Mistaken electronic payments: EFT Code Update

This article by me was first published in Online Banking Review.

What are your rights when your online funds transfer is credited to the wrong financial institution account (ie an account with a different account owner or account number than intended)?

The EFT Code is currently silent on this issue.

The Electronic Funds Transfer Code of Conduct (EFT Code) is a voluntary industry code of practice covering consumer electronic transactions. ASIC administers the EFT Code and is required to periodically review it. The last review was completed in 2001. Since the release of consultation papers in 2007 and 2008 an EFT Code working group has been consulting on proposals for change .

An ASIC report with final policy positions is expected to be publicly available in November 2010.

A revised and plain English version of the Code expected to be released for comment in the first half of 2011.

Since the last review of the EFT Code was completed in 2001, there have been significant changes in the marketplace for electronic payments, the extent and nature of online fraud and the regulatory environment. Mistaken electronic payments have become a growing issue.

The Code covers:
• ATM and EFTPOS transactions;
• credit and debit card transactions including transactions intended to be authorised by entering a PIN or by signing an electronic tablet (but not transactions intended to be authorised by manual signature);
• telephone and online banking, including bill payment and ‘pay anyone’ facilities;
• stored value cards; and
• digital cash products.

Mistaken electronic payments
Apart from drafting and procedural changes to reflect technology changes, ASIC is expected to announce its attitude to resolution of disputes relating to mistaken electronic payments.

For example, what happens when an online funds transfer (eg pay anyone) is credited to the wrong financial institution account (ie an account with a different account owner or account number than intended because the customer keyed in the wrong account number despite the correct name being included in the on-screen instructions or because they have been given the wrong account number).

Why is there a problem? Can’t the transaction be reversed?

The current difficulty is the lack of a simple agreed method of recovering mistaken payments. ASIC has said it does not intend to create new legal rights that do not currently exist. It has also acknowledged the potential for abuse and fraud.

Should any new procedure be limited to keying in errors or extend to payments where the wrong details have been selected (eg from a drop down pay anyone list)? Will it exclude disputes over the quality of goods or services purchased online?

An electronic transfer is processed solely on the basis of the account number. This has the effect that, if the payer keys in the wrong account number the payment will be made but to the holder of the account number that has been keyed in. The mistake may only come to light when the intended recipient tells the payer that the payment has not been received. When the payer tries to find out where the payment has actually gone, he or she may be told that the recipient’s name cannot be released for reasons of confidentiality. Their bank may claim that it acted on the basis of the instructions it was given, that is, the account number.

The recipient’s bank may claim that it has no liability because it acted on the instructions it received from the payer’s bank. By the time the payer realises that the payment has gone astray, the recipient may have withdrawn and used the funds, with or without realising that there was a mistake.

When the Financial Ombudsman Service has jurisdiction its current approach is that “If the account name forms part of the instructions given by the payer to the paying bank then the bank will be in breach of mandate if it debits the account for a payment where the account name and number do not match, and will be liable to re-credit the account…

The receiving bank is in a position to check whether the account into which the payment was made matches the account name entered by the payer. It should do so as soon as it is alerted to the alleged mistake. It does not, in FOS’s view, breach its customer’s confidentiality if it merely confirms to the payer’s bank that the account number does not match the name provided by the payer.

The receiving bank is the recipient of a mistaken payment and on the face of it, where the mistake has been verified, it is liable to repay the funds, at least until the point in time that the funds have been withdrawn by its customer and it has, accordingly, accounted to its customer.”

Likely changes
It is expected that the EFT Code will contain a much simpler explanation of what is and isn’t covered by the Code and that it will be redrafted as a principle based, plain English document.

There will be specific requirements for certain types of electronic transactions.

The disclosure requirements will be redrafted to deal with receipts, surcharges, electronic notification, when statements won’t be required, privacy and receipts.

Complaint handling procedures will also be revised especially where a card is left in a live machine and relating to mistaken payments.

ASIC is also considering extending the Code to small businesses.

The Code will be reviewed every 5 years.

 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.