You logged into your bank account with a virus-infected phone. The personal identification number (PIN) on your debit card is your date of birth. You responded to an email asking for personal information and were subsequently defrauded.
And your tablet is not protected by a lock code.
Many consumers and businesses don’t know it, but these four reasons, and hundreds of others recorded in long pages of “terms of use” consulted by The Presscan be invoked by financial institutions to refuse compensation if you were to be the victim of fraud.
And it’s not just theoretical: numerous cases, from small claims to the Superior Court, report “breaches” accused of consumers who claimed to be victims of fraud (see other tab “Is it your fault?”) . These often include accusations of negligence in maintaining a debit card, failure to protect the PIN, and behavior more vaguely deemed “reckless.”
Online services and complexity
The picture is not complete: it is estimated that a large proportion of disputes are resolved outside of court, in particular with an ombudsman. The case law, for its part, is nuanced: the courts sometimes agree with the consumer, sometimes with the financial institution.
“It will obviously depend on the context and the person,” summarizes Nicolas Vermeys, professor and specialist in information security at the faculty of law at the University of Montreal. As a general rule, the consumer can be compensated if he can demonstrate that he was not negligent. The consumer must prove that he or she is a “reasonably prudent and diligent person.”
Conversely, the financial institution will report behavior that it considers imprudent and which contravenes the conditions of use of its services.
“The case law has been fairly consistent in this regard for several years,” notes Professor Nicolas Vermeys.
For the debit card, the requirements are relatively simple. But things have become more complicated over the past twenty years with online banking services, recalls Alexandre Plourde, lawyer and analyst at the organization Option consommateurs. “These contracts now have all sorts of contractual obligations, which can be very broad in terms of consumer safety. »
PHOTO CATHERINE LEFEBVRE, ARCHIVES SPECIAL COLLABORATION
Alexandre Plourde, lawyer and analyst at the organization Option consommateurs
Some requirements
Mr. Plourde has examined some of these contracts and does not wish to single out any particular financial institution. “Honestly, it’s pretty much the same from one bank to another. There’s not that much of a difference: it may be worded differently, but it essentially amounts to the same thing. »
Many requirements of financial institutions concern IT security. Here are some terms of use listed by The Press. Remember that failure to respect one of these clauses can be presented as negligence.
Some conditions of use listed
- Do not lend, give or sell your debit card, and protect the confidentiality of the PIN.
- Collect your card and receipt as soon as a payment is made.
- Do not use a public computer, in an internet café or library.
- Use your own wireless connection, never a public wireless network.
- Delete any banking information before transferring or disposing of a phone or SIM card.
- Review account statements regularly and promptly report any irregularities.
- Install effective antivirus software.
According to profile
At Desjardins, we add a nuance: it is not enough to break a single rule to be considered reckless. “It’s case by case,” says spokesperson Jean-Benoit Turcotti. We could transpose in the field of insurance: if you leave your car with the doors unlocked, and you have been stolen, you have been negligent. I locked my doors, my contactless key was inside my home and thanks to technological tools, we intercepted the unlock code for my car… I don’t like the term “indulgence”, but it There will be a greater understanding of the situation by our fraud teams. »
PHOTO MARTIN CHAMBERLAND, THE PRESS
Valérie Parente, senior fraud prevention advisor at Desjardins
“We often say that the greatest threat to our own security is probably ourselves,” adds Valérie Parente, senior fraud prevention advisor at Desjardins. She gives two user profiles as an example. The first “protects his data, browses the web carefully, will ensure that all his transactions are legitimate, researches companies”. The second is “conquered by social networks, on which he will post photos and videos, will play online games, will chat with several people about his private life, his family, will give information”.
“Which profile is ultimately most likely to be the target of a fraudster? asks Mme Kinship. The second, obviously. This is an example taken to the extreme, but the message of prevention is there. You must take the necessary measures to protect yourself. »
Harmonization requested
For Simon Marchand, vice-president, products and risks, at the cybersecurity firm GeoComply, it is clear that in recent years we have been witnessing a “shift of responsibility to the consumer”. “It seems that, more and more, the banks are avoiding responsibility. They will use all the little excuses of their policy, which unfortunately very few people will take the trouble to read, to try to clear their way. »
PHOTO PROVIDED BY GEOCOMPLY
Simon Marchand, vice-president, products and risks, at cybersecurity firm GeoComply
Consumers are unaware of this trend, he notes, because they generally believe that their banking services benefit from the same protection as with credit cards. For these, the maximum amount for use that he did not authorize is $50, and financial institutions are known for their great understanding in reimbursing the victim.
No such limit exists for debit cards and online banking services, a situation long denounced by Option consommateurs.
“That’s the problem right now,” says Alexandre Plourde. We have been asking for decades to harmonize consumer protection in terms of payment, which would apply to all methods, for online services to provide uniform rules, protections as high as what we find for credit cards. »
Financial institutions have little interest in extending the protections offered for the use of credit cards, believes Nicolas Vermeys. “They repay credit cards quite easily, obviously, because the financial burden is on the merchant. It is then easy to cancel a transaction. »