How Electronic Funds Transfer (EFT) works?

Electronic Funds Transfer (EFT) Code of Conduct

 

Whenever you

• get money out of an ATM
• buy goods or services on EFTPOS
• do telephone or internet banking, or
• use your credit card over the phone or internet you are using electronic means of transferring money. These are known as "electronic funds transfers” (EFT).

If you use a stored value facility, such as a prepaid phone card, this is also an electronic funds transfer.

What is an electronic transaction?

There are rules that apply to EFT transactions which access your account electronically. You access your account electronically when you use your card and/or PIN or password to tell your bank that you want to pay in or withdraw money from your account. For example, you are undertaking an EFT transaction which accesses your account electronically when you

• use your card to get money out of an ATM
• purchase goods with a credit card over the internet
• transfer money between two of your bank accounts via the internet or
• pay bills by Bpay.

What information do you have to be given and when?

You are entitled to a copy of the contract (or terms and conditions) for your account. As well as setting out what you can expect from the institution you have your account with, the contract also sets out your rights and responsibilities.

Your account institution must give you the contract at the time of, or before, you use a new way of accessing your account. You can also get a copy at any time if you ask for it.

Your account institution must also give you certain information about your new card or PIN. This must include information about:

• any fees you will have to pay for having the card or PIN
• any restrictions that apply, such as limits on how much money you can withdraw in a day
• what accounts you can access with the card or PIN
• how to report the loss, theft or unauthorised use of the card or PIN
• how to make a complaint.

This information must be given to you before you use your card or PIN for the first time.

It might sometimes be necessary for your account institution to change the rules for your account, card or PIN. If it does, it must tell you about the proposed changes within a certain amount of time. Changes to charges or daily transaction limits must be given at least 20 days before they take effect.

If you deposit, withdraw, or transfer money electronically, your account institution must offer you a receipt. However, if you choose not to take a receipt, the institution does not have to give you one.

Receipts must include

• the date of the transaction
• the type of transaction
• accounts and amounts involved
• subject to privacy considerations, the amount remaining in the account you withdrew from and, where possible and relevant,
• the location of the machine involved or the name of the merchant involved.

Receipts are important as they help you keep track of your finances and identify transactions when you receive your statement.

You must be sent an account statement at least every six months. You must also be offered the choice of getting it more often.

What happens if there is an unauthorised transaction on your account?

An unauthorised transaction is a transaction that is made by someone else without your knowledge or consent.

- Unauthorised transactions are rare (less th n 25 in every million ATM and EFTPOS transactions). However, you should always check your statements to make sure that none have occurred.
- Remember some transactions that look unfamiliar may just appear so because the merchant’s banking is done under a different name to their trading name.
- Check with your account institution if you are unsure.
- If you find an unauthorised transaction, contact your account institution as soon as possible. This is important both to fix up the problem and to prevent any more unauthorised transactions.

The EFT Code sets down who is liable if there is an unauthorised transaction.

When will you get your money back for unauthorised transactions?

There are a number of situations where you will get back any money that has gone out of your account as a result of an unauthorised transaction. These include where:

• there was fraudulent or negligent conduct by the employees or agents of your account institution or of merchants
• a forged, faulty, expired or cancelled card, PIN or password was used
• the transaction took place before you received your card, PIN or password
• a merchant incorrectly debited your account more than once for a sale
• the transaction took place after you told your account institution that your card had been lost or stolen, or that someone else may know your PIN or password.

Remember, tell your account institution immediately that your card has been lost or stolen or that someone else may know your PIN or password. The account institution must provide easy and effective ways for you to let them know this at any time. Most institutions have a 24-hour phone number for this.

They must acknowledge they have received your notification so that you have proof of when you told them.

• no PIN or password was required to conduct the transaction (except where the situations listed next under “When won’t you get your money back?” apply)
• it is clear that you haven’t contributed to the loss
• the account institution expressly authorises the conduct that contributed to the unauthorised transaction.

If any of these circumstances apply, your account institution must repay you the money that has gone out of your account because of the unauthorised transaction.

When won’t you get your money back?

You will not get your money back for losses resulting from unauthorised transactions where your account institution can prove that you contributed to the loss by:

• acting fraudulently or not keeping your PIN or password secret (See ‘What should you do to protect your PIN or password’.)
• unreasonably delaying before telling your account institution that your card has been misused, lost or stolen or that someone else may know your PIN or password. If you do unreasonably delay notification, you may be responsible for any amount that has gone out of your account which occurred between when you became aware (or should reasonably have become aware in the case of a lost or stolen card) and when you told your account institution.

However, you will not be responsible for:

• any money that has gone out of your account in one day that is more than your daily transaction limit for withdrawals or any other transaction limit applying to your account
• any money that has gone out of your account that is more than the balance of your account at the time of the transaction (including any prearranged credit)
• any money that has gone out of accounts which you and your account institution had not agreed could be accessed by the card, PIN or password

Special rules apply where you need more than one PIN or password to access your account.

If there is no daily transaction limit on your account, your account institution and/or the external complaints schemes may decide to reduce your liability even if your conduct contributed to the unauthorised transaction.

When will liability be split between the account institution and you?

If a PIN or password was needed to perform the unauthorised transaction and none of the above circumstances apply, that is, it cannot be proved whether or not you contributed to the loss, you will only be responsible for the lowest of the following:

• $150, or any lower figure set by your account institution; or
• the balance of the account(s) at the time of the transaction (including any prearranged credit) affected, provided you had agreed with your account institution that the account(s) could be accessed with the PIN or password
• the amount of money that had gone out of your account before you let your account institution know that your card had been lost or stolen or that someone else knew your PIN or password (except for any money lost that is more than the daily transaction limit).

Your account institution must repay any money you have lost above this amount.

What should you do to protect your PIN or password?

It is very important that you keep your PIN or password secret. As explained above, if you don’t, you might not get the money back for losses resulting from unauthorised transactions.

The EFT Code includes the following rules for protecting your PIN or password. If you break them, you may be liable for unauthorised transactions.

• You must never tell your PIN or password to anyone, including a family member or friend.

Most unauthorised transactions occur because a person gave someone else their PIN or password.

• If you use a card to access your account, you mustn’t write your PIN or password on the card or keep an undisguised record of your PIN or password together with items you may lose or have stolen at the same time as the card.
• Where you don’t need a card to access your account but do need more than one PIN or password , you must not keep an undisguised record of the PIN/s or password/s on items that you are likely to lose or have stolen at the same time.
• Where your account institution tells you after 1 April 2002:
• not to choose a PIN or password which represents your birth date or a recognisable part of your name, and
• what will happen if you choose a PIN or password of this kind
you must not go ahead and choose such a PIN or password.
• You must not act with “extreme carelessness” in failing to keep your PIN or password secret.
Example: storing your internet banking password in your diary or personal organiser or computer under the heading of Internet banking password might be extreme carelessness.

Your account institution may provide you with extra advice on how to protect your PIN or password. It is sensible to follow this advice, however, you will not be in breach of the EFT Code if you don’t.

What if you use an account aggregation service?

1. What if you use an account aggregation service?
Some account aggregation services require you to give them your PIN or password. If you do this, then you should check with your account institution whether this will mean you will be liable for any unauthorised transactions that result. You will not be liable if your account institution promotes, endorses, or authorises the account aggregation service that you use or explicitly gives you permission to tell the aggregator your PIN or password.

2. What if the equipment or system malfunctions?
Your account institution is normally responsible for any losses caused by the failure of their equipment or the system they use to complete your transaction properly. However, if you knew (or should have known) that the system wasn’t working properly but went ahead and used it anyway, the account institution may only have to correct any errors and refund relevant fees.

3. What if there is a shortfall in your ATM deposit?
Your account institution must tell you, as soon as possible, if the amount of money that they received is different to the amount you think you deposited at the ATM. It must tell you how much money has been credited to your account. If you disagree, you can make a complaint.

10 tips for safer electronic banking

10 tips for safer electronic banking and protecting yourself under the EFT Code

The Electronic Funds Transfer Code (EFT Code) protects consumers who use electronic banking such as ATMs and EFTPOS, or telephone and internet banking, to transfer funds.

It sets out the information you must be given and provides rules to resolve disputes if something has gone wrong – particularly if someone else has made a transaction on your account without your permission.

Here are some important tips to remember about your rights and obligations under the code.

1 Read your terms and conditions document. It will tell you your rights and obligations and things such as which accounts can be accessed with your card and/or PIN or code; any restrictions that apply, such as limits on how much money you can withdraw in a day and how to report the loss, theft or unauthorised use of the card or PIN.

2 Always check your statements to ensure there are no unauthorised transactions. Some transactions that look unfamiliar may appear that way because the merchant’s banking is done under another name.

3 Tell your account institution immediately if your card is lost or stolen or someone else may know your PIN or password. Also tell them immediately if you find an unauthorised transaction on your statement.

4 Never tell your PIN or code to anyone, including a friend or family member. Don’t record it on your card or with something you keep with your card.
Most unauthorised transactions happen because a person gave someone else their PIN or code. Safeguarding the secrecy of your PIN is the best way to protect yourself from unauthorised transactions.

5 You should avoid using your birth date or a recognisable part of your name as your PIN or code as this is easy for others to guess.

If you choose a PIN like this when your account institution has warned you not to immediately before you chose it, and about the consequences of choosing it, then you may have increased liability for unauthorised transactions.

This won't be the case however, if you chose the PIN or code before 1 April 2002 or you didn’t receive such a warning.

6 There are a number of situations where, under the EFT Code, you will get all of your money back if there was an unauthorised transaction on your account. For example:

• If a forged, expired or cancelled PIN or card was used;
• If there was fraudulent conduct by employees of your account institution or merchant;
• If the transaction took place before you received your card, PIN or code;
• If a merchant incorrectly debited your account more than once;
• If the transaction took place after you told your account institution that your card had been lost or stolen or that someone else may know your PIN or password; or
• If it’s clear that you haven’t contributed to the loss.

7 You won't get your money back from unauthorised transactions however if:

• You acted fraudulently or didn't keep your PIN or password secret:
• You unreasonably delayed telling your account institution that your card had been lost or stolen or that someone else may know your PIN or code.
Even in these circumstances though the amount you are liable for is subject to certain caps.

8 Liability will be split between you and your financial institution where a PIN or code was needed to perform the unauthorised transaction and none of the circumstances in 6 or 7 apply. In these circumstances your liability will be capped at $150 or any lower figure set by your account institution.

9 Under the code, your account institution is normally liable for any failure of their equipment or system. Also, your account institution can’t avoid their liability just because another party involved in the transaction, such as the merchant, caused the problem. You don’t have to make the complaint to one of these other parties, you can simply take your complaint to your account institution and require them to follow it up.

10 If you have a complaint about an electronic funds transfer you should start by raising the matter with your account institution. The EFT code sets our rules for dealing with these complaints.

 More