These case studies have been modified so as not to identify any actual cases at FIDReC. They are provided for purposes of learning and are not necessarily indicative of outcomes at FIDReC.
One day, David realised that there were many transactions on his credit card made through an OrangePay digital wallet. He did not make those transactions and complained to the Financial Institution (FI). He said that he was not aware his card had been added to OrangePay.
The FI explained that they sent SMS and email notifications to David when his card was added to OrangePay. These notifications were security alerts to inform the cardholder of the card being added to a digital wallet. Yet, David did not report the unauthorised card provisioning. It was only after the transactions occurred two weeks later that David first made his report. The FI further added that according to records from the telco, the SMS messages — a One-Time Password (OTP) to add David’s card to the wallet and the provisioning notification — were successfully sent to David’s registered mobile number.
Dissatisfied with the FI’s response, David came to FIDReC. During mediation, David recalled that on the day his card was added to the digital wallet, he had seen an advertisement for discounted canned drinks on social media. He clicked a link and paid $9.99 on a website using his credit card. The FI shared that the website could have been fraudulent and David’s card details and OTP might have been phished. This would allow a scammer to add David’s card to a digital wallet controlled by the scammer.
David stated that the FI should not have allowed the disputed transactions to go through. He felt that he had reported them quickly after receiving the transaction notifications. David also said that the FI should have flagged the transactions as suspicious. The FI explained that the disputed transactions were authorised transactions that were tokenised to a digital wallet. They were considered a secure payment mode and did not raise any red flags.
While the FI maintained that they had fulfilled their obligations, the FI representative also showed empathy to David. As a gesture of goodwill, and without admission of liability, the FI offered to cover 10% of the disputed amount. David accepted the offer. He acknowledged the importance of staying vigilant and checking the legitimacy of a website before entering his card details and OTP.
Key Leaning Points
Always carefully read SMS or email alerts from your FI. FI notification messages often contain vital information such as the purpose of an OTP or confirmation of a digital wallet addition. Ignoring or skimming through these messages without reading them in full can lead to missed warning signs of fraud.
Never enter your credit card details or OTPs on suspicious websites. OTPs are security tools intended to authenticate specific actions. Entering them into a fraudulent site hands control to scammers.
Report suspicious activity immediately. Timely reporting of unauthorised adding of a credit card to a digital wallet or another account changes can prevent further losses.
Maintain up-to-date contact information with your FI. Ensure your registered phone number and email address are current so you can receive real-time alerts and act on them properly.
Click here to access more case studies.