UOKiK initiates proceedings against 6 banks over response to unauthorised transactions

The Office of Competition and Consumer Protection (UOKiK) has initiated six proceedings against Alior Bank, Bank Handlowy, Bank Ochrony Środowiska (BOŚ), Pekao, PKO Bank Polski and Plus Bank, the Office said. The allegations concern the banks' reactions when consumers report unauthorised transactions. They most often occur as a result of cyber attacks, e.g. fraudsters swindling e-banking and mobile banking passwords, transfer authorisation codes, card data.

By law, banks are obliged to refund the amount of the unauthorised transaction or restore the account to the state before the transaction occurred - by the end of the next business day after the notification. There are two exceptions: the consumer's notification occurred more than 13 months after the transaction or there is a reasonable suspicion of fraud on the part of the consumer, of which the bank has notified the police or the public prosecutor's office, it was stated.

"Banks do not always fulfil their obligation to return money to affected consumers. They refuse or give it back after the deadline. Misleading information given in response to complaints is also a problem. We have made further allegations against banks that do not settle with consumers when they report an unauthorised transaction and are misleading. Our action already concerns a total of 15 banks. I would like to remind you that we can impose a penalty of up to 10% of turnover on an entrepreneur for violating collective consumer interests," said UOKiK president Tomasz Chróstny.

To date, the Office has reported charges against 9 financial institutions (5 of which were reported in July 2022, 4 in November 2022).

In the latest six proceedings, the Authority is questioning:

- Failure to reimburse within D+ 1. According to the Payment Services Act, the bank should return the stolen amount to the consumer within D+1, i.e. by the end of the next business day after the unauthorised transaction is reported.
- Misleading responses to reports of money theft.
- Imposing a limit on the number of possible complaints and reducing the time for reporting them.

"The bank's obligation does not end with demonstrating the correctness of authentication when performing transactions. It is important for financial institutions to provide such security measures to limit the actions of fraudsters. A transaction is only authorised if its authentication has taken place with the knowledge and consent of the consumer. We are counting on the sector to align its actions with the law that has been in force for years - for the benefit of consumers," concluded the president of the OCCP.

Source: UOKiK and ISBnews