NewsBite

Sydney man has $50k drained from ANZ bank account in just four minutes

The Sydneysider was shocked to uncover his bank account had been drained and has been battling the bank ever since.

Hackers always ‘two steps ahead’ of Australia’s cybersecurity authorities

A man from Sydney has been engaged in a battle with his bank for more than 15 months after he discovered that $50,000 had been emptied from his account.

Sam, who did not want his surname used, had set the money aside for “emergency circumstances” after accumulating the money over years.

Paul, his son-in-law, said he opened the savings account with ANZ and had only ever deposited $10 a month into it – never making a withdrawal.

“He put in $10 a month like clockwork as the terms or conditions were he must deposit $10 to get bonus interest and must not withdraw any money,” he said.

But in August 2021 in just the space of minutes, Sam’s account had almost $50,000 drained from it.

“Four minutes is all it took. It happened through BPAY and you can’t limit withdrawals so it’s up to $75,000 – it’s a fraudster’s paradise,” Paul said.

Have a similar story? Continue the conversation | sarah.sharples@news.com.au

His statement showed a dramatic drop in his savings. Picture: Supplied
His statement showed a dramatic drop in his savings. Picture: Supplied

The first transaction to the new biller saw $19,900 stolen, while the second drained another $19,898 and the third saw $9899 moved out of his ANZ account.

But Sam, who is now aged 88, was in hospital with pneumonia at the time and didn’t realise his money had been stolen until October

“When he got out of hospital in October, he logged in and he just saw that what used to be $58,000 was gone and they left him with $8000 – I don’t know why – and as soon as he saw that he went off to a bank branch and reported it,” Paul said.

The discovery left Sam feeling distressed.

“He was quite shocked it happened to him and I think his words were ‘I thought ANZ were looking after and protecting my money’ … He was still ill too as well as he was suffering the after effects of pneumonia,” he said.

Sam has been an ANZ customer for 30 years. Picture: NCA NewsWire / David Geraghty
Sam has been an ANZ customer for 30 years. Picture: NCA NewsWire / David Geraghty

Paul added that his father-in-law had been banking with ANZ for 30 years.

“This was so far out of his pattern you wonder how any security system could not pick it up?”, he added.

“You could also see 12 separate log ins to his account over 12 hour period which ANZ didn’t detect and didn’t think was unusual.”

He added the transactions were made to a Westpac visa card but that is all they know.

“He was asked 15 times in phone calls if he revealed his log in information and every time he said ‘no’ to the point he was getting frustrated with them,” he said.

“Yet, ANZ refuse to reimburse his loss, saying that he contributed to the loss.”

He said Sam was told that the transactions had been authenticated through security questions and there were no failed attempts to answer them.

Paul added many of the answers to security questions like a mother’s maiden name or address could be discovered via simple searches such as ancestory.com and the electoral roll.

The Sydney man's statement shows his account was emptied of huge sums. Picture: Supplied
The Sydney man's statement shows his account was emptied of huge sums. Picture: Supplied

Meanwhile, security questions were phased out of use by the ANZ from December 2021 which was unfortunately four months too late for Sam, according to Paul.

“They later got rid of security questions to authenticate questions as they realised it’s a flaw,” he said.

“But they have refused to tell us what the security questions were. They are implying the security questions answers were written down somewhere but that's not the case.

“We can’t hazard a guess as they won’t even tell us what they are … so we are unable to put forward a plausible theory of what took place.”

He said it had been a “long and distressing” process for his 88-year-old father-in-law as he was told there was no chance of recovery of his money with the funds already used by the time the theft was reported.

Sam was also told he was responsible for the hack – as in an initial phone call while still unwell he said he may have downloaded software from a caller claiming to be from Telstra.

ANZ deemed he was the victim of a remote access crime, yet Sam later denied he had downloaded any software and said he had not disclosed his banking log on details or kept his password stored on his computer.

Sam had worked until he was 80-year-old as part of accumulating the money. Picture: Supplied
Sam had worked until he was 80-year-old as part of accumulating the money. Picture: Supplied

In an email from ANZ dated November 11, 2021 he was told: “Upon review of the information available to us we have determined that the transaction(s) were authorised and/or performed with your knowledge and as such we are unfortunately not able to reimburse,” it said.

But Paul said it has been stressful for the elderly man.

“The stressful thing is just the way that the ANZ bank disavow themselves of all responsibility,” he said.

“Anyone can see there are three dodgy transactions were done within a four minute window and you would think any half decent bank security system would be able to pick it up but their perspective is they are under no obligation to monitor transactions in your account and I think people would be surprised by that.

“He’s been quite stressed through it all, he is an 88-year-old man now and he can’t understand why ANZ isn’t taking responsibility for what are blatantly fraudulent transactions leaving his account.

“It was his buffer of available funds in case of emergency of any description. He just didn’t touch it and left it there in case something went wrong with his family, either his daughter or son.

“He has been worn down by it, it takes its toll.”

A case with AFCA has been lodged against ANZ. Picture: NCA NewsWire / David Crosling
A case with AFCA has been lodged against ANZ. Picture: NCA NewsWire / David Crosling

Sam has lodged a complaint with an external dispute resolution scheme called the Australian Financial Complaints Authority (AFCA).

However, it found in favour of ANZ and said the bank had “proven that it is more likely than not that (Sam) breached the passcode security requirements”.

Sam has now appealed the ruling, however, he was offered $2500 compensation for his “poor customer service experience” – a sum he has rejected.

“The telephone recordings provided by the bank show that there were times where (Sam) was spoken to abruptly, rudely and without the sensitivity or compassion you would expect for someone of (Sam’s) age or in (Sam’s) circumstance,” found the AFCA ruling.

But AFCA said that the bank isn’t responsible to return the stolen $50,000 noting “the transactions did not raise any red flags that required the bank to take steps to try to prevent the losses, nor was it on notice of a scam or fraud.

“It was therefore reasonable for the bank to accept and act on the directions to transfer the funds. The bank did not make an error or breach any relevant obligation by correctly processing the transactions.”

ANZ said it will reimburse customers for any unauthorised transactions on their account, provided they didn’t contribute to the loss. Picture: Supplied
ANZ said it will reimburse customers for any unauthorised transactions on their account, provided they didn’t contribute to the loss. Picture: Supplied

An ANZ spokesperson said it does not comment on individual customers.

“ANZ cooperates with all AFCA investigations and will comply with decisions of the independent AFCA Ombudsman,” they said.

“ANZ has a number of layers of security controls in place to protect our customers, including our ANZ Falcon fraud monitoring technology, one-time passcodes, and voice biometrics. We have also previously utilised challenge questions which only the customer will know how to answer.

“We will reimburse our customers for any unauthorised transactions on their account, provided they didn’t contribute to the loss and they report any unauthorised transactions as soon as they suspect something suspicious or unusual has occurred.”

Paul believes the banks need to do better. Picture: NCA NewsWire / David Swift
Paul believes the banks need to do better. Picture: NCA NewsWire / David Swift

But Paul believes that both the banks and AFCA are “overwhelmed” with the amount of scam claims the organisations are facing.

“I think the banks generally, and this part applies to ANZ in particular, need to monitor customer’s bank accounts as they know how rampant fraud is and they say an algorithm does it but it isn’t good enough to pick up these transactions,” he added.

“It must be the dumbest security system that exists. The scammers are four steps ahead of the banks and it terrifies me.”

ANZ and the other banks have increased their bottom lines by hundreds of millions by closing branches and moving customers online, he added.

“It is disappointing though not surprising that banks aren’t supporting their customers against internet fraud,” he added.

Read related topics:Sydney

Original URL: https://www.news.com.au/finance/business/banking/sydney-man-has-50k-drained-from-anz-bank-account-in-just-four-minutes/news-story/83aa73283fc1c54696008d4028e7723c