Since July 2021, the President of UOKiK has been conducting preliminary investigation in which he checks how banks behave towards consumers who have reported unauthorised transactions. The evidence gathered so far has given rise to charges against nine financial institutions.
The most recent four investigations were initiated against companies: Bank Pocztowy, ING Bank Śląski, Nest Bank and Santander Consumer Bank.
- The law sets out obligations for payment service providers, e.g. banks, when a consumer reports to them a transaction that they have not authorised. Under such circumstances, the bank should reimburse the customer on the next business day, unless it has a reasonable suspicion that it was the consumer themselves who carried out the fraud and reports it to the law enforcement authorities, or if more than 13 months have passed since the transaction. For a number of years, such a legal provision has been construed to drive the bank sector to continuously improve the level of security of funds in bank accounts. Regrettably, as evidenced by consumer feedback and information obtained in the course of investigations, banks are very often failing to meet their statutory obligation to reimburse funds lost as a result of unauthorised transactions and, on top of this, are misleading consumers - Tomasz Chróstny, the President of the Office of Competition and Consumer Protection, stresses.
Examples of consumer complaints
Consumer 1 - a nurse - was abroad on her way to the airport when she received a phone call from a fraudster who introduced himself as an employee of her bank's technical department and informed her of detected hacked transfers in her account. The phone displayed her actual bank branch number. The fraudster demanded her to send the SMS "necessary" to cancel the transfers. He would be urging the consumer: either she does it immediately or she loses her money. As a result, all her money was gone from her account and the fraudsters still took out a Revolut loan on her behalf for PLN 21,150. In total, she lost PLN 41,773. Not only did the bank not recognise her complaint, but it continued to transfer instalments due from her account for the loan taken out by the fraudsters, ignoring the fact that law enforcement authorities were still investigating the case. In addition, the bank has outsourced debt collection to third parties who harass the consumer with phone calls.
Consumer 2 put the items up for sale on an on-line portal. He received an email that the money from the sale was ready to be received. He clicked on the ‘get your money' icon and was redirected to the bank's website - a fake one, as it later turned out. He received an SMS with a code that he was supposed to enter in his on-line banking system. However, once he found out from a subsequent SMS that he was adding a virtual card in on-line banking, he did realise that there was something wrong with his account. He called the bank's hotline and reported the situation. The bank employee changed the login details and instructed him to go to the branch and to the police. The consumer followed these steps and filed a complaint. A month later, the bank informed him that the complaint had been rejected. It turned out that the fraudsters had withdrawn PLN 2,000 using Blik. They also made 11 transfers to an overseas site totalling over PLN 8,000. Although a bank employee confirmed that he had stopped the transfers, the consumer was not able to recover the money. The bank confirmed that the 11 transactions concerned were so-called remote card payments made with an activated virtual card.
Consumer 3 - facing a very tough financial situation and starting her paid part-time studies - she decided to sell her coat on one of the on-line portals. During this transaction, she was deceived by a criminal who tricked her into providing her login details (she was convinced they were necessary for the transaction) and accessed her on-line banking system. He took a loan for the amount of PLN 9,950 and made 3 BLIK transactions from the customer's account: twice for PLN 4,080 each and once for PLN 1,709.91 (one of which was later reimbursed). The customer notified the bank of her complaints about the account transactions and the loan on the same day, and also reported it to the police.
Charges against the banks
Failure to reimburse consumers for unauthorised transactions within the statutory deadline, i.e. by the end of the business day following notification (Bank Pocztowy, ING Bank Śląski, Nest Bank). There are only two exceptions to this obligation. The bank is not obliged to reimburse if 13 months have passed since the transaction or if it suspects an attempted fraud by the consumer and notifies the law enforcement authorities. Conversely, if the bank proves that the consumer contributed to the transaction either deliberately or through gross negligence, the bank can later claim against the consumer - a return of the previously reimbursed amount of the unauthorised payment transaction.
Misleading consumers in responses to notifications of unauthorised transactions (Bank Pocztowy, ING Bank Śląski, Nest Bank) or in the rules and regulations of the loan limit and card issuance agreement (Santander Consumer Bank). The confusing information mainly relates to the meaning of the terms 'authorisation' (this is the consumer's consent to a transaction expressed in a manner agreed with the bank, e.g. by entering a PIN) and 'authentication' (the technical action itself, e.g. entering a PIN) and the banks' obligations in this respect. For instance, banks would point out in letters to consumers that they had confirmed the authorisation of transactions, even though in practice they had only established the correctness of the authentication. They also argued that proving proper authentication relieved them of the obligation to refund the amount of the unauthorised payment transaction, which is not true. Such misleading responses from banks may have discouraged consumers from pursuing their claims further.
For infringing collective interests of consumers, the businesses may be charged with a fine of up to 10 percent of their annual turnover. The practices of six other banks are still under investigation. If any irregularities are suspected, the President of UOKiK may press further charges.