Skip to main content

Disclaimer: Educational purposes only. Not legal advice. Consult a qualified NZ legal practitioner for your specific circumstances.

SimplifiedLaw.co.nz
consumer

Phishing scams: Are banks liable to refund you?

Key Takeaway

In New Zealand, banks may be liable for refunds in phishing scams under the Consumer Guarantees Act 1993 if they fail to exercise reasonable care and skill in providing services. The Fair Trading Act 1986 could apply if a bank's representations about security were misleading. Liability depends on the specific circumstances and whether the bank breached its statutory obligations.

Phishing Scams: Are Banks Liable to Refund You?

Phishing scams involve fraudsters attempting to obtain sensitive information, such as banking details, by impersonating a trustworthy entity, often through deceptive emails, text messages, or websites. When a customer falls victim to such a scam and loses money, the question often arises regarding a bank's potential liability to provide a refund. In New Zealand, the Consumer Guarantees Act 1993 and the Fair Trading Act 1986 are key pieces of legislation that may apply.

Legal Frameworks and Bank Obligations

Consumer Guarantees Act 1993 (CGA)

The Consumer Guarantees Act 1993 (CGA) establishes a set of minimum guarantees for goods and services supplied to consumers in New Zealand. A consumer is generally an individual who acquires goods or services of a kind ordinarily acquired for personal, domestic, or household use or consumption, and not for the purpose of resupplying them in trade, or consuming them in the course of a process of production or manufacture [Source: Consumer Guarantees Act 1993, s 2].

Application to Banking Services

Financial services, including those provided by banks, are considered 'services' under the CGA [Source: Consumer Guarantees Act 1993, s 2]. Therefore, banks must comply with the guarantees set out in the Act when providing banking services to consumers.

Guarantee as to Reasonable Care and Skill

A crucial guarantee for services is that they must be carried out with 'reasonable care and skill' [Source: Consumer Guarantees Act 1993, s 28]. This means that a bank, in providing its services, including maintaining secure systems and responding to security incidents, must meet the standard of care and skill that a reasonable provider of banking services would exercise. If a bank's security measures were demonstrably inadequate, or if its processes for identifying and addressing fraudulent transactions fell below this standard of reasonable care and skill, it could be considered a breach of this guarantee.

Remedies for Breaches

If a service fails to comply with the guarantee of reasonable care and skill, consumers may be entitled to remedies. If the failure can be remedied, the consumer may require the supplier to remedy it. If the supplier refuses or fails to remedy the failure, or if the failure cannot be remedied, the consumer may obtain another person to remedy the failure and recover all reasonable costs incurred in doing so from the supplier, or cancel the service [Source: Consumer Guarantees Act 1993, s 32].

Furthermore, if a failure of a substantial character occurs, or if the consumer cancels the service, the consumer may recover from the supplier compensation for any loss or damage resulting from the failure that was reasonably foreseeable as liable to result from the failure [Source: Consumer Guarantees Act 1993, s 32(c), s 33(a)]. This compensation could potentially include money lost due to a scam, provided the bank's breach of the 'reasonable care and skill' guarantee directly led to the loss and was a foreseeable outcome.

Fair Trading Act 1986 (FTA)

The Fair Trading Act 1986 (FTA) prohibits misleading and deceptive conduct in trade. Its primary purpose is to protect consumers from misleading conduct and unfair trading practices.

Prohibition on Misleading and Deceptive Conduct

Section 9 of the FTA states that 'no person shall, in trade, engage in conduct that is misleading or deceptive or is likely to mislead or deceive' [Source: Fair Trading Act 1986, s 9]. This applies to banks in their interactions with customers. If a bank makes representations about the security of its online banking platforms or fraud protection measures that are misleading or deceptive, and a customer relies on these representations to their detriment in the context of a scam, there could be a breach of this section.

Prohibition on False or Misleading Representations

More specifically, the FTA also prohibits false or misleading representations concerning services. For example, it is illegal for a bank to make false or misleading representations concerning the nature, characteristics, suitability for a purpose, or quantity of its services [Source: Fair Trading Act 1986, s 13(a), (c), (e)]. This could extend to false claims about the robustness of their security systems or the level of protection offered against scams.

Consequences of Breaches

If a bank breaches the FTA through misleading conduct or false representations, a consumer who has suffered loss or damage as a result may apply to a court for various orders, including an order requiring the bank to pay damages to the aggrieved person [Source: Fair Trading Act 1986, s 43(2)(d)]. This could potentially include recovery of funds lost in a phishing scam if the loss was directly caused by the bank's misleading conduct.

When to Seek Independent Legal Advice

Navigating claims related to phishing scams and bank liability can be complex. Individuals who believe their bank has breached its obligations under the Consumer Guarantees Act 1993 or the Fair Trading Act 1986, or who wish to understand their specific rights and potential remedies, should seek independent legal advice. Information on legal assistance can be obtained from official legal aid providers and Community Law Centres for free advice at https://communitylaw.org.nz/.

Key Resources