The said scam took place within the span of two weeks through Automated Teller Machine (ATM) transactions and MAS Electronic Payment System (MEPS) transfers.  The scammers deceived the victim by impersonating police officers who then persuaded the victim to hand over his debit card and disclose his Personal Identification Number (PIN).

          A claim was brought through the Administrator (the Plaintiff) of the victim against XXXX Bank Berhad (the Defendant) for negligence and breach of banking duty of the Defendant towards the victim.  The Plaintiff in this case contended that there was an implied duty on banks to refrain themselves from executing an order when the bank is “put on inquiry” that the transaction may be fraudulent on Quincecare duty. 

          However, the Defendant claims that all transactions within the said period were duly authorised and that Quincecare duty applies only to instructions from agents whose authority is in doubt instead of instances where the customer himself gives instructions or provides credentials to a third party.  The Defendant relied on the fact that the scam took place due to the victim’s voluntary actions inclusive of surrendering his debit card at a place designated by the scammer and disclosing his PIN.

          The court in this case acknowledged the victim’s contribution to the unfortunate event, however, noted that the Defendant cannot escape liability by saying they were unaware of the fraud.  Not only were the withdrawals made almost daily, they often reached the maximum limit of RM40,000 which made a clear distinction to the victim’s usual banking activity over the past 30 years.  In spite of this irregular activity of the victim, the Defendant had neither contacted, issued alerts nor restricted the victim’s account.

          The judge, Dr. Noradura Hamzah stated that the Defendant clearly had the capability to do so as well as the contractual authority to intervene, yet failed to take any actions despite of the prolonged irregular activity which amounted to an independent breach that contributed to the continuing losses.  The victim’s conduct was found to not have broken the chain of causation entirely as the fraud was not instantaneous but occurred over two weeks which was held to be completely detectable by the Defendant’s system. 

          Hence, the court found the Defendant partially liable and apportioned 60% of liability against the Defendant and 40% against the victim.  The Defendant is to pay RM317,864.87, interest of 5% per annum until full settlement as well as RM100,000 in costs.

          Similarly in a more recent case, the Plaintiff, a 47-year-old woman who held two accounts with the Defendant, a leading local bank, namely a housing loan account and a savings account, fell victim to a bank fraud case.  A sum of RM166,000 was withdrawn from her bank account, where the first withdrawal was from her housing loan account then transferred into her savings account and finally transferred to several third-party accounts in stages.

          Such events occurred between 28.06.2021 to 02.07.2021 where the Plaintiff only realised such transactions had taken place on 15.07.2021 when she checked her account.  She subsequently lodged a police report.   According to the Plaintiff, she never approved the transactions nor has she ever received any Transaction Authorisation Code (TAC) messages on her registered mobile phone number.

          The Defendant, on the other hand, claimed that the transactions were carried out using the Plaintiff’s correct username and password. Moreover, the Defendant claims that there was no problem with their online banking system where the transaction notifications and TAC codes had been successfully sent, meaning the transactions were authorised by the Plaintiff.  The Defendant then accused the Plaintiff of exposing her banking details due to her own negligence.

          The Sessions Court found that the Plaintiff was not an active online banking user where she only carried out simple tasks through the online banking application such as occasional money transfers to her father-in-law and credit card payments. The court also found that there were inconsistencies between the TAC records from the bank and phone records from Digi, where no SMS notifications were sent for certain transactions, including transactions that occurred early in the morning as early as 0500 hours.

          The court in this event found that the account’s sudden activity during the named period was a clear indication of suspicious transactions and the irregular pattern of transactions should have raised suspicion to the bank who was at a better position to detect and prevent such fraudulent transactions.  In giving her judgement, the judge stated that the bank is to be partly liable if it “shuts its eyes to an obvious fact of dishonesty”.

          The court noted that several mule account holders connected to the transfers had pleaded guilty in separate criminal cases.

          Hence, the court found the Defendant to be negligent in failing to stop suspicious transactions that emptied the Plaintiff’s money from her account where damages of RM166,000 were awarded and ordered cost of RM15,000 to be paid by the Defendant.

          In conclusion, it shall be safe to say that owing to the fact that banks are in a better position to detect and make immediate interventions, unless proven otherwise, they shall be assumed to have responsibility in ensuring the security of your bank accounts.

**for details of bank whatsapp us