The bank says it will not comment on specific customer matters but said it takes cyber security “very seriously” and has a range of measures in place to try to protect customers.

Julian Punch and Brian Doran were told by the Australian Financial Complaints Authority they had ruled in favour of Bendigo Bank and said the bank was not required to repay the $27,000 they were scammed.

“It is important customers take steps to protect themselves and do not share their passwords or allow someone they don’t know or trust to log in to their computer remotely, as it is extremely difficult to recover money that has been transferred to scammers,” the bank said.  

“Bendigo Bank attempts to recover funds lost to scams wherever possible and it goes without saying when the bank is at fault, we will reimburse customers for the loss of funds.   

“Cyber fraud is a complex, growing, and ongoing challenge that we all must work together to combat.

“Bendigo Bank continues to work with our financial sector peers, fintech companies, government, regulators, and law enforcement agencies to combat what is an organised criminal activity.”

The bank says in the financial year ended June 30, 2024 it stopped $34.4m in fraudulent transactions.

“The bank has tightened transaction rules blocking high-risk payments to cryptocurrency exchanges, removed all unexpected links from SMS messages and significantly increased the size of its fraud prevention and response team,” it said.   

“We encourage customers and community groups to enquire about our Banking Safely Online sessions at their nearest Bendigo Bank branch.  

Bendigo Bank says it will never ask for customer details, or request customers transfer money, download software or login via a link sent through email or SMS.

“If speaking to someone claiming to be from Bendigo Bank and unsure if the caller is legitimate, customers are urged to hang up and contact us directly on 1300 236 344.”   

Scammed thousands: ‘Constant hell for nine months’

A gay activist and former Catholic priest and his partner, who lost nearly $27,000 in a sophisticated online banking scam, have been told they will not get their money back.

In a report to Julian Punch and Brian Doran on Friday, the Australian Financial Complaints Authority ruled in favour of Bendigo Bank and said the bank was not required to repay the money.

Mr Punch, 86, said the scammers contacted him on his computer in February last year posing as Microsoft employees saying they were working with the Australian Federal Police to catch a Russian hacker.

“They were in our computers for two days and moved money around,” he said.

“Brian is prepared to swear on oath he didn’t give the scammers passwords.

“We were never keen on internet banking but the bank moved.

“The federal police were really good, they sent us a document saying, you should not blame yourself for this – it’s psychologically sophisticated and technically sophisticated.

“We’re devastated. I just feel sick.

“It’s been constant hell for nine months.

“We have been destroyed by the loss, and the psychological onslaught of the scammers.”

In four transactions over two days, the scammers took $28,500 from Mr Doran’s accounts including $1518 from his Commonwealth Bank credit card which the bank has refunded.

They also transferred money from the couple’s incorporated charity Rainbow Communities Tasmania Inc.

In the Financial Complaints Authority report dispute resolution specialist James Tilly said the bank did not dispute the transactions were likely unauthorised.

He said Mr Doran was liable for the disputed transactions “as the bank has shown that the complainant likely breached the passcode security requirements in clause 12 of the Code”.

“The events the complainant has described are unfortunate and I understand the complainant and his partner have suffered financial hardship due to reasons beyond control,” Mr Tilly said.

“However, it would be unfair to hold the bank liable for the scammer’s conduct in circumstances where the complainant contributed to his loss by breaching the passcode security provisions under the Code.

“I acknowledge the complainant will likely be disappointed with this outcome, however, the outcome is fair as the bank has not made an error.

“I sympathise with the complainant and Mr P who are understandably distressed to have lost a significant amount of money to a scam which negatively impacts on their financial position.”

Mr Punch, who helps support gay advocates in 75 countries, said he had switched banks and no longer did internet banking.

“It has limited my life options by a reduction of years given the life savings scammed,” he said.

“We are trying to see if the federal government is pursuing legislation and the British model of reimbursement of legitimate claims by scammed clients.”

Mr Punch said the federal police had assured the couple their identity would not be lost after being controlled for two days.

susan.bailey@news.com.au