Commercial transactions
Download
1 / 71

Commercial Transactions Module 9 Electronic Commerce Banking - PowerPoint PPT Presentation


  • 359 Views
  • Uploaded on

Commercial Transactions Module 9 Electronic Commerce & Banking Winter Session 2008 In this module, we will firstly look at e-commerce in a general way ; reflecting on how the type of transactions we have already looked at are affected by this medium. Contract formation Sale of goods

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Commercial Transactions Module 9 Electronic Commerce Banking' - emily


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Commercial transactions l.jpg

Commercial Transactions

Module 9

Electronic Commerce & Banking

Winter Session 2008


Slide2 l.jpg

  • In this module, we will firstly look at e-commerce in a general way; reflecting on how the type of transactions we have already looked at are affected by this medium.

    • Contract formation

    • Sale of goods

    • Provision of services

  • Then we will look at some aspects of a specific service-electronic banking and payment methods-and an avenue of ADR.

  • As many commercial arrangements and transactions now occur using electronic commerce, students are expected to deal with issues arising in either a physical or virtual business environment.


  • Electronic commerce l.jpg
    Electronic Commerce

    We can see Electronic Commerce at work in many ways

    - a communications perspective

    - a business process perspective

    - a service perspective

    - an online perspective

    - a transaction perspective

    - a legal perspective

    - a business-to-business and business-to-consumer perspective.


    Communications perspective l.jpg
    Communications Perspective

    From a communications perspective, electronic commerce is the delivery of information, products / services, or payments via telephone lines, computer networks or any other means.

    When looking at the arrangements in place, we normally look to contract law. It can also be a service and s. 74 TPA can be relevant.


    Business process perspective l.jpg
    Business Process Perspective

    From a business process perspective, electronic commerce is the application of technology towards the automation of business transactions and work flows.

    In order to analyse the process, we need to understand what is being achieved, the steps and the relationships.

    If a new way of doing something, it may be IP, protected by Copyright or be entitled to a Patent. E.g. Amazon.com ordering system.


    Service perspective l.jpg
    Service Perspective

    From a service perspective, electronic commerce is a tool that addresses the desire of firms, consumers and management to cut service costs while improving the quality of goods and increasing the speed of service delivery.


    Online perspective l.jpg
    Online Perspective

    From an online perspective, electronic commerce provides the capability of buying and selling products and information on the internet and other online services.

    This can save businesses from having the costs and inconvenience associated with physical premises and permit them to have a much wider reach. By use of logistical services….transport and storage…that need not be theirs….they can have large operations and cover wide areas more easily than formerly. They can also sometimes do things which were not possible /very difficult before-e.g. online auctions.


    Legal perspective l.jpg
    Legal Perspective

    From a legal perspective, we can consider the need for a signature and whether an electronic signature suffices.Also Evidentiary Matters

    - Elements of contract formation.

    - Attribution of electronic conduct.

    - Intellectual property issues.

    - Consumer protection in relation to business-to-consumer transactions or business-to-business (small business) transactions.


    E commerce contract formation l.jpg
    E-Commerce - Contract Formation

    Ways of forming contracts

    • Exchange of written correspondence by post, fax

    • Oral in person or by telephone

    • Written formal agreement or Exchange of emails

    • Acceptance of an offer by conduct

      Types of Contracts

    • Sale/supply of physical goods

    • Licences (e.g. software,music,film)

    • Supply of services…banking, shares, advice.

    • Combination contracts


    Ecommerce subject to the same laws as physical transactions l.jpg
    Ecommerce-Subject to the same laws as physical transactions

    The Electronic Transactions Act 1999 commenced March 15, 2000 and is based on the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce. States are required to enact complementary law. NSW, Victoria and ACT have, but the others not yet.

    The legislation is based on principles of functional equivalence

    …paper based and electronic transactions should be treated equally by the law and technology neutrality

    …the law will not discriminate between different forms of technology.

    Note:The local version is not exactly the same as the model law.


    E commerce communication and receipt uncitral model law article 15 l.jpg
    E-commerce-Communication and ReceiptUNCITRAL Model law article 15

    Unless otherwise agreed between the originator and the addressee, the time of receipt of a data message is determined as follows:

    (a)If the addressee has designated an information system for the purpose of receiving data messages receipt occurs:

    (i) At the time when the data message enters the designated information system; or

    (ii)If the data message is sent to an information system of the addressee that is not the designated information system, at the time when the data message is retrieved by the addressee;

    • (b)If the addressee has not designated an information system, receipt occurs when the data message enters an information system of the addressee.


    Electronic transactions act 1999 cth signatures l.jpg
    Electronic Transactions Act 1999 (Cth) Signatures

    S.10 of the ETA provides that if the signature of a person is required, that requirement is taken to be met in relation to an electronic communication if:

    a method is used to identify a person and to indicate the persons approval of the information communicated

    the method was as reliable as was appropriate for the purposes for which the information was communicated

    if the recipient is a commonwealth entity any applicable IT requirements have been complied with; and

    if the recipient is not a commonwealth entity, the person consents to the method of signature used.


    Electronic transactions act 1999 cth documents in electronic form l.jpg
    Electronic Transactions Act 1999 (Cth) Documents in Electronic Form

    S.11 of the ETA provides that a requirement to produce a document is taken to have been met if the document is produced in electronic form, provided that;

    • the method of generating the electronic form of the document provides a reliable means of maintaining the integrity of the information contained in the document

    • at the time the communication was sent it was reasonable to expect that the information in the electronic form of the document would be readily accessible so as to be useable for subsequent reference

    • if the recipient is a commonwealth entity, any applicable IT requirements have been complied with; and

    • if the recipient is not a commonwealth entity, the recipient consents to the method of signature used.

      NOTE that the ETA will not apply to formalities required by the parties as opposed to formalities required by legislation.


    Communication methods insurance contracts act l.jpg
    COMMUNICATION METHODSInsurance Contracts Act

    The Insurance Contracts Act specifies that some communications must be in writing. Most provisions impose obligations on the insurer to advise the insured of something in writing (ss.22,35,37,39,40,44,49,58,62,68 and 74).s,69 permits oral information, provided later given in writing.

    The ETA 1999 provides that in general where a commonwealth law requires a notice in writing, it may be given by electronic means provided that the recipient consents. However, the ET regulations exclude the ICA from the scope of these provisions!

    Because of the seriousness of some of these notices e.g. cancellation, in a Treasury review of the ICA in 2004, a recommendation was made that E communications be possible with consent and provided a record could be printed.


    E commerce communication of receipt us uniform computer information transactions act 1999 l.jpg
    E-commerce-communication of receiptUS Uniform Computer Information Transactions Act 1999

    • §215 provides for electronic messages to be effective at the time of receipt, regardless of whether any individual is aware of receipt.

    • Receipt is defined as:

      • In the case of an electronic notice…coming into existence in an information processing system or at an address in that system in a form capable of being processed by or perceived from a system of that type by a recipient, if the recipient uses, or otherwise has designated or holds out, that place or system for receipt of notices of the kind t be given and the sender does not know that the notice cannot be accessed from that place.


    E commerce communication of receipt the electronic transactions act 1999 prefers l.jpg
    E-commerce-communication of receiptTheElectronic Transactions Act 1999 prefers:

    s.14 Time of receipt

    (3) For the purposes of a law of the Commonwealth, if the addressee of an electronic communication has designated an information system for the purpose of receiving electronic communications, then, unless otherwise agreed between the originator and the addressee of the electronic communication, the time of receipt of the electronic communication is the time when the electronic communication enters that information system.

    (4) For the purposes of a law of the Commonwealth, if the addressee of an electronic communication has not designated an information system for the purpose o receiving electronic communications, then, unless otherwise agreed between the originator and the addressee of the electronic communication, the time of receipt of the electronic communication is the time when the electronic communication comes to the attention of the addressee.


    E commerce is there a valid contract l.jpg
    E-commerceIs there a valid Contract?

    Valid offer?

    • Wording and display?. Limits? Systems?Interactive or active site?

    • Automated interactive sites? Vending machines…offer made when proprietor holds it out as being ready to receive money. Contract formed when consumer places money into the slot and selects item.

      Acceptance?

    • Effective at the time communicated to offeror. When is it communicated? Email?Instantaneous? Press Send, goes to ISP, goes via a number of servers and received when recipient logs on and downloads. May go around the world to get to the next building. Is it similar to the postal system? Difficulties with certainty in time of communication.EDI is instantaneous. Fax? What if noone there to receive it?

      Intention to create legal relations? Capacity?

      Consideration?

      Terms are certain?


    Discussion point l.jpg
    Discussion point

    Can a telephone company change the terms and conditions of its contract by posting a notice on its Website?


    Shrinkwrap clickwrap and browsewrap licences l.jpg
    Shrinkwrap, Clickwrap and Browsewrap licences

    Usually encountered when purchasing (shrinkwrap) or downloading and using software applications and electronic information distributed online (clickwrap and browsewrap)

    Shrinkwrap…on the clear plastic wrapper

    Clickwrap…I agree button

    Browsewrap…appears on site somewhere…by using this site….you agree etc…


    Shrinkwrap l.jpg
    Shrinkwrap

    Quite often order is made by phone and company promises to send the item. Contract usually formed when order made, accepted, payment etc, and cannot add terms later. However, may be situation where on consider and agree/or return basis…sophisticated user with knowledge usual terms…licence terms shown each time program loaded with offer of refund if not acceptable….

    If terms desired, need to be made known and agreed to by contracting party at time of contract…conditional on acceptance…return possible?


    Slide21 l.jpg
    Good rap for browsewrap in USA: Register.com Inc v Verio IncAuthors: Leaellyn Rich and Irene Zeitler of Freehills

    Agreement to terms and conditions?

    Decision affirming the enforceability of browsewrap licences, the U S Court of Appeal for the Second Circuit has upheld a preliminary injunction issued against Verio Inc. (Verio), a website developer and hosting firm, for breaching the browsewrap-style terms of use for the services of the plaintiff, Register.com (Register): Register.com Inc v Verio Inc . 356 F. 3d 393 (2d Cir. N.Y. 2004), 2004 U.S. App. LEXIS 1074.


    Facts in verio l.jpg
    Facts in Verio

    Register, a provider of domain name registration services, had agreement with Internet Corporation for Assigned Names and Numbers (ICANN). Register was required to maintain and update a publicly available 'WHOIS' database of registrants' contact information, was not to impose restrictions on use of this data, except re electronic spamming. Register established a WHOIS database, which it updated on a daily basis, and provided a free public inquiry service for the information contained therein. Register's responses to WHOIS queries were captioned by a 'legend' stating that by submitting a query, the user agreed to refrain from using the data to conduct mass solicitations of business by email, direct mail or telephone (a more stringent restriction than that envisaged under the ICANN Agreement, which was only in relation to the restriction of mass solicitation by email).Verio developed automated software program or 'robot' (Robot) to access WHOIS database and compile massive lists of new registrants whom Verio then subjected to a barrage of unsolicited marketing by email, direct mail and telephone.Register demanded Verio stop, but Verio only partially complied, ceasing email solicitations, but continued direct mail and telephone. Register sued for breach terms.Verio argued not contractually because it never received legally enforceable notice of Register's conditions as the restrictive legend did not appear until after Verio had submitted the query and received the WHOIS data.


    Decision in verio l.jpg
    Decision in Verio

    Court upheld the preliminary injunction, concluding that online contracts do not always require formal acceptance by the offeree. In the circumstances, Register's browsewrap-type terms of use, combined with Verio's actions in repeatedly accessing the WHOIS database constituted a valid offer and acceptance, thereby resulting in a legally enforceable contract.Court distinguished case Specht. Court also disagreed with the Ticketmaster, expressly rejecting that terms were unenforceable because user had not clicked an 'I agree' icon:

    • '[w]e recognize that contract offers on the Internet often require the offeree to click on an "I agree" icon … no doubt in many circumstances, such a statement is essential to the formation of a contract. But not in all circumstances...It is standard contract doctrine that when a benefit is offered subject to stated conditions, and the offeree makes a decision to take the benefit with knowledge of the terms of the offer, the taking constitutes an acceptance of the terms, which accordingly become binding on the offeree.'

      Particular significance was attached to the fact that Verio was a commercial entity that was making numerous, successive inquiries of Register's database, as a result of which it had become well aware of the terms exacted by Register.


    Implications of verio us decision l.jpg
    Implications of VERIO US decision

    As electronic commerce has developed, courts have been confronted with the task of applying age-old principles of contract law to various online permutations of the classic idea of agreement between parties.

    While, in recent years, courts have become comfortable with enforcing agreements supported by 'clickwrap' procedures, Verio is an authority in relation to the enforceability of 'browsewrap' or 'Web wrap' agreements.This case helps to elucidate contract principles as they apply to browsewrap agreements and, in particular, clarifies the circumstances in which the provisions of browsewrap agreements will be held to be enforceable. Although Australian courts are not bound by American case law, the decision in Verio provides a useful guide as to how an Australian court might deal with the issue.


    Specht v netscape communications corp 306 f 3d 17 2d cir 2002 l.jpg
    Specht v Netscape Communications Corp., 306 F.3d 17 (2d Cir. 2002),

    The Court declined to enforce terms specified by Netscape against a user of Netscape's software due to insufficient evidence that the user had seen the terms when downloading the software. The terms of Netscape's offer of software were posted on the website from which the user downloaded the software. However, the user would not have seen them without scrolling down their computer screen, and there was no reason for them to do this.


    Ticketmaster corp v tickets com inc no cv99 7654 2000 u s dist lexis 12987 2000 wl 1887522 l.jpg
    Ticketmaster Corp. vTickets.com Inc., No. CV99-7654, 2000 U.S. Dist. LEXIS 12987, 2000 WL 1887522

    The Court, noting that the taker of the information was not provided with an 'I agree' icon to click (although fully aware of the terms on which information was offered on Ticketmaster's site), concluded that there was insufficient proof of agreement to support a preliminary injunction.

    The Court Verio commented that '[u]nder the circumstances of Ticketmaster, we see no reason why the enforceability of the offeror's terms should depend on whether the taker states (or clicks), "I agree".'

    June, 2004


    Unconscionability unfairness and standard term contracts l.jpg
    Unconscionability, Unfairness and Standard term contracts

    Consider the application to:

    • Choice of law clauses

    • Arbitration clauses

    • Forum clauses

    • Payment/fees clauses

    • Term of contract/renewal clauses

    • Resulting damage


    Slide28 l.jpg

    S.52TPA and e-commerceA corporation shall not in trade or commerce engage in conduct that is misleading or deceptive or is likely to mislead or deceive

    Consider also ancillary liability (s75B aids, induces, conspires, knowingly concerned)

    The conduct must have taken place in Australia. Where were the representations made?..relevant conduct not the state of mind.

    No need for an active representation. Can be silence e.g. incomplete information, changes not noted or where reasonable expectation of information.

    Examples of possible problem areas:

    • Advertising

    • Website design, logos, product description,Domain names

    • Metatags and cyberstuffing-keywords to attract search engines

    • Linking and framing

    • Distributing software without permission

    • Contract terms


    Misleading and deceptive conduct taco bell inc v taco bell p l 1982 42 alr 177 l.jpg
    Misleading and deceptive conductTaco Bell Inc. v. Taco Bell P/L (1982) 42 ALR 177

    4 step approach to whether conduct is misleading and deceptive in all the circumstances

    (1) Identify relevant section of public who may be mislead/deceived.

    (2) What is effect of conduct on all those within that section…would a reasonable member of that section be mislead?

    (3) Evidence that consumers are in fact suffering from a misconception may be persuasive but is not essential

    (4) It must be established that the misconception has arisen as a result of conduct complained of and not some other factor

    NOTE that intent of defendant not relevant and not enough to cause mere confusion. Conduct must actually mislead or deceive or be likely to…different to passing off action where confusion enough.


    Sales of goods over the internet terms and conditions l.jpg
    Sales of goods over the internet-terms and conditions

    Results of a survey of on line retail sites by ACCC 2004

    Terms and conditions compulsory viewing 14.7%

    Require positive consent before completion 32.80%

    Written contract easy to find 17.4%

    Clause attempting to disclaim warranties in breach TPA 50.9%

    Clause attempting to limit liability 66.00%

    Clause attempting to limit responsibility for inaccuracy 54.3%

    Clause stating that use of site is agreement to T&C 48.7%

    Both clauses attempting disclaimer warranties

    and limits to liability 43.8%

    70% of online sites surveyed raised concerns for ACCC


    Foreign web scheme banned peter james and andrew north of allens arthur robinson l.jpg
    Foreign web scheme bannedPeter James and Andrew North of Allens Arthur Robinson

    ACCC case against US based SkyBiz.com Inc, illustrating that web-based activities can be subject to laws where information accessed, not just the law of home country operations. Example also of ACCC and FTC co-operation.

    ACCC alleged in Federal Court that SkyBiz.com Inc contravened TPA 61 through its operation of a pyramid selling scheme and had engaged in misleading and deceptive conduct and referral selling, prohibited by ss. 52, 59 and 57.SkyBiz. consented to orders that:The Skybiz scheme was a pyramid selling scheme. Skybiz represented the scheme could be used to engage in ecommerce when it could not; SkyBiz attempted to induce people to take part by representing that those who joined would later receive money if they introduced new consumers, contingent on those new consumers recruiting further consumers, thereby engaging in referral selling.SkyBiz represented the scheme would be a profitable business for all persons who took part and could be carried on at/ from, their home, when in fact this was not the case, thereby making false or misleading representations and SkyBiz attempted to induce persons to take part by representing that those who joined would later receive payments.


    Sales of goods over the internet l.jpg
    Sales of goods over the Internet

    Same as physical sales plus some

    Goods to correspond with description

    Do the goods delivered correspond with description, picture?

    Important to check pictures and descriptions to make sure they match those delivered.

    Any tendency to vary should be clearly noted on site so as to be clear to the customer prior to the decision to purchase being made.


    Sale of goods over the internet fitness for purpose l.jpg
    Sale of Goods over the InternetFitness for Purpose

    Has the customer made known, expressly or impliedly, the purpose to the Vendor?

    Expressly

    Ordered by description?

    Surrounding negotiations?

    Impliedly

    One purpose only?

    Advertised as being appropriate for particular purpose?


    Sale of goods over the internet merchantable quality l.jpg
    Sale of Goods over the InternetMerchantable Quality

    As people do not see goods before they buy when bought over the Internet,it will be particularly important to point out any defects.

    Note Grays auction site. When they sell factory seconds, they list some or all of the faults, a note that they have not been properly assessed, no warranty etc.


    Sale of goods over the internet capacity l.jpg
    Sale of Goods over the InternetCapacity

    Normally there is a presumption at common law, that a person who enters a contract has full capacity to do so. Some exceptions for those under a disability-might include minors (under 18), mentally disable, drunkards, bankrupts.

    It is impossible to be sure of identity of Internet Customer.

    Consider the situation with Minors:-

    A contract made by a minor is “voidable”, at the minor’s option. One exception involves “Necessities”-food, clothing, education or goods/services fit to maintain them in station of life in which they move. Even so, unenforceable if contains harsh, unreasonable terms or price is unreasonable.

    Burden of proof with supplier.

    What is the situation with “Luxury items”? CDs, computer games?


    Sale of goods over the internet purchase by a minor l.jpg
    Sale of Goods over the InternetPurchase by a minor

    The minor uses their own debit card

    The account would be debited before goods received. Therefore, once, goods received, minor would have to litigate to recover the money. However, if they changed their mind prior to delivery and informed supplier they wished to withdraw, the supplier would not be able to rely on contract terms and conditions. Minor would be entitled to a full refund.

    The minor uses adult debit/credit card without permission

    Should be treated same as if card stolen. When adult becomes aware, might choose to ratify; in which case contract would be with adult and fully enforceable. If they denied validity, child could be prosecuted for theft. Credit company would most likely seek to recover the money and the supplier would lose out.

    The minor might be obliged to pay after receipt of goods

    Seller could not enforce contract to recover money. Unless fraud, they could not recover the goods either.


    Sale of goods over the internet sale by a minor l.jpg
    Sale of Goods over the InternetSale by a minor

    In NSW law has altered CL position and is different to that in the other States.

    See the Minors (Property and Contracts Act) 1970.

    • If for their benefit, it is presumptively binding

    • The Supreme Court can make an order granting them capacity

    • A minor cannot enforce a contract that is not presumptively binding

    • On reaching 18, minor can affirm an act they participated in during minority

    • On repudiation, courts have wide discretion to produce a fair result.

    • Where a disposition of property occurs and minor receives at least part of consideration, it is presumptively binding.


    Credit cards electronic banking l.jpg
    Credit Cards & Electronic Banking

    Contract between Banker and Customer

    Students are expected to have a good working knowledge of the terms and conditions of a bank customer contract for electronic banking, credit cards, internet banking, the application of sections 5 and 10 of the Electronic Funds Code of Conduct to them and be able to work through and resolve a problem with such services.

    The EFT Code of Conduct is available on the ASIC website. Note that there are calls for submissions on a Review of the EFT Code in January 2007.

    Useful summaries and copies of policy guidelines for the Banking Ombudsman are available on their website.


    Slide39 l.jpg

    CREDIT CARDS and ELECTRONIC BANKING

    Contract between Banker and Customer

    Contract may consist of more than one set of terms and conditions and terms may be implied by other instruments or by Statute.

    See: Electronic Banking Conditions of Use / Terms and Conditions

    Note that there are frequent variations from time to time for both

    Code of Banking Practice (disclosure mostly)

    Electronic Funds Transfer Code of Conduct (especially 5 & 10)

    See also:

    ASIC Act-misleading and deceptive conduct

    Contract Review-harsh/unconscionable

    Tort Negligence Misrepresentation

    Dispute Resolution Methods

    Internal-See Terms&Conditions of Contract and Codes of Conduct

    External-See Banking Ombudsman

    Court

    Other


    Eft code l.jpg
    EFT Code

    What information do you have to be given and when?

    You are entitled to a copy of the contract (Terms and Conditions).

    The account institution must give you the contract at the time of or before you use a new way of accessing your account.

    Your account institution must give you certain information about your new card or PIN and include information about fees, restrictions, accounts that can be accessed, how to report loss, theft or unauthorised use, and how to make a complaint.

    If the account institution changes the rules, they have to tell you about it at least 20 days before they take effect.

    If you deposit, withdraw or transfer money electronically, the account institution must offer you a receipt showing the date of the transaction, the type, accounts and amounts involved and location of the transaction.


    Eft code cont l.jpg
    EFT Code cont.

    What happens if there is an unauthorised transaction on your account?

    - There is an obligation to check your statements.

    - Contact your account institution as soon as possible.

    - There will be some instances where you will be liable for them, and others where you will not be, and some in between; where you will be liable to a limited extent.


    Eft code cont42 l.jpg
    EFT Code cont.

    When will you get your money back for authorised transactions?

    When:

    - there is fraudulent or negligent conduct by employees or agents of the account institution;

    - a forged, faulty, expired card, PIN or password was used;

    - the transaction took place before your received your card, PIN,password;

    - a merchant incorrectly debited your account more than once;

    - the transaction took place after you told your account institution your card had been stolen or lost, or someone else may know your PIN or password;

    - no PIN or password was required to conduct the transaction;

    - it is clear you have not contributed to the loss;

    - the account institution expressly authorises the conduct.


    Eft code cont43 l.jpg
    EFT Code cont.

    When you will not get your money back?

    Where the account institution can prove: -

    - you contributed to the loss by acting fraudulently, or not keeping your PIN or password secret;

    - you unreasonably delayed before telling your account institution that your card had been misused, lost or stolen or that someone else might know your PIN or password.


    Eft code cont44 l.jpg
    EFT Code cont.

    What is the extent of my liability?

    Where the account institution can show that the account holder acted fraudulently or unreasonably denied advice, they will be responsible to the extent of the daily transaction limit and the balance of the account.

    When will liability be split between the account institution and the customer?

    If a PIN or password was needed to perform the unauthorised transaction and it cannot be proven that the customer contributed to the loss, the customer will only be responsible for the lowest of- $150.00;

    - the balance of the account; and

    - the amount of money that had gone out of the account before the account institution was informed.


    Notice to commonwealth bank customers access methods security guidelines l.jpg
    Notice to Commonwealth Bank Customers- Access Methods Security Guidelines

    Access methods (which include devices and codes) comprise the keys to your account. You and any other user must take reasonable card to ensure that access methods and any record of access methods are not misused, lost or stolen.

    These are Guidelines only. They summarise how you can maintain the security of your access methods and help to avoid losses to you or us. Your liability for any loss will be determined in accordance with the Electronic Funds Transfer (EFT) Code of Conduct, the provisions of which are reflected in the relevant Conditions of Use. For full details on how to protect your access methods (which includes a card, PIN and Password) please refer to your copy of the Electronic Banking Terms and Conditions or Credit Cards Conditions of Use, as appropriate.


    Notice to commonwealth bank customers access methods security guidelines cont l.jpg
    Notice to Commonwealth Bank Customers- Access Methods Security Guidelines cont.

    Devices (for example, a card)

    You must make sure that:

    • devices (if they are cards) are signed immediately upon receipt;

    • devices are kept secure and (if they are cards) carried by you whenever possible;

    • you regularly check that devices are still in your possession.

      Codes (for example, a PIN or password)

      Try to memorise your code as soon as you receive it. If you are unable to memorise your code and need to make a record of it, please ensure you have made a reasonable attempt to disguise your code in the record - that is, scramble the details so that no one else is able to work out what your code is. We are not liable to reimburse you if an unauthorised transaction occurs on your account and you or any other user have not made a reasonable attempt to disguise a code or to prevent unauthorised access to the code record.


    Notice to commonwealth bank customers access methods security guidelines cont47 l.jpg
    Notice to Commonwealth Bank Customers- Access Methods Security Guidelines cont.

    For example, we will not consider that a reasonable attempt has been made to disguise a code if you or any other user only:

    • recorded the code in reverse order;

    • recorded the code as a ‘phone’ number where no other ‘phone’ numbers are recorded;

    • recorded the code as a four digit number, prefixed by a telephone area code;

    • recorded the code as a series of numbers or words with any of them marked, circled or in some way highlighted to indicate the code;

    • recorded the code disguised as a date (e.g. 9/6/63) where no other dates are recorded;

    • recorded the code in an easily understood code, e.g. A=1, B=2; or

    • self-selected a code which is an obvious word or number or one that can be found in a purse or wallet or can be easily guessed by someone else (such as a date of birth, middle name, family member’s name or driver’s licence number).


    Notice to commonwealth bank customers access methods security guidelines cont48 l.jpg
    Notice to Commonwealth Bank Customers- Access Methods Security Guidelines cont.

    You or any other user must ensure that:

    • a code or disguised record of a code is not recorded on an access method;

    • devices and codes (including any record of codes) are not kept together such that if a thief gets hold of the access method, he/she will also find the disguised code: for example, in a briefcase, bag, wallet or purse (even if in different compartments), in a car (even if in different areas of the car - in fact access methods should not be left in a car at all), at home in the one item of furniture, (e.g. different drawers of the same bedroom dresser) or in any other situation where an access method is not separate and well apart from a code record;

    • no one else is told or finds out your code - not even family or friends;

    • transactions are ready to be made when you approach the electronic equipment, such as an automatic teller machine;

    • no one watches a code being entered. Check the location of mirrors, security cameras or any other means of observing the code being enters, and then shield it from sight;

    • nothing (such as a device, transaction record or cash) is left behind when the transaction is completed.


    Notice to commonwealth bank customers access methods security guidelines cont49 l.jpg
    Notice to Commonwealth Bank Customers- Access Methods Security Guidelines cont.

    What to do if your access method is misused, lost or stolen

    You must tell us as soon as you become aware (even if you are confident that the codes are secure) that the access method used by you or any user is lost or stolen or you suspect that your (or any user’s) code has become known to someone else because it may help us detect fraud and reduce the need for us to conduct a lengthy enquiry because of extended misuse of the account.

    Otherwise, you will be liable for the unauthorised transactions that occur on your account or any account linked to the card if it can be shown that you or any user unreasonably delayed telling us of the access method or code loss, theft or misuse.

    You can tell us by calling 13 2221 at any time (24 hours a day, 7 days a week) or visiting your nearest branch during business hours)


    Slide50 l.jpg
    Notice to Commonwealth Bank Customers- Safeguarding Other Types of Payment Instruments, such as Cheques and Passbooks

    You must do everything you reasonably can to make sure that other payment instruments such as cheques and passbooks are not misused or lost or stolen. Not only must you take care to guard against theft, you must always ensure that you draw cheques in a way that does not facilitate fraud.

    It is important that you tell us as soon as you become aware that a payment instrument has been lost or stolen. You may be liable for the unauthorised transactions that occur on your account if it can be shown that you unreasonably delayed telling us of the loss, theft or misuse of the payment instrument. If you have a cheque facility you should also check your statements for unauthorised transactions and report them to the Bank as soon as possible.

    Even if you are confident that the payment instruments are secure, you must tell us as soon as you become aware of the loss or theft of a payment instrument or of any unauthorised access to your account(s).


    Liability for unauthorised transactions section 5 electronic funds transfer code of conduct l.jpg
    LIABILITY FOR UNAUTHORISED TRANSACTIONS SECTION 5 Electronic Funds Transfer Code of Conduct

    No liability for:

    1. Losses caused by fraudulent, negligent conduct of employees or agents of bank or networks or merchants

    2. Losses relating to component of access method that are forged, faulty, expired or cancelled

    3. Losses that arise from transactions using device or code prior to issue

    4. Double debits

    5. Unauthorised transactions occurring after notification

    6. Where it is clear that user has not contributed to the loss

    Liable where:

    • Where bank can prove on balance of probability that user contributed to losses through their fraud, contravention of security guidelines

    • Where bank can prove on balance of probability that user has contributed to losses by unreasonably delaying notification

      See 5.6 for security guidelines


    Slide52 l.jpg

    Internal Complaint handling procedures to comply with AS4269-1995 or other as approved by ASIC

    Customers to be advised of procedure in T&C

    Decision to be based on all relevant established facts and not unsupported inferences

    Information to be obtained.

    If equipment malfunction complained of, institution must investigate whether one occurred.

    Within 21 days, institution to complete investigation and advise user of outcome with reasons or advise customer of need for more time.

    Unless exceptional circumstances, investigation completed 45 days. If longer, must inform customer of reasons, provide monthly updates, estimated decision date

    Where customer liable, institution to make available copies of documents etc.

    Where institution does not observe procedure external dispute resolution body may make institution liable to compensate for effects of decision or delay

    Records of complaints to be kept.

    NOTE: 28% EFT complaints (30,375) April 99-March 2000 concerned

    unauthorised transactions ATM and EFTPOS transactions. Majority resolved in

    favour card issuer; most common reason being cardholder negligence with their

    PIN.

    COMPLAINT INVESTIGATION / DISPUTE RESOLUTION

    INTERNAL SCHEME EFT Code of Conduct s. 10


    Slide53 l.jpg

    INTERNAL COMPLAINT PROCEDURE AS4269-1995 or other as approved by ASIC

    INFORMATION TO BE OBTAINED FROM USERS

    1. Account type, number, type of access method used

    2. Name and address of user

    3. Other users authorised

    4. Whether device signed

    5. Whether device lost or stolen or security of codes breached Date and time of loss, theft or security breach

    • Time of report to account institution

    • Time, date, method of reporting to police or other authority

      6. Code details

    • Was record of code made? How? Where kept Was record of code lost or stolen? Date? Time? Code disclosed to anyone?

      7. How loss occurred (e.g. housebreaking, stolen)

      8. Where loss of device occurred e.g. office, home

      9. Details of transaction to be investigated

    • Description date time, amount Type and location of electronic equipment used

      10. Details of any circumstances surrounding the loss, theft, security breach, or reporting or steps taken to ensure security of device or codes which user considers relevant to their liability

      11. Details of last valid transaction.


    Slide54 l.jpg

    External Dispute Resolution – AS4269-1995 or other as approved by ASIC Formerly via Banking and Financial Services Ombudsman. Since 1 July 2008, via the Financial Ombudsman service -merger of 3 financial industry schemes See www.fos.org.au

    JURISDICTION

    • The complaint must be about a specific “banking service” (NOT commercial judgements, policies, fees, branch closures) a bank has provided to complainant

    • The person complaining must be able to say that the banks action have directly caused them a financial loss.

    • The amount of financial loss must be less than $280,000.

    • The person complaining must be an individual and/or a small business (15 full time employees or less, annual turnover of $1m or less and independently owned and managed). Some corporations-those which are also a charity, trustee or statutory authority-excluded.


    Banking ombudsman information to supply when making a complaint l.jpg
    Banking Ombudsman AS4269-1995 or other as approved by ASIC Information to supply when making a complaint

    In a letter setting out particulars of the complaint,

    name address and telephone number,

    bank name,

    name of contact person of bank and contact number,

    account number, and

    copies of documents if about a loan or cheque.


    Banking ombudsman procedure when handling a complaint l.jpg
    Banking Ombudsman AS4269-1995 or other as approved by ASIC Procedure when handling a complaint

    Ombudsman examines letter

    Decides whether in a position to consider it

    Allocates a case number

    And perhaps an investigator (who liases with the bank)

    Sends details to bank

    After 30 days bank should have provided O with response. If it asks for longer, has to explain

    If complainant receives a recommendation, they may accept or reject. If they reject, the O will not be able to assist further.If complainant accepts and bank does too, case resolved.If complainant accepts but bank does not, the O can issue an award which binds the bank.

    When seeking to look at likely outcome of complaint, important to consider terms of reference, guidelines and policies.


    Banking ombudsman policies bank cheques l.jpg
    Banking Ombudsman Policies AS4269-1995 or other as approved by ASIC - Bank Cheques

    When considering a complaint about the stopping or dishonouring of bank cheques, O has regard to the guidelines of ABA and Law Society of NSW. Banks will only dishonour bank cheques in limited circumstances:

    • Forged or counterfeit instruments

    • Materially altered bank cheques

    • Bank cheques reported lost or stolen

    • A court order restraining payment

    • Failure of consideration for issue of a bank cheque

      NOTE a complaint by payee/holder falls outside terms of reference because drawing bank did not provide a banking service to payee.


    Banking ombudsman policies cheques l.jpg
    Banking Ombudsman Policies AS4269-1995 or other as approved by ASIC - Cheques

    Payment and collection of cheques

    The Drawer receives a “banking service” from the paying bank

    The Payee receives a “banking service” from the collecting bank

    If the Drawer wishes to complain about the collecting bank, they would not be able to do so to O even though the collecting bank has certain statutory obligations under the Cheques Act, because collecting bank not providing “banking service” to Drawer.


    Banking ombudsman policies third party cheques l.jpg
    Banking Ombudsman Policies AS4269-1995 or other as approved by ASIC - Third Party Cheques

    A third party cheque is a cheque deposited for payment into an account operated by someone other than the Payee.

    In these circumstances, the collecting bank is providing a “banking service” to the person who presents the cheque for payment.

    The O does not, however, have power to investigate a complaint by the Payee or a person otherwise claiming to be the true owner because the collecting bank did not provide a “banking service” them.


    Banking ombudsman policies late dishonours l.jpg
    Banking Ombudsman Policies AS4269-1995 or other as approved by ASIC - Late Dishonours

    Sometimes, banks advise a customer that a cheque has been dishonoured outside 3 day clearing period but still within clearance rules within banks.

    Customers may not have been provided with clear information about steps involved in cheque clearance.

    May not be aware of notation on account permitting release of uncleared funds or a commercial decision has been made to permit them access to uncleared funds.

    In these situations, O may consider whether bank actions are misleading, deceptive.


    Banking ombudsman policies mistake and change of position in good faith l.jpg
    Banking Ombudsman Policies AS4269-1995 or other as approved by ASIC Mistake and change of position in good faith

    O takes the view that where uncleared funds have been released to customer because of human or system error, bank is entitled to recover the money paid under mistake except where customer, in reliance on the payment, changed their position in good faith.

    Bank must establish it made a mistake of fact or law, it acted on the mistake in releasing the funds and the recipient has been unjustly enriched. Customer must establish they acted in good faith (actual belief in the security of the receipt), they relied on the mistake and they changed their position. A person can still be foolish, but honest.

    Customer must act to their detriment on faith of receipt. Mere expenditure not sufficient-must appear they would have acted differently had they not mistakenly believed they were richer than they were.e.g. not enough to simply spend the money on ordinary living expenses. Must be a genuine change of condition. E.g. making a bad investment that would not otherwise have been made, lending money to a third party that is irrecoverable, taking overseas trip that would not otherwise have been taken.


    Sample a bio 2002 a hasty return l.jpg
    SAMPLE A BIO 2002 A Hasty Return AS4269-1995 or other as approved by ASIC

    Mr and Mrs S went to Europe for their honeymoon. They intended to stay for 1 month, but after 2 days, their credit card stopped working. They cut short their holiday and returned to Australia.They lodged a dispute with ABIO, claiming that the bank should compensate them for their loss of enjoyment of their holiday.

    When ABIO referred the dispute to the bank for its consideration, it offered an ex-gratia payment of $3,000. Mr and Mrs S did not accept this offer, and it was subsequently withdrawn by the bank.InvestigationThe information provided by the bank did not establish why the credit card had stopped working. However, it was the case manager's view that as the bank represents to customers that the particular type of card can be used in most countries, the bank would be potentially liable for losses resulting from the failure of the card to work.


    Slide63 l.jpg

    A Hasty Return Cont. AS4269-1995 or other as approved by ASIC

    The case manager then investigated whether, according to the Ombudsman's guidelines for assessing non-financial loss, Mr and Mrs S were entitled to any compensation from the bank.

    The case manager noted that:

    • Mr and Mrs S did not contact the bank to try to rectify the problem with the credit card; and

    • Whilst the credit card did not work, they could still have accessedalternative funds by using Mr S's Keycard. This would have allowed them to make EFTPOS purchases and ATM withdrawals of up to $A800 per day, which appeared to be more than adequate for their travelling needs.

      ResolutionThe case manager concluded that Mr and Mrs S acted with extreme haste. As they had not given the bank an opportunity to resolve the matter, and did not take any reasonable steps to minimise the inconvenience they were suffering, the case manager found that it was not reasonable for Mr and Mrs S to expect to be compensated by the bank.


    Sample a bio 2002 disputed atm withdrawals l.jpg
    SAMPLE A BIO 2002 Disputed ATM Withdrawals AS4269-1995 or other as approved by ASIC

    Mr B and Ms C disputed a large number of ATM withdrawals, totalling $27,000, made from their line-of-credit account over a three-year period with their debit cards. They acknowledged receiving monthly statements, but said they were only concerned with the closing balance. They only made a detailed check when they noticed that the home loan was not reducing as quickly as expected. They provided a detailed list of disputed transactions, but conceded that some of the withdrawals would have been their own. They claimed that access to their account could have been gained internally by the bank, or via a hacker on the internet.

    The bank declined to make any refund. It said it was not clear why some transactions were disputed and others were not. It also noted that Mr B and Ms C had not disputed any transactions on their credit card account, yet on some days, valid credit card purchases occurred in the same suburb as disputed debit card withdrawals.


    Slide65 l.jpg

    Disputed ATM Withdrawals cont. AS4269-1995 or other as approved by ASIC

    Facts that came up during the investigation included that: both debit cards were used, but most of the disputed withdrawals were made with Mr B's card; both cards had bank-generated PINs; on two occasions it seemed that disputed ATM withdrawals had been used to make payments to the credit card account; on one occasion a disputed withdrawal was followed by a valid withdrawal only one minute later; and on at least one occasion there was a disputed cash withdrawal using a debit card on the same day that one of the disputants used a credit card to purchase goods in the same shopping centre.

    The case manager found nothing to support the contention that access was gained internally by the bank or via an internet hacker. There was also no information to support a possibility that an unauthorised third party had gained access to the cards and PINs. On the weight of information, the case manager concluded that the most probable explanation for the disputed transactions was that they had been made by the disputants themselves. The bank was not asked to compensate the disputants.


    Merchant eftpos facility l.jpg
    Merchant EFTPOS Facility AS4269-1995 or other as approved by ASIC

    Disputant partnership selling giftware. 1 partner in business since inception. 1 bought share from partner who retired. All documentation signed by retired partner.

    A customer frequently telephoned over 5 weeks to order gift hampers. To process, disputants keyed customer card number into EFTPOS terminal. Did not swipe card or obtain signature, nor did customer ever come into shop. By keying “off Line”, disputants by-passed electronic system which prevented transactions over $100 limit if cardholder’s account did not have sufficient funds.

    Bank attempted to levy chargebacks because transactions not authorised.

    Case manager reviewed merchant agreement. Bank entitled to charge back transactions if not valid or not processed in accordance with relevant procedures.

    Found that disputants had contravened procedures by processing “off line” at a time when electronic system functioning, failing to seek authorisation and failing to take reasonable care to detect unauthorised use of the card…given the size, frequency and nature of transactions.

    Disputants argued they were not bound because neither had signed. However, after review of partnership agreements and partnership legislation, found original partner bound continuing partner and new partner had assumed equal liability.

    Finding was that bank could rely on merchant agreement and charge back all of the transactions.


    Unauthorised withdrawals finding 6 on 2 august 2005 l.jpg
    Unauthorised Withdrawals AS4269-1995 or other as approved by ASIC Finding 6 on 2 August 2005

    X had line of credit facility, with card access. Had never used the card in 10 years. Stored it with PIN in a drawer. Stolen 24 November, 2004. Unauthorised withdrawals on 24/11-$2,800 and 25/11-$3,000.

    Bank debited him for the lot. Reasons: he failed to protect PIN, failed to notify immediately, daily limit correct. He complained to O.

    Investigator found he failed to protect PIN with reasonable methods to prevent unauthorised access, AAPT records showed he rang bank 24/11 and spoke for 8 minutes-did notify bank, limit correct-See EFT Code 5. Liable for $2,800 (amount taken before notification) but not $3,000 (after notification).


    Slide68 l.jpg
    Limits where compensation sought AS4269-1995 or other as approved by ASIC Ombudsman does not award punitive damages or compensation for time spent on the complaint

    An illustration of this was where Y sold investment property with settlement planned for 22 Nov. On 11 Nov, his bank informed him that they had lost the deeds. There followed several anxious days of calls and complaints, an application for a new CT, before the old one was found and settlement effected on 22 Nov as planned. Y claimed his expenses and $15,000 punitive damages for all the stress. The bank offered $300 in compensation. The O policy was that a person must be moderately robust in the way they deal with unexpected problems. O does not award punitive damages and does not award compensation for time spent pursuing a complaint.


    Exam questions l.jpg
    Exam Questions AS4269-1995 or other as approved by ASIC

    March 2008 QB3

    • David is a postman who steals a few envelopes containing cheque books during the year. He signs and cashes one or two cheques, then discards the books. Who bears the loss of this fraud?

    • Summarise the requirements of clause 10 of the EFT Code of Conduct relating to internal complaint investigation and resolution procedures.

    • Describe 3 ways in which electronic commerce can create new legal dilemmas.


    Exam questions march 2007 l.jpg
    Exam Questions-March 2007 AS4269-1995 or other as approved by ASIC

    • Is it , or is it not, a reasonable attempt at “disguise” for the purposes of the EFT Code of Conduct to put your PIN giving access to your bank account in your electronic organiser protected by a code? Explain why or why not.

    • If a family member forges your signature on cheques drawn on your account to pay for a shopping spree, can you stop the bank from debiting your account? Explain why or why not.


    Exam questions indirect l.jpg
    Exam Questions-indirect AS4269-1995 or other as approved by ASIC

    As well as by direct questions, knowledge of this module can be examined indirectly.

    Questions dealing with other topics can involve use of electronic commerce…e.g.for transactions, banking, payment, formation of contract emails, advertisements or conduct leading to formation of agreements or action by one party.


    ad