Protection

Contributed by AnthonyMcDevitt, as amended by AFCA and current to April 2025

Electronic Banking Protection

The Epayments Code

The Epayments Code is a voluntary code of practice that virtually all banks, building societies and credit unions have signed up to and that protects you when using electronic fund transfers. It can protect you when you:

• Withdraw money from an Automatic Teller Machine (ATM)
• Buy goods or services on Electronic Funds Transfer at the Point of Sale (EFTPOS)
• Do telephone or internet banking
• Use your credit card over the phone or internet

To download a copy of the code, and for more information, visit ePayments Code on the ASIC website.

The Code does not ordinarily apply to business transaction accounts. .

Scams and unauthorised transactions

Scams happen when criminals deceive people to steal their money or personal details.

Further information about the National Anti-scam Centre and educational materials are available on the ACCC website.

Examples of common scams include:

• Callers impersonating banks, government agencies or other reputable service providers directing you to move money or provide secret codes under the guise of stopping unauthorised activity on your accounts
• Remote access scams where a caller directs you to install software which allows the scammer to view and control your devices.
• Business email compromise scams where invoices sent via email are altered to include the scammer’s bank account.
• Phishing emails or SMS where a false link is sent to trick you into providing secret codes or personal information.
• Romance scams where someone creates a fake profile on a dating website to lure you into a relationship and then asks you for money or to invest in something.
• Investment scams where false investment products or cryptocurrency products are sold online.

Please note that banks will never ask you for PINs or confidential internet banking details. This information is the key to your account and should always be kept confidential. Banks will never ask you to move your money to a ‘safe account’.

For more information about the most common types of scams to watch out for, the warning signs and tools scammers use to deceive you – see the ACCC Little Book of Scams.

If you have given any details to these callers, contact your bank as they can take action to protect and monitor your account. You can also report to Scamwatch and the NT Police.

If your bank or credit union does not help you after reporting the scam, you can lodge a dispute with the Australian Financial Complaints Authority.

Note: The Scams Protection Framework Bill 2025 was passed in February 2025. Under the new legislation, the ACCC will closely monitor regulated entities’ compliance with principles to prevent, detect, disrupt, respond to and report scams.

Mistakes with your banking

An unauthorised transaction is one made by someone else using your account without your knowledge or consent.

You should always check your statements to make sure that none have occurred.

If you find an unauthorised transaction, contact your bank, credit union or building society as soon as possible and make a complaint. This is important both to fix up the problem and to prevent any more unauthorised transactions.

Chapter C of the ePayments Code sets down the rules around unauthorised transactions.

When you will get your money back

• If a forged, expired or cancelled PIN or card was used
• If there was fraudulent conduct by employees of your account institution or merchant
• If the transaction took place before you received your card, PIN or code
• If a merchant incorrectly debited your account more than once
• If the transaction took place after you told your account institution that your card was lost or stolen or that someone else may know your PIN or password
• If it's clear that you haven't contributed to the loss

When you are unlikely to get your money back

• You acted fraudulently
• You didn't keep your PIN or password secret
• You unreasonably delayed telling your account institution that your card was lost or stolen or that someone else may know your PIN or code.

Even in these circumstances the amount you are liable for is subject to certain caps.

If your bank or credit union does not help you to fix the unauthorised transaction, you can lodge a dispute with the Australian Financial Complaints Authority.

What is a mistaken internet payment?

If you do enter the wrong account or BSB number the payment will be made to the wrong account (unintended recipient). This is known as a mistaken internet payment.

Clauses 26-36 of the ePayments Code set out a process that will help consumers get your money back if it has gone to the wrong account.

What if I transfer money to the wrong account?

If you have made a mistaken internet payment, you need to contact your bank or credit union immediately. Your bank or credit union will then contact the unintended recipient's bank to try and get the money back.

If the money is still in the other person's bank account and it is a genuine mistake (because the account name and number do not match), then the process for recovering the money depends on how quickly you have reported the mistake to your bank.

If your bank or credit union does not help you to fix the mistaken internet payment, you can lodge a dispute with the Australian Financial Complaints Authority.

What if I make a mistake using BPAY?

BPAY payments are not covered by the ePayments Code. This is because BPAY uses a different process to resolve mistaken payments. If you have made a mistake using the BPAY system, contact your bank or credit union, as they may be able to advise you of steps you can take to recover the money.

What if I paid the right person, but they didn't supply the goods or services?

If you transferred money to the right person, but they didn't supply the goods or service, or the goods are not what you were expecting, this is not a mistaken internet payment.

Your bank or credit union cannot help you get the money back because you authorised the payment. Some websites have a buyer protection policy and you should contact the operator of the website to see if you can claim under that policy.

What if someone transfers my money without my consent?

If you, or someone you authorised, did not make the transfer, then it may be an unauthorised transaction, as opposed to a mistaken internet payment. While unauthorised transactions are also dealt with under the ePayments Code, the process for resolving this issue is different.

If you believe an unauthorised transaction has taken place, notify your bank immediately.

Credit card Chargeback - What if I want to dispute a charge on my credit or debit card?

Where a payment has been made using a credit card and you believe the transaction was invalid, unauthorised or for goods or services not received or as described, you can initiate a chargeback through your bank.

A chargeback is a dispute initiated by the cardholder with their bank or credit card provider, requesting the reversal of a transaction made on their debit or credit card. The card scheme (e.g. VISA or Mastercard or American Express) includes rules that must be followed and time limits within which to lodge a dispute. If your bank, credit card provider or credit union does not help you to initiate the chargeback, you can lodge a dispute with the Australian Financial Complaints Authority.

Cheque Protection

The Australian government plans to phase out cheques by 2030, with the issuance of cheques ceasing by June 30, 2028, and acceptance of cheques ceasing by September 30, 2029.

Banks handle thousands of cheques every day and, therefore, it is understandable that they do not examine every cheque for proper endorsement. Consequently, many cheques handled by banks have irregular, forged or missing endorsements. The law protects banks asked to make good losses suffered from defective cheques if those banks have behaved in a certain fashion. A bank seeking protection under the law must prove it qualifies for that protection.

The paying bank

A bank is not protected if it pays a cheque that has been materially altered or if the drawer's signature has been forged. A bank that pays in either instance is unable to debit its customer's account. However, under the Cheques Act, the true owner of a cheque is sometimes prevented from suing a bank that incorrectly pays out an illegally possessed cheque. The Cheques Act provides that a bank that pays on a cheque bearing a forged endorsement cannot be held liable if that bank did so in good faith and in the ordinary course of business. Therefore, the true owner of the cheque would, in this instance, have to carry the loss.

The Cheques Act also provides protection for the drawer. If a bank pays incorrectly, but in good faith and in the ordinary course of business, the seller of the goods, as the true owner of the cheque, cannot come back to the drawer of the cheque and request payment. The drawer receives the same protection if they post a cheque to a payee, if posting is reasonably expected by both parties.

A bank is not protected if it does not pay in good faith and without negligence, but it is extremely unusual for a court to find that a bank did not act in good faith. The phrase 'ordinary course of business' is very vague and open to interpretation. Legal advice should be sought by anyone in dispute with a bank.

With regard to a crossed cheque, the Cheques Act protects both a bank and, provided the cheque has reached the payee, the drawer. A bank must pay a cheque in good faith and without negligence and in accordance with the crossing on the cheque. Again, a drawer is protected if a cheque has been posted to the payee, as long as posting is reasonably expected by both parties.

Finally, the Cheques Act also protects a bank that, in good faith and without prejudice, pays another bank an unendorsed or incorrectly endorsed cheque.

The collecting bank

The collecting bank has some protection under the Cheques Act if it collects the proceeds of a cheque for someone who is not the owner. The true owner can only recover loss from the collecting bank if the bank is unable to show it acted in good faith and without negligence.

The question of negligence with regard to a collecting bank is complicated and legal advice should be sought should a dispute arise. A bank that collects a cheque that bears the marking 'account payee only' for anyone other than the named payee has normally been negligent. This illustrates clearly the importance of drawing a cheque carefully and using all means available to protect it.

The collecting bank is not protected when it collects a cheque that has been materially altered.

Special problems

Forgeries

Forgeries present special problems for banks. Although a paying bank should not honour cheques carrying a forged endorsement, the Cheques Act acknowledges a bank's vulnerability in this regard by providing it with statutory protection when it does.

A bank's only protection stems from its contract with the drawer which states the customer has a duty to notify the bank of forgeries. A customer who knows about a forgery, but fails to inform the bank, may be liable for the amount on the cheque.

Alterations

An alteration to a cheque provides a bank with a similar problem. As a general rule, the alteration of a material part of a cheque, such as the amount, the name of the payee or the date, completely discharges the drawer and all prior endorsers from liability. A bank may be excepted from this general rule only if an alteration is not apparent.

A customer has a duty to draw cheques in a way that will not make alteration easy. An unwritten sum probably constitutes a breach, particularly if the sum in figures can be easily altered. It is difficult to predict what will amount to a breach, so a customer should always exercise considerable care.

If a customer has been negligent, the bank can debit the customer's account for the full amount of the altered cheque, unless the customer can prove the bank has been negligent in paying the cheque. If neither the customer nor the bank is negligent, the bank may debit the customer's account for the original amount of the cheque. Legal advice should be sought should a dispute arise.

If a cheque is altered by the drawer and the alteration signed, the cheque can be treated as a valid cheque in its altered form.

Making a complaint

Notify your financial firm

Customers who receive a financial service can complain direct to the financial firm. This is called internal dispute resolution (IDR). This includes both individual consumers as well as small business.

ASIC Regulatory Guide 271 sets out the expectations on financial firms when responding to these complaints including timeframes and components that should be included in the firm’s response.

For subscriber firms, there are also IDR obligations on firms set out in industry Codes of Practice such as the banking code, customer-owned banking code and AFIA Online small business lenders code of practice.

Lodge a complaint with the Australian Financial Complaints Authority (AFCA)

Where a customer is dissatisfied with the response they receive to their IDR complaint, they can lodge a complaint with the Australian Financial Complaints Authority (AFCA). Time limits and other jurisdictional limits apply and are set out in AFCA’s Rules.

There are many advantages for consumers to lodge a complaint with AFCA, including:

• there is no cost (to the consumer)
• the consumer does usually not need a lawyer
• staff at AFCA are familiar with banking law, policies and industry practice
• AFCA staff can investigate complaints and also refer issues with breaches of the law or Codes of Practice to ASIC.

Another advantage to the consumer is that AFCA determinations are not binding on the consumer. If the consumer is dissatisfied with the decision, they can reject it and pursue court action. On the other hand AFCA determinations are binding on the financial firm who must resolve the complaint in accordance with the determination if the consumer accepts it.

AFCA determinations are not binding precedents; each case turns on its own facts. However, AFCA decisions apply the law, good industry practice and consider what is fair in all the circumstances. AFCA determinations are published on the AFCA website, which also includes important updates, useful guidance and relevant publications.

What will AFCA do

AFCA will generally try to resolve a complaint by informal methods. This includes facilitating negotiations between the parties or conciliation a complaint by holding a conciliation conference.

AFCA can request any information it considers relevant to the issues in dispute, and require a party to do anything else AFCA considers may assist AFCA’s consideration of the complaint.

If reasonable attempts to resolve a complaint by these methods do not succeed, AFCA may provide a preliminary assessment, which addresses the issues in dispute and outlines what the likely outcome may be based on the available information. If either of the complaint parties do not accept the preliminary assessment, the complaint will progress to the final stage, where an AFCA decision maker (or a panel including both an industry and consumer representative) will provide a final decision called a determination.

AFCA may decide that it is not appropriate to continue to consider a complaint, such as when the complaint is without merit, the financial firm has committed no error, or the complaint falls outside the scope of AFCA’s Rules jurisdiction.

The AFCA process

AFCA has many useful fact sheets on its website including those which outline each step of the dispute resolution process.

Court action against the financial firm

Consumers are strongly encouraged to take up dispute resolution options through AFCA before commencing court action. Court action is costly and may not result in a better outcome. Those considering court action should get legal advice.