Galexia

Submission - Joint submission to the 2007 Review of the Electronic Funds Transfer (EFT) Code of Conduct to ASIC (May 2007)

Q35 – Should the circumstances when the account holder is liable on the basis of unreasonably delayed notification under cl 5.5(b) be extended to encompass unreasonable delay in notifying online security breaches of which the user becomes aware?

Unreasonable delay is an important test of liability in the Code and should be extended to cover all relevant circumstances. The test, however, should remain focussed on when the user becomes aware of a breach.

Clause 5.5 (b) could be improved by the addition of a third Sub-Clause to cover circumstances where another form of security breach has resulted in an unauthorised transaction, and the consumer has become aware of the resulting unauthorised transaction.

Care needs to be taken to ensure that the user does not have to report potential security breaches that have not lead to an unauthorised transaction outside the limited circumstances covered in Sub-Clause (a) and Sub-Clause (b). The example scenario provided in the ASIC Consultation paper is too broad because consumers will regularly provide basic identifier information (e.g. card number and expiry), but they cannot be expected to be aware of a security breach in such circumstances until an unauthorised transaction occurs.