Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Second Report of the Working Group examining the rights and obligations of the users and providers of electronic funds transfer (EFT) systems

Download PDFDownload PDF







The Federal Government today endorsed new recommended

procedures to protect the interests of consumers using EFT

services such as automated teller machines. State Consumer

Affairs Ministers have also endorsed the recommended

procedures following their examination of the document at

today's meeting of the Standing Committee of Consumer Affairs

Ministers (SCOCAM). As such, the recommended procedures will

apply on a uniform national basis.

The recommended procedures include provisions that require

financial institutions to:

(i) provide timely information to their customers on their

rights and obligations (the consumer should be aware of

the terms of the contract they are entering) and on the

operation of EFT cards including, for example, the

procedure for reporting the loss or theft of an EFT




* V

(ii) i n c lu de c e r t a i n i n f o r m a t i o n on the r e c e i p t p r o v i d e d by

the E F T t er m i n a l and on the c u s t o m e r ' s a c c o u n t

s t a t e m e n t in order that c u s t o m e r s ca n c h e c k and

r e c o n c i l e t r a n s a c t i o n s d e b i t e d or c r e d i t e d to their

a c c o u n t s ;

(iii) e s t a b l i s h a $50 m a x i m u m l i a b i l i t y for c o n s u m e r s in

c a se s of u n a u t h o r i s e d u s e of their c ards e xc e p t w h e r e

the c o n s u m e r has c o n t r i b u t e d to the u n a u t h o r i s e d

t r a n s a c t i o n , by, for example, w r i t i n g their p er s o n a l

i d e n t i f i c a t i o n nu mb er (PIN) on the card. In the latter

cases, a s i g n i f i c a n t l y hi gh er l i a b i l i t y c o u l d apply.

(iv) a c c e p t r e s p o n s i b i l i t y if a n A T M or o ther E F T termi na l

m a l f u n c t i o n s and a t r a n s a c t i o n is not c o m p l e t e d

p r o p er ly ; and

(v) e s t a b l i s h a p p r o p r i a t e p r o c e d u r e s to i n v e s t i g a t e and

r e s o l v e E F T t r a n s a c t i o n s w h i c h are d i s p u t e d by their

c u st om er s.

T h e n e w p r o c e d u r e s are r e c o m m e n d e d in the S ec o n d R e p o r t of

the E l e c t r o n i c F u nd s T r a n s f e r (EFT) W o r k i n g G r o u p . This

R e p o r t wa s r e l e a s e d t o d a y by the T r e a s u r e r and the

A t t o r n e y - G e n e r a l .




For the preparation of the Second Report, the Working Group

was expanded to include State Government representatives.

The Report assesses developments since the Group's first

report and concludes that important and positive attitudinal

changes recognising consumer rights are occurring and being

reflected in EFT Terms and Conditions but that more effort is

necessary by financial institutions in areas such as dispute

resolution procedures and in formulating consumer education

prog r a m s .

In endorsing the recommended procedures, the Government

expects that financial institutions will move quickly to-give

effect to them and to translate them into their EFT Terms and

Conditions (and accompanying documentation as appropriate-)

and into their institutional practices (particularly with

respect to dispute settlement procedures). The Government is

of the view that the recommended procedures should provide a

sound and equitable basis for both financial, institutions and

consumers in the delivery and use of EFT services.

The Government has also agreed that the Working Group remain

in existence as presently constituted to provide assistance

to financial institutions in implementing the Report's

recommendations. The Group will also undertake an ongoing

monitoring role to ensure adherence to the recommended

procedures. The Group is also required to assess

developments in the EFT area and, in approximately eighteen

months time, to advise Government on whether more formal EFT

arrangements, including legislation, would be w a r r a n t e d .


Copies of the Second Report will be available from Australian

Government Bookshops. .


19 September 1986







' · . · * · V










(i) Card and PIN Distribution 4

(ii) Disclosure of Information to the Cardholder 5

(iii) Changing the Terms and Conditions of Use 6

(iv) Paper Records of EFT Transactions 7

(v) Customer Liability for Unauthorised 12


(vi) Onus of Proof 16

(vii) Liability in Cases of Technical Malfunction 16

(viii) Error/Dispute Resolution Procedures 0,5

(ix) Deposits at electronic terminals 20

(x) Networking arrangements 21


(i) Consumer Education 22

(ii) Security 23

(iii) Privacy 23

(iv) Report by the Australian Science and

Technology Council (ASTEC) 24

(v) National Consumer Affairs Advisory Council (NCAAC) 25







The Report of the Working Group established by the

Commonwealth Government to examine the rights and obligations

of the users and providers of EFT systems was submitted to

Cabinet towards the end of 1985. Ministers endorsed the

Group's recommendations that the terms and conditions of EFT

contracts and certain practices associated with the provision

of EFT services be amended with the objective of providing a

more equitable relationship between financial institutions and

their cardholders. Ministers also agreed that the Working

Group monitor the response of the financial institutions to

the recommendations and that it report back to the Government

by mid 1986 on the progress achieved.

In early 1986, some State consumer affairs agencies released

for comment by interested parties draft Guidelines for

Consumer Protection in EFT Systems. The Guidelines had been

commissioned by Ministers at the September 1985 meeting of the

Standing Committee of Consumer Affairs Ministers (SCOCAM).

The States sought to establish an EFT Code of Conduct as

distinct from the Commonwealth's approach which recommended

that financial institutions be given an initial opportunity to

respond to and implement a range of proposals to remedy

identified inequities. Also, there was some difference in

approach and coverage between the Commonwealth and the States.


Perhaps not surprisingly, the differences between the two

approaches to the subject raised questions about cost and

efficient reform, including from the financial institutions.

The benefits that would derive from a co-ordinated approach by

the two levels of Government, and the desirability of

attaining uniform and nationally operating procedures

governing EFT systems needed to be considered. Ministers at

both levels of government agreed to expand the Commonwealth's

Working Group to incorporate representatives of

State/Territory Governments in the second phase of its work.

They did this against an assessment that there was a fair

measure of common ground between the Commonwealth and

State/Territory approaches and that further harmonisation

should be encouraged.

The involvement of State/Territory Government representatives

on the Working Group and the consideration of the States' EFT

Guidelines meant that the task of the Group became necessarily

broader than originally envisaged. The Group both reviewed

the progress of financial institutions in implementing the

Commonwealth's original recommendations and at the same time

sought to harmonise the approaches of the two levels of

government. As a consequence, there was some reconsideration

of a number of issues most of which were canvassed in the

earlier separate work of the States and the Commonwealth.

The Group believes that this phase was particularly

constructive. The results of this work have been incorporated

into a set of recommended procedures to govern the

relationship between the users and providers of electronic

funds transfers and are attached to this Report. We commend

them to Government and consider that if they were to be

adopted nationally by institutions they would provide an

equitable basis for the delivery of EFT systems.


The steps the Working Group followed and the reasons for the

positions it has adopted are explained in the following

sections. ■



The Group held consultations with a range of institutions:

the Australian Bankers Association (ABA), the Australian

Association of Permanent Building Societies (AAPBS), the

Australian Federation of Credit Unions Ltd (AFCUL), the four

major nationally operating banks, the State Banks of NSW and

Victoria, and, in order to better appreciate the position of

the new banks, Chase-AMP, Citibank and National Mutual Royal

Bank. It also had discussions with the American Express

Company. Written responses to the Working Group's Report and

the draft State Guidelines were also received from the

industry associations mentioned above, individual banks and

American Express. The Chairman and some members of the

Working Group also personally consulted with financial

institutions and consumer organisations and participated in

discussions convened by the Commonwealth's National Consumer

Affairs Advisory Council and the Australian Payments System


The three industry associations advised that in response to

the Working Group's Report and the States' Guidelines they had

been liaising with their members to develop industry Codes of

Practice. Some discussions have also been held amongst those

groups with a view to developing standards which might apply

across all financial institutions. The individual banks

advised of the progress they had achieved in implementing

changes to their EFT Terms and Conditions documents and to

certain of the practices associated with EFT services.

The Group noted from the responses of institutions that they

were willing to implement changes to more equitably reflect


the interests of consumers, although some institutions were

further advanced in this than others. The written responses

from financial institutions tended to concentrate on the

Terms and Conditions to govern EFT transactions. Other areas

dealt with in the Group's Report were not commented on by the

financial institutions to the same degree but were the

subject of discussions between institutions and the Group.

More effort is needed by financial institutions on some

matters such as dispute resolution and formulation of

consumer education programs.

There were some aspects of the Commonwealth Report and the

draft Guidelines which needed to be reconsidered in the light

of difficulties raised by institutions; the objective of

harmonising the positions of the two levels of Government so

that financial institutions would be faced with only one set

of recommendations was borne very much in mind during this



(i) Card and PIN Distribution

The draft State Guidelines proposed a specific regime under

which EFT cards and PINs would have to be distributed to

cardholders. This was designed to overcome the problem of

the card or PIN being delivered to someone other than the

rightful cardholder. In particular, the States felt that the

present practice commonly used by financial institutions of

delivering both card and PIN by mail increased the risk of

interception by third parties (and this could readily lead to

unauthorised transactions). However, the regime proposed by

the States created difficulties for many credit unions,

building societies and new.banks which, without large branch

networks, rely heavily on mail contact with their

cardholders. In recognition of these problems, the Group


felt that the difficulty which the States' Guidelines sought

to overcome could just as readily be resolved if financial

institutions were left to determine the method of delivery,

in accordance with their assessment of fraud and security " i .

risks, provided the cardholder is not held liable for

transactions before they have actually received their card

and/or PIN.

The Group does not consider that where Cards and/or PINs are

sent by mail, proof that they have been sent or delivered to

a cardholder 1s correct address should be regarded as proof

that they have been received by the cardholder. Nor should

there be a term in the Terms and Conditions which deems the

cardholder to have received the card or PIN sent to, or

delivered at, the cardholder's correct address.

The Group appreciates that where Cards and/or PINs are sent

by ordinary mail, the issuing institution may be exposed to

some risks. Institutions wishing to minimise those risks

should consider requiring cardholders to acknowledge receipt

in some way (eg by requiring a signed acknowledgement which

can then be compared with the cardholder's other signed

documents) before activating the card for u se.

Alternatively, they could consider sending either the PIN or

the card (whichever is sent last) by registered mail.

(ii) Disclosure of Information to the Cardholder

The Group's original Report recommended certain standards

regarding the disclosure to prospective cardholders of the .

Terms and Conditions applicable to EFT cards. These

standards were in the main accepted by financial institutions

although considerable doubt was cast on the utility of

providing Terms and Conditions in several languages.

Financial institutions argued that all other aspects of their

business were based on contracts solely in the English


language; legal uncertainties might arise with a translation

of the contract in a foreign language; and more effective

communication was likely to be achieved through personal

contact via the migrant advisory services provided by some

financial institutions.

The Group accepts these points and would hot wish to pursue

its earlier recommendation concerning foreign language Terms

and Conditions. Some financial institutions indicated a

willingness to selectively provide information

pamphlets/brochures in several languages, as these documents

are not legal contracts. We see merit in this alternative.

As well as reiterating the remainder of its earlier

recommendations on disclosure of the Terms and Conditions,

the Group also supports the disclosure of certain information

(most of which is already being provided by financial

institutions) specifically mentioned in the draft State

Guidelines. The information which we propose be disclosed

covers charges relating to the issue and use of an EFT card

and PIN; the nature of any restrictions on the use of EFT

cards; the types of transactions that may be made with an EFi

card; the accounts which may be accessed; the credit

facilities which may be accessed; the procedure for reporting

lost EFT cards; and the means to activate error/dispute

resolution processes. The Group believes that by providing

such information institutions would provide cardholders with

a comprehensive understanding of their rights and obligations

and the operation of EFT systems.

(iii) Changing the Terms and Conditions of Use

The Group's original Report drew a distinction between

1 substantial1 and 'minor 1 changes in prescribing the means of

notifying changes and the period of notice before any change

should take effect. This terminology was variously


interpreted by financial institutions and, in order to ensure

greater uniformity, a more specific formulation, is now


Three specific types of changes to EFT Terms and Conditions

are identified as 'substantial1, namely the introduction of,

or increase in, charges relating solely to the use of an EFT

card and PIN or the issue of an additional or replacement

card; an increase in cardholders' liability for losses; and

adjustments to the periodic transaction limits. (The last

mentioned is included as these limits can be of particular

importance in determining the extent of cardholder liability

for losses arising from unauthorised transactions.) We

propose that written advice of changes of this type should be

sent to the cardholder, 30 days in advance. .

We also propose that other changes to the Terms and

Conditions should be notified in advance by specified means.

(iv) Paper Records of EFT Transactions

Data presently included on receipts at electronic terminals,

appear to be generally satisfactory; however, the Group

believes that there would be value in setting out the minimum

information such receipts should contain for the benefit of

future EFT providers and to ensure that present practice is


The Group has specified that the information provided to the

cardholder at the time of each transaction should include

such basic items as the amount, the date and the type of

transaction, and the accounts accessed. As well, receipts

should contain a receipt number, or other means which will

ensure that the cardholder has a sufficiently complete record

of the transaction to reconcile with entries on account



Card-issuers generally show the account balance at completion

of the transaction on receipts issued at their own ATMs and

the Group views this practice as highly desirable. However,

it recognizes that at present it is not always possible to

provide an account balance with respect to some accounts

(eg credit card accounts) nor where, under networking

arrangements, cardholders use ATMs owned by other

institutions. For privacy reasons, receipts at EFTPOS

terminals do not show account balances.

The Group is aware that with certain EFT transactions (eg

1 fast cash1 delivery services) and/or certain EFT terminals

(eg at some self-service petrol outlets), a receipt is not

provided to the cardholder. Such a practice clearly

eliminates the prospect of the consumer checking debits on an

account statement against transaction receipts. The Group is

aware of arguments that provision of a receipt should be a

matter of cardholder determination or cardholder convenience

but notes the importance of the receipt as the only record of

the transaction the cardholder will obtain. For this reason,

the Group believes that not to provide a receipt is a highly

undesirable practice and that those institutions presently

offering EFT services which do not provide receipts should be

discouraged from continuing the practice. The Group has

previously commented on the desirability of increasing

consumer awareness of the importance of retaining transaction

receipts to verify transactions recorded on account


We judge that the type of information presently included on

periodic account statements generally meets the information

needs of consumers. However, for similar reasons to those in

the case of transaction receipts, the Group has included some

recommendations on minimum information requirements for



A further matter that we have canvassed in our discussions

with financial institutions is the frequency with which

periodic statements should be sent to cardholders. We were

initially concerned that where account statements are issued

only at 6 monthly intervals, an error on the statement or an

unauthprised transaction occurring near the beginning of the

statement period would not be detected or challenged either

because the cardholder could not remember the details of

transactions occurring that long ago, or because it would be

unusual for most cardholders to retain receipts capable of

proving the error for that length of time.

As we are not proposing to permit institutions to restrict

the period for making claims (this question is dealt with

below), and as we are conscious of the costs that would be

incurred if statements are required to be sent more

frequently than every six months, we have decided not to

recommend substantial changes in this area at present. We do

consider, however, that all institutions should comply with

the following procedures:

(1) the maximum statement period for all accounts (other than

pass-book accounts) that may be accessed through an

electronic terminal should be six months;

(2) cardholders should have the option of nominating a

statement frequency of either one month, three months, or

such other period as may be agreed and this option should

be publicised, particularly at the time of opening the

account; and

(3) cardholders should be able to request additional

statements (ie at other than the normal frequency), and

receive those statements promptly.

One related matter that has caused us some difficulty is the

question whether institutions should be able to require

cardholders to notify claims relating to EFT errors or

unauthorised transactions appearing on an account statement

within a shorter period than the 6 years currently applying

for the institution of legal proceedings under limitation

Acts in force in each State.

In a number of cases, courts have ruled that in the normal

course there is no duty of care on a customer to examine a

statement provided by their financial institution.

Nevertheless it would be legally open to institutions to seek

to impose such restrictions on accounts by way of contract.

However, no institutions that we are aware of have chosen to

impose such restrictions on accounts generally although we

understand that at least one nationally operating bank may be

contemplating moving in that direction in the near future.

We are aware some institutions were proposing to include a

clause in revisions to their EFT Terms and Conditions

requiring cardholders to check statements for accuracy and to

query incorrect entries within a short time. We understand

that if such a clause sought to deny the cardholder's right

to have incorrect entries adjusted after the expiry of that

time period, then in order to be effective, the clause would

need to be very clearly highlighted in the Terms and

Conditions, and be specifically drawn to the cardholders

attention. (This could require something like a separately

signed acknowledgement by the cardholder.)

In assessing the desirability of such clauses in EFT Terms

and Conditions, the Group considered that in relation to

errors such as arithmetical or simple book-keeping errors,

over which a cardholder has no control, there was little

justification for having any different rules for EFT than

apply to accounts generally. All the institutions that we

spoke to accepted this point.



In relation to unauthorised EFT transactions, the Group

acknowledges that there is some force to the argument for -

imposing limits to the time by which an adjustment of the

account can be sought by the cardholder. Institutions claim

that where there are a series of unauthorised transactions

that are related (as, for example, where a thief simply

'borrows1 a cadd from time to time) a requirement to notify

the unauthorised use as soon as it appeared on a statement

would permit an institution to limit its exposure to further

losses by allowing it to change the cardholders PIN and/or

issue a new card.

The Group would not, as a matter of principle, rule out the

use, at some time in the future, of limitation provisions in

EFT Terms and Conditions in respect of continuing losses from

unauthorised use of cards. At this time, however, we have

not seen any evidence that continuing losses through a series

of related transactions are common, or that institutions are

seriously at risk if they are not able to impose limitation

periods on claims by cardholders who fail to check the

accuracy of their statements.

What we propose, therefore, is that institutions closely

monitor the situation over coming months to see if they are

subject to any losses occurring in this way. In the meantime

we propose that institutions do not put limitation provisions

in their Terms and Conditions which would seek to restrict

cardholder's rights to be reimbursed for unauthorised

transactions, whenever they occur (but subject to the general

six year limitation period). Should the situation arise

where institutions become vulnerable because of the absence

of limitation provisions, the question should be reviewed as

a matter of priority and appropriate procedures recommended.

(We recommend elsewhere that the Group continue to monitor

developments and the limitation question is one such issue

that could be monitored.)


While at this stage we see difficulties in the imposition of

a penalty on cardholders for failing to check their

statements, we acknowledge the desirability of educating

cardholders to check statements to assist in maximising the

possibilities that unauthorised transactions will be

identified at an early stage. We have therefore also

proposed that to encourage cardholders to check the accuracy

of entries on their statements, institutions should print

advice to cardholders on each statement requesting that they

verify all entries and report any errors or possible

unauthorised transactions promptly.

v) Customer Liability for Unauthorised Transactions

This is an issue the Group examined at some length in its

original Report. It concluded that security of the card and

PIN is crucial to preventing unauthorised transactions.

Where the cardholder fails to respect a duty of care with

regard to the card and PIN, the Group was of the view that

the cardholders' liability should be limited only by a

periodic transaction limit and (ultimately) the cardholder's

account balance (including any credit limit). Where it could

be demonstrated that the cardholder was in no way negligent

with the card or PIN, the Group believed that the cardholder

should not be held liable for unauthorised transactions.

The States' Guidelines proposed a two-tiered regime which

prescribed different degrees of cardholder liability

depending on whether or not the cardholder contributed to the

loss caused by the misuse of a lost or stolen card. If the

cardholder did not contribute, the liability was not to

exceed $50. Where there was cardholder negligence, liability

would not exceed a maximum of $250. Financial institutions

argued that in the latter case they would be potentially

exposed to greater losses in instances where the cardholder's

conduct had caused the loss.

13 )

In further examining this question the Group decided that two

issues needed to be addressed. The first was that

cardholders needed to have some incentive to safeguard their

EFT cards and the security of their PINs. The Group notes

that with Bankcard and some other credit cards, cardholders

are liable for any losses relating to lost or stolen cards up

to a maximum of $50. We see some justification for a similar

$50 incentive being applied to EFT cards.

The Group notes that some institutions have already adopted

this limit on liability in their current Terms and Conditions

and endorses that development. It also notes that in

practice most institutions do not strictly enforce their

legal rights to the $50 penalty where the cardholder has

clearly not contributed to the loss. The Group would expect

that this practice will continue.

The second issue was whether in some limited circumstances it

was reasonable for cardholders to be liable for an amount

greater than $50. The Group considered this to be so in the

situations outlined below. They include where the


(i) voluntarily disclosed the PIN to another person who

misused that information;

(ii) indicated the PIN on the card (by writing on it or

otherwise); and

(iii) recorded the PIN (without making a reasonable effort

to disguise it) on an article carried with the card

which was liable to loss or theft simultaneously

with the card.

The Group's view was that in these cases the cardholder

should be liable for any losses occurring up to the lesser of

the following amounts:


- the actual loss at the time the loss or theft of t h e ■

card was reported; .

- the amount that it should have been possible to

withdraw over the relevant period having regard to

. any transaction or withdrawal limits; or

- the balance of the account (including any

pre-arranged credit).

This formulation ensures that where the system or the

institution has contributed to the amount of the loss

suffered (eg because the equipment was operated 'off-line1 or

because other mechanisms which would have limited the loss

were not operating) the institution will be liable for that

part of the loss which should not have occurred.

The Group identified a further type of conduct for which the

cardholder should bear some responsibility, namely

unreasonable delay in notifying;

(a) the loss or theft of the card;

(b) the misuse of their card; or

(c) that the PIN has become known to someone else.

The Group concludes that conduct of this type is less serious

than the types of conduct identified above. The Group sees

some merit in permitting institutions to hold cardholders

liable for losses which would not have occurred but for the

unreasonable delay in notification.


The recommendations proposed by the Group do not attempt to

cover loss arising from the involuntary disclosure of the PIN

which might occur where the PIN is observed during the

keying-in p r o c e s s ^ , where the cardholder is tricked or

deceived, or where the cardholder is subject to duress. Such

losses arise n o t ,from cardholder negligence but from

fraudulent or criminal acts by third parties and should be

subject to other relevant legal remedies.

The Group has also considered the question of liability for

losses arising in a situation where the cardholder's conduct,

although strictly in breach of the Terms and Conditions has

not caused or contributed in any way to the loss. This could

occur, for example, where the cardholder has written the PIN

on an article carried with the card, but that article is not

stolen when the card is stolen. The Group considers that in

situations where there is clearly no causative link between

the breach of duty that might give rise to the loss, and the 1

(1) In its earlier Report, the Group noted that PINs could be

observed because of the present practice of financial

institutions of siting ATMs directly facing on to public

areas such as footpaths. It was suggested that financial

institutions consider this aspect in the design of the

ATMs they employ (the Group notes that observing the PIN

is more difficult with ATMs with horizontal key pads,

than with ATMs with vertical key pads) and in where they

choose to site them (the Group notes that screens or

other means to ensure greater privacy might need to be

used in open locations). It is expected that financial

institutions will continue to take these matters into

account in their ATM system planning.



loss itself, the cardholder should not be liable. It

believes that financial institutions will take a sensible

approach to the question of causation when considering

liability for losses. However, the Group will be keeping the

matter under review as we understand that this issue has been

the subject of criticism from consumer organisations in the


(vi) Onus of Proof

The Group recognises that there can be difficulties both for

a cardholder and for an institution in demonstrating with

certainty that a particular act occurred in connection with

an EFT transaction. The issue of the onus of proof is a

contentious one and is recognised as such in most countries

where EFT systems operate. In its approach, and as is

reflected in the recommended procedures attached to this

Report, the Group has avoided explicitly indicating where it

believes the onus of proof should lie but rather has sought

to establish what it regards as equitable principles and

machinery for resolving disputes, particularly in the area of

unauthorised transactions. We believe that there is a

responsibility on both the cardholder and the card-issuer to

seek to establish the facts and to resolve disputes on the

basis of these facts rather than inferences. Where the

parties to a dispute cannot agree, there should be no

impediment to the matter being referred to an independent

arbitor such as a Small Claims Tribunal or court. We have

stressed the importance of institutions providing information

to cardholders on dispute settlement processes.

(vii) Liability in Cases of Technical Malfunctions

In its earlier Report, the Group expressed concern over the

clauses in Terms and Conditions which appeared to exclude

institutions from any liability for losses arising from

malfunctions within their EFT systems. At that time,


financial institutions argued that it was not their intention

to contract out of normal responsibilities associated with

the operation of cardholders' accounts (ie they implicitly,

at least, acknowledged liability: for direct losses arising !

from a failure to fulfil a card ho ld er 's p a ym en t instructions)

but they s p e ci fi ca ll y r ej ecte d claims for c on sequential

losses w hi ch might arise from a technical m a l f u n c t i o n . In

its first Report, the G r o u p p ropo se d that institutions should

m ak e clearer in their Terms and C o n d it io ns the basis on which

they w ou ld or w ou ld not accept liability.

The States were also con ce rn ed over the v e r y broad exclusions

from l i ab il ity for technical malf un ct io ns w hich many

fi nancial i nstitutions had w r it te n into their Terms and

C o n d i t i o n s . T he y felt, for example, that under some clauses,

c ar d- i ss u er s were e xc lu de d from l ia bility to recre di t

ac counts with amounts w ro ng f u l l y debited. The States'

G ui de l in e s sought to hol d car d- is su er s liable for all losses

that are r e as on ab ly f oreseeable and to p ro hi bi t card-issuers

from l imiting lia bi li ty onl y to di re ct losses.

In its further d e l i b e r a t i o n s , the G r ou p c o n s id er ed the common

law of d am ag es and h o w that m ig ht apply to the r el ationship

be tw ee n the card-issuer and cardholder. It sought to ensure

that E FT Terms and C on di t i o n s do not alter the underlying

re sp on s ib i li ti es betw ee n c ar d- issuers and c ardholders (the

so-c al le d 'banker-customer r e l a t i o n s h i p ').

T here is no d i s a g r e e m e n t by institutions that they are liable

for d ir e ct losses aris in g from m al fu n c t i o n s of their

s y s t e m s . H o w e v e r , they argued that it w o u l d be unreasonable

to require, in c o n t r a ct ua l terms* that they should be held

liable for conse qu en ti al damages arising from cert ai n defi ne d

events. W hile recogn is in g this concern, the G r o u p is of the

v i e w that it would be equally u nr ea sonable for institutions

to d eny cardholders the o pp or tunity to pursue claims for


direct and foreseeable damages arising from systems

malfunctions. Liability in such circumstances should be

determined on the facts and if the parties cannot agree, then

there should be recourse to an arbitrator. We believe that

nothing in the Terms and Conditions should prejudice that

process or its outcome. The Group believes the following

treatment reflects a fair balance of interests in this area:

(a) that card-issuers accept liability for all direct losses

arising from the malfunctioning of EFT systems;

(b) that card-issuers should not seek to avoid liability for

other foreseeable (ie consequential) losses by exclusion

clauses in their Terms and Conditions; .

(c) that card-issuers not be held liable if an EFT terminal

is closed or not able to perform its full range of

functions; and .

(d) where the cardholder is (or should be) aware that an EFT

terminal is malfunctioning, a card-issuer should be able

to limit liability to the correction of any mistakes. In

essence this would mean that cardholders should check the

transaction receipt to ensure that the instruction is

correctly performed. If that check is not conducted and

a mistake is subsequently found to have occurred, the

institution should only be liable to correct the

mistake. It should not be liable for any other losses

that may follow on from that. .

In summary, the Group recommends that Card-issuers accept in

their Terms and Conditions liability for direct losses

arising from an EFT system malfunction but that the contract

should be silent on consequential losses; nothing in the

Terms and Conditions should preclude further recourse to

determination and settlement by arbitration or common law


3 4 i 9 : ;


(viii) Error/Dispute Resolution Procedures

Both the Group's Report and the States' Guidelines placed

considerable emphasis on the question of appropriate low cost

procedures to expeditiously resolve disputes.

In responding to these various recommendations, financial

institution's initially argued that cardholders instinctively

know where and how to raise a complaint and that most

complaints are adequately resolved at branch level (the point

of first enquiry). The Group notes this response but holds

the view that comprehensive processes should be in place to

ensure that complaints receive prompt and equitable

treatment. The Group also notes that, while institutions

have subsequently expressed a willingness to improve their

dispute resolution processes and to maintain a central

register of disputes as recommended in its earlier Report,

implementation to date appears to be limited. The Group

believes much more needs to be done in this important area.

In the course of its discussions with institutions, the Group

identified aspects of dispute settlement processes warranting

further development. There is a need, particularly in large

institutions, for staff dealing with the public to receive

adequate training on EFT systems; on consumers' need for

information; and on complaint handling processes. It is

strongly recommended that all institutions give particular

attention to the staff training and communication aspects of

this matter.


There would also be benefit in institutions establishing some

procedure whereby a cardholder who is dissatisfied with an

investigation at branch level could have the matter reviewed

at a more senior level within the institution. Cardholders

should also be informed that if they remain dissatisfied

following an internal review/appeal process external avenues,

in the form of Consumer Affairs Departments and Small Claims

Tribunals, also exist.

The Group recalls its earlier recommendation that

State/Territory Governments consider, where appropriate,

amending the legislation governing the operation of Consumer

Affairs Agencies and their Small Claims Tribunals to allow

both to become meaningfully involved in the resolution of EFT

disputes. The Group understands that the position with

regard to the jurisdiction of Small Claims Courts is not

uniform across the States; it would seem desirable that

relevant State Ministers agree on a (relatively high) uniform

claim limit for these courts.

(ix) Deposits at electronic terminals

At present, many financial institutions do not accept

responsibility for deposits lodged at ATMs until such time as

the amount of the deposit has been verified by staff. In

other words the cardholder incurs all risk of loss if, before

the funds are removed by officers of the institution, the ATM

in which the funds have been deposited is destroyed or

stolen. The Group is of the view that, as cardholders cannot

determine the security features of an ATM or its location, it

is only equitable that card-issuers should accept

responsibility for the security of deposits made at EFT

terminals from the time they are lodged. Where the claimed



deposits are not available for verification following

forceful removal of the ATM or other criminal act, it would

be a fair expectation that the financial institution should

require the depositor to reasonably substantiate the value of

the claim.

The Group notes and endorses the present practices employed

by financial institutions to verify amounts deposited in the

normal course of business. It also believes that where there

is a difference between the deposit determined by the

financial institutions and the deposit claimed by the

cardholder, the cardholder should be promptly advised.

(x) Networking arrangements

The Group has observed the widespread development of network

sharing arrangements between card-issuers and notes that this

will become increasingly common particularly with the

expansion of EFTPOS systems on a national basis. The Group's

recommendation in relation to shared networks is designed to

ensure that card-issuers do not seek to avoid liability to

their cardholders for losses arising from transactions

involving EFT terminals or systems which are owned by another

organisation. As between the cardholder and the card-issuer,

the latter should accept responsibility for the effective

performance of the transaction; allocation of losses between

card-issuers sharing a network should be the subject of

agreement between them and should in no way impinge on the

cardholder 1s rights.


In its earlier Report the Group examined a number of issues

separate from the contractual relationship between the

card-issuer and cardholder but which nonetheless are of . J - -J L '


importance in the overall relationship between the two. Over

the intervening months some relevant developments have

occurred on which the Group would wish to comment. Brief

comment is also offered on the work of other organisations

examining EFT matters.

(i) Consumer Education

In its initial Report, the Working Group discussed the need

for improved consumer education which it believed was in the

long term interests of both consumers and financial

institutions. The Group identified areas where improvement

was considered necessary, and recommended liaison between the

various interested parties to devise and implement

appropriate consumer education programs.

The Group reiterates the view expressed in its earlier Report

that financial institutions should accept the principal onus

to provide adequate consumer information. The Australian

Bankers Association has recently indicated that consumer

education issues will be pursued by that Association. The

Australian Association of Permanent Building Societies has

also expressed a willingness on behalf of its members to

participate in education efforts. We are also aware that

with the release of its revised Terms and Conditions, the

credit union industry is also proposing to issue a Statement

of Cardholder Rights and Obligations (a brief "plain English"

pamphlet to improve consumer awareness). Some individual

banks are also proposing to issue pamphlets highlighting key

issues on cardholders' rights and obligations.

While the Group appreciates that it has been difficult for

financial institutions to implement education efforts while

the uncertainty associated with the different approaches of

the two levels of Government remained , the Group considers

the financial institutions response to date in formulating


education programs has been limited and now looks to them to

move expeditiously in this area. In addition, the Group

proposes that relevant government agencies also take

initiatives to suggest methods and approaches which will

bring about a more satisfactory situation in the market

place. Such initiatives should facilitate coordination of

effort, reduce the prospects of duplication, and identify the

best contribution each interested party could make.

(ii) Security

The Standards Association of Australia (SAA) has been

developing a set of technical standards covering EFT

systems. Much of the content of these standards has to do

with security. The standards are in eight parts, five of

which have been published. Two further parts, together with

a revision of one of the earlier parts, are close to

publication whilst work is continuing on the remaining one.

The Group notes that the Australian Payments System Council

(APSC) is examining security aspects of EFTPOS systems and in

the process keeps in touch with the work of the SAA.

The Group reiterates its view that the security of electronic

payments systems is a vital aspect of community acceptance of

such services and, as such, of confidence in the payments

system more generally. We believe it is encumbent on all

financial institutions to ensure that the systems they employ

embrace entirely adequate security features. As we noted in

our earlier Report, fraud with EFT systems seems to be a

major problem overseas. This reinforces our view of the need

to ensure adequate security of EFT systems in Australia.

(iii) Privacy

In its earlier Report, the Group noted concerns expressed by

consumer groups in regard to the privacy aspects of EFT


systems. The Group expressed the view that privacy matters

needed to be addressed in the broader context of developing

appropriate protections for the community in regard to all

computerised and centralised data records. The States'

Guidelines proposed certain principles regarding privacy to

apply to all financial institutions offering EFT services and

noted that privacy was an area where legislation may

eventually be needed.

The Group notes that concerns regarding privacy are as likely

to relate to the account generally as they are to the means

by which an account is accessed. That said, the Group

acknowledges that privacy in relation to EFT systems is an

issue of concern to consumer organisations and particularly

in regard to EFTPOS terminals where payment instructions are

initiated at a retail outlet and the message has to be

electronically transmitted to the account holding

institution. Given the prospectively broad spread of EFTPOS

in retail delivery systems and the increased scope for the

infringement of consumer privacy, the Group has included in

the recommended procedures some general principles which

should be followed by card-issuers in this area of their

relationship with their cardholders.

(iv) Report by the Australian Science and Technology

Council (ASTEC).

In May 1986, ASTEC submitted a report to the Prime Minister

entitled 1 Towards A Cashless Society?1 which was prepared by

the Technological Change Committee. The Report deals with

EFT, and EFTPOS in particular, and is concerned with consumer

protection, privacy matters and industrial relations issues

arising from the changes caused by EFT to the payments

system. It thus has a broader scope than the terms of

reference of this Working Group.


The Group has noted the ASTEC Report, and is aware that the

Prime Minister has arranged for other relevant Commonwealth

Ministers to examine the document prior to a comprehensive

response being considered. In the: light of that procedure

for dealing with the report, the Group confines its comments

to noting that the ASTEC Report addresses a number of matters

which were contained in the Group's first report, and that

the two documents come to some similar conclusions. It notes

also that ASTEC considers that some of the measures

originally suggested by the Working Group could be

strengthened. We believe the recommendations now included in

this Report adequately address those matters raised by the

ASTEC which fall within the Terms of Reference of the Group.

(v) National Consumer Affairs Advisory Council (NCAAC)

The Group's first Report and the draft State Guidelines have

been examined by the Commonwealth National Consumer Affairs

Advisory Council which has maintained a strong interest in

EFT since the late 1970's.

After discussing these two documents, the NCAAC decided to

convene a workshop on EFT in May 1986 to foster discussion on

consumer implications and to better inform itself of

developments prior to formulating further advice to the

Attorney-General. The workshop was attended by

representatives of financial institutions, consumer and

welfare groups, consumer affairs agencies, the Reserve Bank

and the Working Group, and was regarded as valuable by those

attending. The Group is aware that the NCAAC has decided

subsequently to send a further letter of advice to the

Attorney-General but the Group has not seen,and therefore

cannot comment on, that advice.



The follow-up procedures recommended by the Group in its

earlier Report involved the reconvening of the Group within

six months of the release of the Report to advise Ministers

on progress with proposals and the assessment within two

years of the need for a further examination of EFT

developments. When announcing the Government's decision on

the Report,the Treasurer also indicated that the Group would

be available to assist industry in the development of its

proposals. These proposals are wide ranging in nature,

complex in some areas, and affect a large number of

institutions some of which have many employees.

Time will be needed to bring about the desired change even

with a strong commitment by management of the organisations


As mentioned elsewhere in this Report, the Group believes

that progress to date in implementing its proposals has been

uneven. In some areas, eg Terms and Conditions, considerable

advances are being made, but in other areas, eg staff

training and consumer education, institutions need to further

develop their approaches. In order to ensure that the

recommended procedures are effectively translated into

practice, the Group believes that some monitoring of

implementation and adherence to agreed reforms would be


This monitoring should be performed principally by the

financial institutions themselves. Agreement by senior

management of financial institutions to the the Group's

proposals counts for little if the staff dealing directly

with the public do not perform as intended. It would seem

consistent with normal management techniques for some

checking on performance to be undertaken.


cardholder liability for unauthorised transactions. As well,

aspects of the States' Guidelines have been implemented.

Institutions have also indicated a preparedness to change a

number of practices associated with the provision of their

EFT services, particularly to ensure cardholders are better

informed of their rights and obligations. However, more

effort is needed by financial institutions on some matters

such as dispute resolution and consumer education programs.

The Group has sought to formalise its recommendations as a

set of recommended procedures to govern the relationship

between the users and providers of EFT systems. These are

attached. We view the recommended procedures as a statement

of principles for application on a national basis, defining

the minimum standards under which the relationship between

card-issuers and cardholders should be conducted. We

recommend them to Commonwealth, State and Territory

Governments and to industry and consumers as being a sound

basis for the orderly and equitable conduct of relations

between institutions and cardholders. Following discussions

with institutions, we believe that these standards should be

regarded as fair and equitable to them and, similarly, that

they should provide a basis for the reasonable protection of

cardholders' interests.

We would expect that card-issuers would move quickly to give

effect to the recommended procedures and to translate them

into their Terms and Conditions (and accompanying

documentation as appropriate) and into their institutional

practices (particularly in respect of dispute settlement

procedures). The Group proposes that it remain in existence

as presently constituted so as to provide assistance to

financial institutions and other interested parties in

facilitating the implementation of these recommendations.


The Group believes therefore that:

(1) financial institutions should be asked to advise

Government what steps they propose to ensure

compliance with the recommended procedures;

(2) the Group maintain an advisory role to industry and

periodically assess progress in the implementation

of its recommendations;

(3) State/Territory Governments continue to monitor

adherence by financial institutions to agreed



As noted earlier, in this further phase of its work, the

Group has been undertaking two major tasks. It has sought to

assess the progress financial institutions have achieved in

implementing the recommendations of its earlier Report and,in

pursuit of the goal of harmonising the approach of the

Commonwealth Government with that of the States,the Group has

also sought to amend and clarify certain points and to add to

the views expressed in its earlier Report.

The Group notes that financial institutions or their industry

associations have now reacted favourably to the major

elements included in the Group's earlier Report; it notes

the willingness amongst financial institutions to implement

changes which better recognise the position of cardholders.

Many have brought forward drafts of new EFT Terms and

Conditions with amendments reflecting the Group's earlier

recommendations, particularly J.n the important area of




(1) Coverage

1.1 These Recommended Procedures apply to transactions

intended to be initiated by an individual through an

electronic terminal by the combined use of an EFT

plastic card and a personal identification number (PIN).

(2) Availability and Disclosure of the Terms and Conditions

of Use applicable to EFT transactions

2.1 Card-issuers should issue clear and unambiguous Terms

and Conditions of Use; in particular, the clauses whidh

deal with the cardholder's liabilities and

responsibilities should be clearly and simply stated and

highlighted in the text.

2.2 Card-isSuers should encourage their cardholders to read

and to be aware of the EFT Terms and Conditions; Copies

should be readily available at all their branches,

particularly when applications for EFT facilities are

made by prospective cardholders. Card-issuers should

provide a copy of the Terms and Conditions:

(i) on request; or

(ii) with the notice of acceptance of the application

for a card, or with the card/PIN, whichever is



The Group also recalls its earlier recommendation that there

be an examination within two years to assess the impact of

its proposals on the balance of the rights and obligations of

the users and providers of EFT systems and whether or not

more formal arrangements are required. With that in mind,

the Group believes it would be appropriate for it and the

State/Territory Government agencies to monitor financial

institutions' continued adherence to the recommended

procedures in the period prior to that examination. Of

course, it is the financial institutions themselves which

must ensure that the recommended procedures are translated

into practices which apply throughout their organisations.

We would expect institutions, particularly large

institutions, to employ the necessary steps to bring about

compliance; it would seem consistent with normal management

techniques for institutions to undertake some checking of

their own performance.

As with its earlier Report, the Group recommends that this

Report be made public at an appropriate time by Commonwealth

and State Ministers in order that its analysis and

recommendations are well understood by the financial

institutions and the community more generally.

( ϋ )

2.3 Before an EFT card is first used the cardholder should

have received documentation on: . .

(i) any charges for the issue or use of an EFT card

and P I N , separate from activity or other charges

applying to the account generally;

(ii) the nature of any restrictions imposed by the

card-issuer on the use of the EFT card (including

withdrawal and transaction limits) and an

indication that merchants or other institutions

may impose additional restrictions;

(iii) a description of the types of transactions that

may be made, and of the accounts that may be

accessed, with the EFT card;

(iv) a description of any credit facility which may be

accessed by the cardholder through an electronic


(v) the procedure for reporting the loss or theft of

an EFT card (including the telephone number for

reporting lost or stolen EFT cards outside of

normal business hours); and

(vi) the means to activate error/dispute resolution

processes (including the procedure for querying

entries on a periodic statement).


(3) Changing the Terms and Conditions of Use

3.1 Card-issuers wishing to vary or modify the EFT Terms and

Conditions to:

(i) impose or increase charges relating solely to the

use of an EFT card and PIN, or the issue of an

additional or replacement card,

(ii) increase a cardholder's liability for losses

relating to EFT transactions (subject to the

liability limits established elsewhere in these

Recommended Procedures), or

(iii) adjust the periodic transaction limits applying to

the use of an EFT card,

should provide written notification to the cardholder,

and allow a period of notice of at least 30 days before

the change takes effect.

3.2 Card-issuers should advise other changes in advance


(i) notices on, or w ith, periodic account statements;

(ii) notices on EFT terminals or in branches; and

(iii) press advertisements.

Where (ii) and (iii) are used, subsequent written advice

should be provided to customers at the time of their

next account statement.



3.3 Advance notice need not be given when changes are

necessitated by an immediate need to restore or maintain

the security of the system or individual accounts.

3.4 Card-issuers should issue, if there were sufficient

changes in a 12 month period to so warrant, a single

document providing a consolidation of variations made to

the Terms and Conditions over that period.

(4) Paper Records of EFT Transactions

(A) Receipts at electronic terminals

4.1 At the time of an EFT transaction, a receipt should be

issued containing all of the following information:

(i) the amount of the transaction;

(ii) the date of the transaction, and where possible,

the time of the transaction;

(iii) the type of transaction eg, 'deposit',

'withdrawal', 'transfer', (codes may be used only

if they are explained on the receipt);

(iv) an indication of the account (s) being debited or


(v) data that enable the card-issuer to identify the

customer and the transaction;

(vi) the general location of the terminal used to make

the transaction or a number or code that enables

that terminal to be identified;

«* -l V


(vii) in the case of an EFTPOS terminal receipt, the

name of the merchant to whom payment was made; and

(viii) in the case of accounts accessed at an ATM,

the balance of the account where possible.

(B) Periodic statements

4.2 For an account, other than a passbook account, to or

from which EFT transactions can be made, the account

holding institution should provide a record of account

activity at least every 6 months. Cardholders should

also be offered the option of receiving more frequent

periodic statements. That option should be given

appropriate publicity at the time the account is

opened. As well, statements should be available at the

request of the cardholder.

4.3 The statement should show:

(i) in respect of each EFT transaction occurring since

the previous statement -

- the amount of the transaction;

- the date the transaction was debited or

credited to the account;

- the type of transaction;

- the receipt number, or other means, which

will enable the account entry to be

reconciled with a transaction receipt);

V » -

(ii) any charges relating solely to the use of an EFT

card and PI N (identified as a separate i t e m ) ; and

(iii) the address or telephone number to be used for

e nquiries c oncerning the account or to report any

errors in the statement.

4.4 A c c ou nt -h ol di ng institutions should suggest to

Cardholders that all entries on statements be checked

and any a pp ar en t error or possible unauthorised

tr ansaction be p ro mp tl y reported to the i n s t i t u t i o n .

This s uggestion should be contained on the account

statement. For the present, (and subject to further

ex am in at io n as necessary) institutions should not seek

to restrict or d en y c ardholders their rights to make

. claims or to a t t em pt to impose time limits on

c ar dholders to det ec t errors or unauthorised

t r a n s a c t i o n s .

(5) L ia bi li ty for U na ut horised Transactions


5.1 This Section d eals with l iability for transactions which

are not autho ri se d by the cardholder. It does not a pply

to any transaction carr ie d out by the cardholder or by

anyone p erforming a tr ansaction with the cardholder's

knowledge and/or consent. '

5.2 C a rd ho ld er s should not be responsible for losses that

are caused by the fraudulent or neg li ge nt cond uc t of

emp loyees of the financial institution or of merchants

who are linked to the EFT s ys t e m or of their agents or



5.3 Cardholders should not be responsible for losses

relating to cards that are forged, faulty, expired, or


5.4 Cardholders should not be responsible for losses

occurring before they have received their card and/or

PIN. In any dispute about the receipt of a card and/or

PIN which was sent to a cardholder by mail, the card

. issuer should not rely only on proof of delivery to the

cardholders correct address as proof that the card was

received by that person. Nor should the institutions

have any term in the Terms and Conditions of Use which

deems a card or PIN sent to the cardholder at that

persons correct address to have been received by the

cardholder within a certain time after posting.

5.5 Cardholders' liability for unauthorised use of an EFT

card should not exceed the lesser of: -

(i) $50 (or such lower figure as may be determined by

the financial institution); or

(ii) the balance of the cardholder 1s account(s)

(including any prearranged credit); or

(iii) the actual loss at the time the financial

institution is notified of the loss or theft of

the card;


Except where: .

(a) a cardholder has contributed to the loss caused by

the unauthorised use of an EFT card by voluntarily

disclosing the PIN; by indicating the PIN on the.

card; or by keeping a record of the PIN (without

making any reasonable attempt to disguise the PIN)

with any article carried with the card or liable

to loss or theft simultaneously with the card,

in which case the cardholder's liability for the

loss should not exceed the lesser of;-

(i) the. actual loss at the time the financial

institution is notified of the loss or theft

of the card; or

(ii) the maximum amount the cardholder would have

. been entitled to access over the relevant

period prior to notification of the loss of

theft of the card calculated in accordance

with the periodic transaction limit

applicable to that cardholder's card or

account (s); or

(iii) the balance of the account (s) (including any

prearranged credit).


(b) a cardholder has contributed to the loss caused by

the unauthorised use by unreasonably delaying

notification of (i) the misuse of their card;

(ii) that the PIN has become known to someone

else; or (iii) the loss or theft of the card, ·:· « * -


in which case the cardholder should be liable for

the actual losses, which could otherwise have been

. prevented from occurring, in the period between

when the cardholder became aware of the events I ,

! described above (or should reasonably have become

: aware in the case of (iii)) and when the

card-issuer was actually notified, subject to the

lesser of the following limits:

(i) the maximum amount the cardholder would have

been entitled to access over the relevant

period calculated in accordance with the

periodic transaction limit applicable to

that cardholder's card or account (s); or

(ii) the balance of the account(s) (including any

prearranged credit).

5.6 Card-issuers should provide an effective and convenient

means by which cardholders can notify a lost or stolen

card? facilities such as telephone hot-lines should be

available to cardholders at all times.

(6) Liability in Cases of Technical Malfunction

6.1 Card-issuers should be responsible to their cardholders

for loss caused by the failure of any EFT equipment to

complete a transaction accepted by a terminal in

accordance with the cardholder's instructions.

6.2 The card-issuer should not, implicitly or explicitly,

deny a right to the cardholder to make claims for

consequential damage which may arise as a result of a

technical malfunction , however caused,

v i V


Except where:

the cardholder should have been aware that the

system or equipment was unavailable for use or

malfunctioning, the card-issuer's responsibilities

may be limited to the correction of any errors in

the cardholder's account, and the refund of any

charges or fees imposed on the cardholder as a

, result.

(7) Error/Dispute Resolution Procedures

7.1 Card-issuers should establish appropriate procedures to

investigate transactions which are disputed by their

cardholders. They should establish arrangements to

ensure that disputed transactions are recorded at a

central location. Data should be available on the type

and frequency of disputed transactions.

7.2 Card-issuers should provide advice in their

documentation on the means to activate the card-issuer's

dispute resolution processes.

7.3 If the cardholder formally requests the activation of

the dispute resolution processes they should be informed

of all major stages in these processes and the length of

time each stage is likely to take (preferably in


7.4 Where, as a result of the investigation of a complaint,

a card-issuer discovers that an error has been made

(whether it was the error complained of or not), the

card-issuer should forthwith correct that error

(including appropriate adjustments for interest and or

charges) and notify the cardholder of the amount with

which their account has been debited or credited as a


■'ψ. ■ .


·.) ,

•· %

7.5 W h e r e , as a r es u l t of an investigation of a complaint, a

f inancial instit ut io n concludes that no error has

o ccurred, it s h o u l d promp tl y advise the cardholder

a c c o r d i n g l y and should supply, at the r e q ue st of the

c ar d holder, cop ie s of any m a t erial on w hich the finding

was b as ed respecting, as necessary, s ec urity

c o n s i d e r a t i o n s and the c onf id en ti al it y of other records.

7.6 W h er e a c a rd ho ld er who complains of an error is not

s a t i s f i e d w ith the results of the c a r d - i s s u e r ’s

i n ve s ti ga ti on of the matter, that cardholder should be

a d v i s e d that further external avenues of dispute

r e s o l u t i o n exist, including Consumer A f f a i r s Depart me nt s

a nd S mall C la i m s Tribunals.

(8) D e po s i t s at e l ec tr on ic terminals

(A) D i s c r e p a n c i e s b e t w e e n re corded d ep osits and amounts

r e c e i v e d

8.1 Where, in r el a t i o n to a d e p os it of funds at an

e l e c t r o n i c terminal, there is a d is c r e p a n c y betw ee n the

a mo u nt r ec o r d e d as having been d e p o si te d and the amount

r e co r de d as ha vi ng been received, the cardholder should

be n o t i f i e d of the d i f fe re nc e as soon as p os si bl e and

s ho u ld be a d v is ed of the actual amount w h i c h has been

c r ed i t e d to the n o m i na te d account.

(B) S e cu r i t y of d ep o s i t s at e lectronic terminals

8.2 T he s ec ur it y of d ep os it s received at e l ec tr on ic

t e rm in als is the r e s p o ns ib il it y of the financial

i ns ti tution r e c e iv in g the deposit from the time the

t ra n sa ct io n at the elec tr on ic terminal is c ompleted

(subject to v e r i f i c a t i o n of amount(s) deposited). < λ 5 0.


(9) Networking arrangements

9.1 Card-issuers may not avoid any obligations owed to their

cardholders by reason only of the fact that they are

party to a shared EFT system, and that another party to

| the system has actually caused the failure to meet the

I obligations.

(10) Audit-trails

10.1 Card-issuers should ensure that their electronic funds

transfer systems generate sufficient records to enable

transactions to be traced, checked and where an error

has occurred, to be identified and corrected.

(11) Privacy

11.1 Card-issuers should be guided by the following

principles in respect of all EFT services they offer and

in respect of all accounts from which EFT transactions

can be made:

(a) customer records should be treated in the

strictest confidence;

(b) no person other than an employee or agent of the

financial institution which maintains the account,

and the customer or any person authorised by the

customer should have access through any electronic

terminal to information concerning the customer's



< . · ' ^

(c) except where it is being operated by an employee

or agent of the financial institution concerned,

no electronic terminal should be capable of

providing any information concerning a customer's

account unless the request for information is

preceded by the entry of the correct card/PIN

combination for that account; and

(d) except where it is provided pursuant to a legal

duty or responsibility, no information concerning

the use of EFT services by a customer should be

provided by any financial institution, except with

the consent of that customer.