Mohammed Khaoula, 33, has been trying to recover thousands of dollars of his money fraudulently spent on dubious overseas businesses, grocery store gift vouchers and food delivery orders.

The bus driver, a dad-of-one and with another on the way, noticed in May last year that someone was making purchases on his debit card – and it wasn’t him.

But when Mr Khaoula reported it to the Commonwealth Bank, he was gobsmacked.

The bank said it couldn’t stop spending transactions and they would have to wait for up to 10 days for the purchases to go through before they could begin recovering his funds.

Then, the bank concluded the transactions weren’t fraudulent at all.

“The bank has accused me of basically being a fraudster, it was shocking,” Mr Khaoula told news.com.au

Mr Khaoula is lending his support to news.com.au’s campaign People Before Profit, calling on the federal government to make it mandatory for banks to compensate scam victims – just like in the UK.

In October last year, the UK introduced world leading legislation making compensation mandatory for scam victims within five business days unless in cases of gross negligence.

IT’S TIME BANKS PUT PEOPLE BEFORE PROFIT. SIGN THE PETITION HERE.

The scammers had opened a DoorDash account in Mr Khaoula’s name and racked up more than $200 for Subway, Hungry Jacks, Gongcha and Krispy Kreme purchases.

Hundreds of dollars had also been spent on Coles Online orders.

The young dad was baffled, as he hadn’t set up an account with either platform.

That was when he went through his bank account and realised it had to be a scam.

“It was coming up with interstate transactions,” the Sydneysider said.

The DoorDash orders were from Melbourne branches while the grocery delivery was for Forest Lake, a suburb in Brisbane, and Hawthorne East, a Melbourne suburb.

And in a creepy twist, the dad believes the scammer must have physically gone into Westfield Parramatta and withdrawn $400 worth of gift cards from Coles, before taking another $1800 in Woolworths gift vouchers.

Later, he asked both grocery chains if they had any CCTV but they said it had expired.

He was also told they were supposed to get a manager’s approval for that amount of gift cards – but this wasn’t done.

Bizarrely, the scammers also managed to transfer $5000 out of Mr Khaoula’s Commonwealth Bank account to an overseas company called Denmark Trading Gernany, which looked like a typo. When he researched the company further, he believes he has traced it to India.

This caused him to be more fearful, as they seem to have gone from having his card details to having full access to his Netbank account.

At the same time, Mr Khaoula realised that his card was also being used to make a number of ZipPay purchases, a buy now pay later platform.

He immediately contact ZipPay and using the codes that appeared in his bank account, was able to lodge a complaint.

ZipPay ended up reimbursing him in full, concluding these had been fraudulent transactions.

However, the response from the Commonwealth Bank was markedly different.

He was forced to watch his money drain from his account over several days before the bank could even attempt to save it.

“Some card transactions may appear as pending on your account until the payment is fully processed by the merchant,” the bank wrote to him.

“Generally this takes about 3-5 days but can take up to 10 days.

“We will start investigating your dispute once the transactions are no longer pending.”

Mr Khaoula’s card was not stolen so he believes it was physically cloned, allowing the scammers to make all their purchases.

He also believes something weird was happening to his devices, as he saw security notifications appearing on his phone, but before he could click on them they would disappear.

Then things took another turn. Impatient to find out more about how recovery efforts were going, he went into a bank branch where he claims a teller accused him of looking up X-rated material which is how his account got compromised.

The dad said it was a “disgusting” accusation and totally untrue.

The bank then concluded he had made the purchases and transfers himself, saying they had traced the transfers to his own IP address and he must have given away his code.

They refused to refund him.

“They claimed it was the IP address of my internet. It means nothing, the first thing the fraudster will do is spoof it,” he said.

Mr Khaoula paid $158 to IT experts to go through his devices but they couldn’t find any malware.

More Coverage

Why other nations are laughing at Australia

Sarah Sharples and Alex Turner-Cohen

Disturbing way scammers spend your money

Alex Turner-Cohen

In the months since the hack, he has been locked in a war with the Commonwealth Bank and has taken his matter to the Australian Financial Complaints Authority (AFCA).

In a statement to news.com.au, the Commonwealth Bank said it was participating in the AFCA process and couldn’t comment further as a result.

alex.turner-cohen@news.com.au