Galexia

Submission - Joint response to the Review of the Electronic Funds Transfer Code of Conduct (2008)

                                                        

Joint response to the consultation paper Review of the Electronic Funds Transfer Code of Conduct 2007/08: ASIC proposals

CHOICE
Consumer Action Law Centre
Consumers’ Federation of Australia

(December 2008)

Prepared by: Galexia
Suite 95 Jones Bay Wharf, 26-32 Pirrama Road,
Pyrmont (Sydney) NSW 2009, Australia
ACN: 087 459 989
Ph: +61 2 9660 1111
Fax: +61 2 9660 7611
WWW: www.galexia.com

Document Control

Client

This report has been written for CHOICE, the Consumer Action Law Centre and the Consumers’ Federation of Australia.

Document Purpose

This document is a joint submission in response to the consultation paper Review of the Electronic Funds Transfer Code of Conduct 2007/08: ASIC proposals from CHOICE, the Consumer Action Law Centre and the Consumers’ Federation of Australia.

Document Production

This document was prepared by Galexia. Guidance, input and comments were received from a small reference group of consumer stakeholders.

Consultant Contact: Chris Connolly (Director)
Galexia
Suite 95 Jones Bay Wharf
26-32 Pirrama Road, Pyrmont NSW 2009
Phone: +612 9660 1111
Fax: +612 9660 7611

Copyright

Copyright © 2008 Galexia, CHOICE, Consumer Action Law Centre and Consumers’ Federation of Australia.

Download this article as a PDF (442KB) »

Executive Summary

This document is a joint submission from CHOICE, the Consumer Action Law Centre and the Consumers’ Federation of Australia to the Australian Securities and Investments Commission in response to the consultation paper Review of the Electronic Funds Transfer Code of Conduct 2007/08: ASIC proposals (the Consultation Paper).

This document was prepared by Galexia. Guidance, input and comments were received from a small reference group of consumer stakeholders.

Funding assistance was received from the Australian Securities and Investments Commission Consumer Advisory Panel (ASIC CAP).

Consumer stakeholders see this review as an opportunity to improve the EFT Code. This submission attempts to answer every question raised in the Consultation Paper (other than questions directed at business stakeholders).

Chapter B

Proposal B1

We propose to include a statement of objectives in the revised EFT Code reflecting the following objectives:

(a) providing adequate consumer protection measures for electronic payments;

(b) promoting consumer confidence in electronic banking and payment systems;

(c) promoting better informed consumer decisions about electronic funds transfer services by providing effective disclosure of information;

(d) providing clear and fair rules for allocating liability for unauthorized transactions that reflect long standing banking law principles and build community trust in online funds transfers;

(e) promoting effective procedures for resolving consumer complaints; and

(f) having all businesses that offer electronic funds transfer transactions subscribe to the EFT Code.

 

B1Q1 Do you agree with these objectives? What other objectives should the statement of objectives include?

Consumer stakeholders support the inclusion of this set of objectives in the Code. There is some inconsistency in the terminology that could be improved during the plain language review of the Code text. For example, four different terms are used in this section to describe electronic funds transfers:

  • Electronic payments;
  • Electronic banking and payment systems;
  • Electronic funds transfer services; and
  • Online funds transfers.

Proposal B2

We propose to replace the current two-part structure of the EFT Code with a one-part structure, incorporating tailored requirements for different products.

 

B2Q1 Do you agree with this proposal? Please give reasons.

Consumer stakeholders support this approach. The 2007 Joint Consumer Submission noted that the Code structure had become complicated and suggested that the two-part structure should be removed. The simplified structure should also help to ensure greater consistency.

Proposal B3

We propose to:

(a) redraft the EFT Code to cover all electronic funds transfer transactions initiated electronically;

(b) include a non-exhaustive list of examples of the transactions the EFT Code covers;

(c) include a non-exhaustive list of examples of the transactions the EFT Code does not cover, including:

(i) cheque transactions; and

(ii) card transactions, where the payment instruction is intended to be authenticated by comparing the consumer’s manual signature with a specimen signature.

 

B3Q1 Do you agree with this proposal? Please give reasons.

ASIC has proposed that the Code be redrafted to apply to ‘all electronic funds transfer transactions initiated electronically’. This is a very broad definition and it is supported by consumer stakeholders. However, consumer stakeholders believe that the exact coverage of credit cards should be clarified.

ASIC has also included a non-exhaustive list of on-exhaustive list of examples of transactions covered by this definition, and this list only includes one category of credit cards:

  • Credit card transactions that are intended to be authenticated by an electronic signature, including by entering a PIN and by signing an electronic tablet;

This definition of credit card transactions would not appear to cover the numerous transactions that occur over the phone and Internet (and via email) where there is no PIN or ‘electronic’ signature. In these transactions the consumer typically just provides name and address details and the credit card number and expiry date. Sometimes a security code is required (e.g. the card verification number from the back of the card). But in the majority of cases no additional information is provided.

As this category of transactions represents an enormous proportion of all electronic funds transfers, consumer stakeholders want to ensure that it is included. It is possible that this category is already included in the broad definition of electronic funds transfers as the transfer is initiated electronically, and it clearly falls outside the ‘negative’ definition for credit cards that require comparison with a specimen signature. However, to ensure absolute certainty, this category should be added to the list of examples of transactions covered by the definition. The proposed form of words for this second category of included credit card transactions is:

  • Credit card transactions that are initiated electronically but do not make use of a secret or non-secret code, password, or electronic signature.

Proposal B4

We propose to tailor the requirements for transactions performed using newer electronic payment products with the following features:

(a) the product issuer is not able to cancel the product if it is lost or stolen;

(b) there is no electronic authentication mechanism to safeguard consumers against unauthorised transactions (e.g. a PIN or electronic signature is not required); and

(c) the maximum value that can be held on the product at one time is $100 or less.

The general requirements under the EFT Code would not apply to transactions using these products. For example, the requirement to give periodic statements and the rules allocating liability for unauthorized transactions would not apply. Table 4 summarises the tailored requirements that would apply under our proposal. 

 

B4Q1 Do you agree with this proposal? Please give reasons.

Consumer stakeholders support these proposals.

B4Q2 Is $100 the right cut off point for this lighter-touch regime?

Consumer stakeholders support a $100 cut-off point for the customised clauses for newer electronic payment products. The cut-off point should be reviewed as part of each review of the EFT Code.

Proposal B5

If businesses offering electronic funds transfer payment products do not subscribe to the EFT Code voluntarily, we propose that the government give consideration as to whether:

(a) membership of the EFT Code should be made mandatory; or

(b) whether consumer protection in this area should be dealt with through regulation.

 

B5Q1 Do you agree with this proposal? Please give reasons.

ASIC has proposed that the government consider either making Code membership mandatory for businesses offering EFT services, or dealing with consumer protection for EFT services through regulation. This is an important issue and consumer stakeholder strongly support resolution of this issue.

It is essential that emerging payment systems, payment intermediaries and mobile payment providers are all covered by the same standards of consumer protection. Consumers will be confused about their rights and responsibilities if there are gaps in coverage. Also, existing members of the Code should not be disadvantaged.

Consumer stakeholders suggest that when the revised Code comes into effect all EFT Service providers should be warned that membership of the Code is expected to be universal within 12 months. At the end of the 12 month period ASIC should initiate a review of coverage. If there are gaps in coverage, consumer stakeholders will support a mandatory code.

If necessary, consumer stakeholders will support regulation, although it should be noted that the change in status and terminology that will result from such a change may lead to confusion and may also lower the profile that has been achieved during the long history of the Code.

Proposal B6

We propose to redraft the EFT Code as a principles-based code in plain English. In terms of timing, we propose to undertake this work as a separate process after we have finalised and publicly released our recommendations for substantive changes to the EFT Code.

 

B6Q1 Do you agree with this proposal? Please give reasons.

Consumer stakeholders support this proposal, and its timing, and would like the opportunity to participate in the plain language review, resources permitting.

Proposal B7

We are interested in exploring whether the EFT Code should be extended to protect small business consumers. We plan to discuss this possibility in coming weeks with stakeholders, including financial services providers and small businesses.

 

B7Q1 Should the EFT Code protect small business consumers?

ASIC is considering extending the Code to protect small business consumers, with a possible increase to the no-fault liability threshold.

Consumer stakeholders believe that there should be complete consistency between consumers and small / home business as the distinction is often blurred, and the distinction has been abused in other fields (e.g. asking consumers to sign business purpose declarations in order to avoid the provisions of the Uniform Consumer Credit Code).

The convergence of consumer and business banking has increased since the introduction of Internet banking and the widespread use of a single credit card for a mix of consumer and small business purposes. It is now close to impossible to distinguish between consumer and small / home business transactions.

As noted in the 2007 Joint Consumer Submission, the terms and conditions currently provided by financial institutions are often divided into Code compliant and non-compliant sections depending on the ‘business’ nature of the transaction. The non-compliant provisions can be harsher than the compliant provisions – particularly in relation to liability and dispute resolution.

B7Q2 If so, what, if any protections under the EFT Code should be modified for small business consumers, and why?

Consumer stakeholders believe that there should be complete consistency between consumers and small / home business, and do not support any further customisation of rules.

B7Q3 Should the no-fault liability amount be set at 5% of the amount in dispute for disputes between subscribes and small business consumers?

Consumer stakeholders believe that there should be complete consistency between consumers and small / home business, and do not support any further customisation of rules. The no-fault liability amount is only a minor part of the overall EFT Code Framework, and is little used in practice. The benefits of consistent coverage will outweigh any potential benefit from amending the limit for one group of customers, who will be extremely difficult to identify in practice.

B7Q4 What definition of ‘small business’ should the EFT Code adopt?

Consumer stakeholders support the use of the Corporations Act definition.

Chapter C

Proposal C1

We propose to amend the EFT Code to:

(a) clarify that ‘opt-in’ receipt systems comply with the EFT Code;

(b) clarify that subscribers must take reasonable steps to provide a receipt and need not provide a receipt where it is not reasonably practicable to do so; and

(c) permit receipts for voice transactions to specify a number rather than the merchant’s name, where the invoice from the merchant to the consumer includes their name and the number.

 

C1Q1 Do you agree with this proposal? Please give reasons.

Consumer stakeholders support these proposals.

Proposal C2

We propose to redraft the EFT Code to make it clear that:

(a) as specified in their agreement with the subscriber, independent ATM owners must disclose charges for using their ATM before a person performs a transaction (see clause 4.6); and

(b) subscribers need not disclose specific surcharges for using independent ATMs to consumers in statements if they do not know the precise amount of these surcharges.

 

C2Q1 Do you agree with this proposal? Please give reasons.

Consumer stakeholders support the proposed redrafting the Code to make it clear that independent ATM owners must disclose charges for use of ATMs before a transaction. This disclosure will send a good price signal to consumers and may help to introduce competitive pressure on surcharge pricing.

Consumer stakeholders also support improved disclosure of ATM fees (e.g. ‘foreign’ ATM charges) on the screen for all ATM operators.

Consumer stakeholders also accept that there may be some limits on the amount of detail that can be provided in statements regarding surcharges, however this issue should be reviewed in the next review of the EFT Code as information provisions may improve in the future.

Proposal C3

We are interested in your feedback on different approaches to notifying consumers of changes to fees and charges.

 

C3Q1 Should the current EFT Code requirements for notifying changes to existing fees and charges be retained?

Consumer stakeholders support alignment of the EFT Code and Banking Code of Practice / Mutual Code of Practice regarding notification of changes to existing fees.

Proposal C4

We recognise the costs of complying with the obligation to give statements. We are interested in your feedback on whether to modify the EFT Code so that subscribers need not give statements in certain circumstances.

 

C4Q1 Should the EFT Code be modified to so that subscribers need not give statements for accounts with a zero balance where there are no transactions during the statement period?

Consumer stakeholders support further alignment of the EFT Code, the Banking Code of Practice, and the Mutual Code of Practice regarding the provision of statements. Where the balance is zero and there have been no transactions, the absence of a statement does not present any significant risks to consumers.

Chapter D

Proposal D1

We propose to amend the EFT Code to:

(a) include a definition of ‘complaint’ using the definition in Australian Standard ISO 10 002 2006 Complaints Satisfaction—Guidelines for complaints handling in organisations; and

(b) require subscribers to establish internal dispute resolution procedures that comply with the new Standard.

 

D1Q1 Do you agree with this proposal? Please give reasons.

ASIC has proposed a requirement that Code members implement internal dispute resolution systems complying with Australian Standard ISO 10 002 2006 Complaints Satisfaction – Guidelines for complaints handling in organisations.

Consumer stakeholders continue to experience problems and frustration with internal dispute resolution in relation to EFT Code issues. The implementation of further guidelines is welcome, but is unlikely to lead to significant improvement without greater allocation of resources to monitoring and enforcement.

Although consumer stakeholders support this proposal, it is recommended that efforts focus on monitoring and enforcement (discussed below in Proposal G4 at page 19).

Proposal D2

We propose to amend clause 10.3 to provide that a subscriber can investigate a complaint for one business day before giving consumers written information about how it resolves complaints.

 

D2Q1 Do you agree with this proposal? Please give reasons.

Consumer stakeholders support this proposal.

Proposal D3

We propose to introduce a requirement for subscribers to respond to requests for information from another subscriber within 30 days, unless there are exceptional circumstances.

 

D3Q1 Do you agree with this proposal? Please give reasons.

Consumer stakeholders support this proposal. There is a history of buck-passing and blaming third parties for delays in EFT Code dispute resolution, resulting in lengthy delays, frustration and additional hardship for consumers.

Proposal D4

We propose to amend the EFT Code so that where an external dispute resolution scheme asks for information from a subscriber and they do not provide it:

(a) the scheme must give the subscriber an opportunity to explain why they cannot supply the information; and

(b) if the subscriber does not provide a satisfactory explanation, the scheme can resolve the factual issue the information relates to on the basis of the information available to it.

 

D4Q1 Do you agree with this proposal? Please give reasons.

Consumer stakeholders support this proposal. It would be beneficial to have this power embedded in the EFT Code so that all EDR providers have a consistent power, rather than relying on the individual terms of reference of all of the different EDR providers.

Proposal D5

We propose to amend the EFT Code to introduce a six-year time limit for complaints. The limit would run from the time that the complainant first became aware, or should reasonably have become aware, of the event that the complaint is about.

 

D5Q1 Do you agree with this proposal? Please give reasons.

Consumer stakeholders are concerned that the period should only begin when the consumer becomes aware of the breach, and that financial institutions do not unfairly rely on limitation periods to discourage legitimate complaints. Consumer stakeholders support a six-year time limit.

Chapter E

Proposal E1

We propose to amend the EFT Code so that a consumer is liable for unauthorised transactions that occur because they leave a card in an active ATM, where the ATM automatically shuts down within 40 seconds.

 

E1Q1 Do you agree with this proposal? Please give reasons.

ASIC has proposed making consumers liable for unauthorised transactions that occur because a card is left in an ATM, where the ATM is configured so as to shut down automatically after 40 seconds if the consumer does not remove their card.

Consumer stakeholders do not support an arbitrary application of liability to consumers in all such cases. These cases should continue to be treated on their individual merits. There will be some situations where a consumer leaves the card in the machine due to illness. This might include a fainting spell or angina attack, or perhaps a more serious medical event.

There is also a new trend in robberies where consumers are distracted by a person ‘seeking help’ or ‘spilling water’ on them as they use an ATM or leave a bank with cash. While they are distracted their cash, wallet or card is stolen, and this form of attack could be extended.

Consumer stakeholders recommend that this new provision should be dropped OR a test of recklessness on the part of the consumer should be added to the provision.

Proposal E2

We propose to require subscribers to prohibit merchants from taking consumers’ PINs as part of book up practices in merchant agreements.

 

E2Q1 Do you agree with this proposal? Please give reasons.

Consumer stakeholders support this proposal. ASIC will be aware that consumer stakeholders have campaigned for many years in support of this prohibition.

Proposal E3

We propose to deal with the issue of mistaken payments in the EFT Code. We propose to convene a stakeholder roundtable to advance this issue in coming weeks.

 

E3Q1 Do you agree with this proposal? Why?

Consumer stakeholders are participating in the separate ASIC process to resolve mistaken payment issues, and are encouraged by the proposals to date for resolution of this important issue. Consumer stakeholder views are expressed in greater detail in the submissions to the separate ASIC process and are not repeated here.

Chapter F

Proposal F1

We propose to:

(a) amend the EFT Code so that subscribers can meet their disclosure obligations under the Code electronically by using emails to notify consumers that information that must be disclosed is available from a website; and

(b) impose the following conditions [not extracted here]:

 

F1Q1 Do you agree with this proposal? Please give reasons.

Subject to concerns regarding hyperlinks (discussed below in Proposal F3 at page 17), consumer stakeholders support this proposal.

F1Q2 Is 18 months/two years a reasonable period for requiring information to be available on a website? If not, what would be an alternative?

Consumer stakeholders support the availability of information for a minimum two-year period.

Proposal F2

We propose to require that receipts:

(a) must include a truncated version of the account number; and

(b) must not include an expiry date or any other extraneous information.

 

F2Q1 Do you agree with this proposal? Please give reasons.

ASIC has proposed that receipts must include a truncated version of the account number, and must not include any extraneous information (such as an expiry date). This is a positive development and consumer stakeholders support this proposal. Consumer stakeholders also note that this provision effectively moves a key privacy protection from the non-binding ‘guidelines’ section of the current Code to the binding text of the main Code.

Proposal F3

We are interested in your views on using hyperlinks to deliver disclosures.

 

F3Q1 Should the EFT Code prohibit the use of hyperlinks to deliver disclosure required under the EFT Code?

ASIC has called for feedback on the issue of Code members meeting disclosure requirements (terms and conditions, receipts, etc) by providing a hyperlink to the relevant information. The Consultation Paper notes on the one hand the increased risk of phishing and other Internet scams this would represent, but on the other hand the speed and simplicity of this approach.

The use of hyperlinks is extremely dangerous and confusing for consumers and consumer stakeholders oppose the use of hyperlinks in any circumstances in the Internet banking context. The use of hyperlinks in EFT Code disclosure is likely to undermine other consumer messages on phishing and scams, where consumers are told not to trust hyperlinks, and many institutions now tell their customers that they do not use hyperlinks.

Consumer stakeholders note that in other contexts, hyperlinks may be appropriate. For example ASIC is considering the use of hyperlinks in relation to the issue of a prospectus.[1] However, in the Internet banking / EFT context it is important that all regulators, financial institutions and consumer organisations send a consistent message regarding hyperlinks.

Chapter G

Proposal G1

We propose that ASIC should have a general power to modify the EFT Code as it applies to a product or class of products, subject to principles of procedural fairness.

 

G1Q1 Do you agree with this proposal? Please give reasons.

Consumer stakeholders accept that the pace of technological change in the EFT context may require greater flexibility in the review and amendment of the EFT Code. Consumer stakeholders support a more flexible approach to amendment of the Code, including a general power for ASIC to amend the Code in exceptional circumstances.

Proposal G2

We propose to require that the EFT Code must be reviewed every five years.

 

G2Q1 Do you agree with this proposal? Please give reasons.

If ASIC is provided with a new power for ad hoc amendment of the Code, consumer stakeholders support a five year period for the general review of the Code. If such a power is not granted, consumer stakeholders support a three year period for the general review of the Code.

Proposal G3

We propose that going forward, subscribers should be required to give ASIC the following information about unauthorised transactions:

(a) the number of unauthorised transactions;

(b) information about the channels used to perform unauthorized transactions; and

(c) data about how disputes about unauthorised transactions were resolved.

Subscribers should be required to provide this data annually.

 

Proposal G4

We also propose that ASIC will also monitor compliance with specific EFT Code requirements. This will replace the current arrangements, which require subscribers to self-report on compliance with every obligation under the EFT Code. The focus of this compliance monitoring will be targeted and may change over time. Subscribers may be required to report information about other specific requirements as part of this targeted compliance monitoring. ASIC may also use other monitoring mechanisms such as shadow shopping exercises.

 

G4Q1 Do you agree with the proposal for subscribers to provide information about the number, nature and resolution of unauthorised transactions? Please give reasons.

Consumer stakeholders support this proposal.

G4Q3 Do you agree with the proposal for ASIC to monitor compliance? Please give reasons.

Consumer stakeholders support this proposal. Indeed, consumer stakeholders see targeted compliance monitoring as the key to improvements in the effectiveness of the Code, particularly in areas such as the effective use of internal dispute resolution. Consumer stakeholders support innovative, targeted compliance monitoring such as shadow-shopping. There is also strong support for the collection and analysis of consumer case studies from casework agencies, although this may have resource implications for some agencies that will need to be taken into account.


[1] Australian Securities and Investments Commission, Facilitating online financial services disclosures, Consultation Paper 93, April 2008, <http://www.asic.gov.au/asic/asic.nsf/byheadline/IR+08-12+Facilitating+online+financial+services+disclosures>.