I am looking for:

Tags

Law Current to: June 30, 2025

Identity theft & unauthorised transactions

An unauthorised transaction is one that a client didn’t perform or didn’t agree to someone else performing for the client. An unauthorised transaction is different to a mistaken transaction, which is when a client pays the wrong person or company using the wrong bank details.

It is important to remember that:

  • transactions can take days to show up in the client’s account; and
  • the name of the shop or restaurant might not match the name on the client’s bank statement (check the business and trading names online).

If there has been an unauthorised transaction on a client’s account, the client should report this transaction to their bank or credit union as soon as possible. Banks or credit unions can consider any unreasonable delay in reporting when deciding the client’s responsibility for the loss.

A client may be able to get their money back from an unauthorised transaction if:

  • there was fraud or negligence by an employee or agent of a bank or credit union, or another third party;
  • a forged, expired, faulty or cancelled PIN/password or card was used;
  • the transaction took place before the client received their card or PIN/password;
  • the transaction involved incorrectly debiting you more than once in relation to a single transaction; or
  • the transaction happened after you told the bank or credit union that your card was lost, stolen or had been misused, or that someone else may know your PIN/password.

Banks are not responsible for identifying and blocking every scam or fraudulent or unauthorised transaction. In limited circumstances, your bank may be responsible for the money you lost to a scam. This will depend on whether the bank was aware of the scam, and what role the bank played in the unauthorised payment.

Some situations may include where:

  • your bank had been warned that an account was fraudulent and failed to close the account before an authorised payment was made
  • a clearly suspicious transaction occurred in a local branch
  • you were left on hold while trying to notify the bank of a security breach, and unauthorised payments occurred while you were on hold
  • your bank didn’t lock your card, or allowed more transactions, after you reported an unauthorised payment.

Unauthorised transactions and domestic and family violence

Sometimes our clients may experience domestic and family violence or elder abuse. This may involve financial abuse. Providers may be able to make special arrangements for persons experiencing domestic violence or abuse, including in relation to steps to prevent the misuse of their products and services and the blocking unauthorised transactions.

Financial control and can include a partner or ex-partner making unauthorised transactions, forcing someone into debt, making all the key financial decisions in a relationship, spending joint funds without the other person’s knowledge or consent, or using joint assets and debts to control someone, for example, to prevent them from leaving an abusive relationship. An abuser may also withhold child support or use joint debts or jointly owned assets to continue to exert control over their victim even after a relationship has ended.

This type of financial control can limit a person’s efforts to recover from the abusive relationship and rebuild their economic independence and security.

It will often be difficult for a client experiencing family violence to discuss their situation. For this reason, we must ensure to ask appropriate and sensitive questions where there are warning signs of potential family violence or financial abuse, to find out more about the client’s situation.

Clients experiencing financial abuse may, after reviewing their credit report, flag particular credit(s) which they never applied for. In such circumstances it may be appropriate to dispute the transaction on the basis that it was not authorised by the account holder.

Alternatively, an authorised transaction may be disputed by a joint account holder who believes they should not be liable, for example, because they did not obtain any benefit from a transaction made by the other account holder or because they were subject to financial abuse when the transaction was made. In these circumstances, the financial firm is required to show that the transaction was correctly authorised, for example, that the person making the transaction had the authority to operate the account.

Where possible, the financial firm should be made aware that our client is experiencing domestic and family violence and place enforcement action on hold while it works with the client to consider options.

The AFCA Approach to joint accounts and family violence sets out AFCA’s approach to assessing complaints about joint accounts and family violence and provides a number of case study examples.

Credit reporting and fraud

If a client is, or is likely to be, the victim of fraud (including identity fraud), and a credit reporting body holds credit reporting information about the client, the client can request that a credit reporting body place a ban on their consumer credit report to prevent them from being able to use or disclose the information as part of a credit check. There is no charge for requesting a ban period (or extending it).

There is no limit on the number of times that a ban period can be extended. The client can request that one of the credit reporting bodies pass on any request for a credit ban or an extension (rather than separately make a request of all three).

Steps to take with credit reporting agencies

A request should be made to all three credit reporting bodies (Equifax, Experian and Illion) in case they maintain a consumer credit report about the individual.

Each credit reporting body will then place a ban period on the client’s consumer credit report. The ban period will last for 21 days after a request is first made. The credit reporting body must notify the client at least 5 business days before the ban expires:

  • of the date the ban period is due to finish
  • about your rights to extend the ban period
  • what, if any, information it requires to support your allegation of fraud.

If no further action is taken, the ban period on the client’s consumer credit report will be lifted after 21 days. However:

  • if the client is still concerned about fraud towards the end of the ban period, they can request the credit reporting body to extend it;
  • the credit reporting body must extend the ban period if it believes that the client has been or is likely to be the victim of fraud. If they decide to extend the ban period, they must let you know in writing and tell you the length of the extension.

There is no limit on the number of times that a ban period can be extended. The client can request that one of the credit reporting bodies pass on any request for a credit ban or an extension (rather than separately make a request of all three).

For more information

For more information on credit report bans, see the following information provided by the relevant credit reporting bodies:

See also useful information:

  • ‘Scams’ on the Financial Rights Legal Centre website: https://financialrights.org.au/factsheet/scams/
  • ID Care Website – Credit Bans 
No footnotes

Skip to content