FNB has been denied damages after demanding R2.9 million from a client who says he fell victim to an online scam. At the heart of the legal argument was that the bank account had a R5,000 withdrawal limit.
This was the outcome of a six-year court battle in the North West High Court between the bank and customer Godfrey Kgethile, The Sunday Times reports.
The predicament began when Kgethile fell for an online lottery scam that told him he had won a jackpot while he was looking for a job on a computer at an Internet cafe.
He shared his banking details and ID number with the scammers, and soon thereafter, a “British-sounding woman” called him and requested his proof of residence and ID, which he also provided.
10 months later, FNB staff demanded that Kgethile repay R2.9 million that was transferred from his account over two days.
This was even though he had a R5,000 withdrawal limit on the account and claimed he could not even secure a R6,000 loan from the bank to start his own small business because he had no income.
Judge Andre Petersen this week threw out FNB’s case after the bank explained its computer software that was supposed to block unlawful payments experienced a failure between 18 October 2015 and 21 October 2015.
The bank downplayed it as simply being an error, but Peterson said this was insufficient.
“It is clear the so-called error points to a compromised computer system where all of the bank’s clients appear to have been at risk,” he said.
Despite finding Kgethile was negligent by providing his personal and banking details to a stranger, he said this could not justify that the bank was entitled to damages.
Banking services ombud Reana Steyn told The Sunday Times this case was highly unusual, especially given the amount and that the account was dormant.
“This is the first [case] of its kind that we have heard of,” she said.
Typically, she said when customers were defrauded, it was not the bank’s fault.
MyBroadband recently learned of another case in which criminals tried to steal money from an FNB customer using a bank card that he never transacted with.
In this incident, there was no blame on the customer’s part at all.
The fraudsters had used ‘enumeration’ or ‘account testing’ to guess the bank card details.
With this technique, criminals use automated scripts or software to obtain or validate payment account information.
Fortunately, they could only generate the card number but not the CVV number, which meant the transactions were rejected.
The customer had to contact the fraud department to cancel the card but did not incur any financial losses.
“From time to time, these fraudsters target unsuspecting victims. Fortunately, with the increased levels of security controls, we proactively block these merchants from future attempts,” FNB Card head of fraud Trish Ramdhani said.
“It is becoming more prevalent in the industry and globally as we see ecommerce transactions increase due to Covid-19 and lockdown restrictions.”
Absa and Standard Bank previously told MyBroadband that email and SMS-based phishing was the most common way fraudsters acquired customers’ details.
Fraudsters claim to offer grants, loans, or Covid-19 relief packages.
Users are often led to click on a link to claim one of these offers, and the malicious parties will then install malware on the victim’s computer that can steal their banking credentials.