A woman from Iasi made an online payment of 40,000 lei, which she later disputed after noticing that the website was a clone of the original one. After negotiations at CSALB, the bank offered the sum of 20,000 lei as a commercial gesture. The decision stated that if damages are compensated as a result of police actions, the consumer must return the amount charged to the bank, the Center for Alternative Dispute Resolution in the Banking Sector sent us on Wednesday.

Bank cardsPhoto: AGERPRES

Examples of cases where banks have accepted negotiations with consumers under CSALB

  • Card data sent by SMS / e-mail: A CL consumer from Bucharest disclosed her personal card details as a result of an ad posted on a sales site. The loss was 17,280 lei, and the bank offered 8,640 lei as a commercial gesture. The consumer undertakes to return this amount to the bank in case of damages.
  • International Payments / Billing Fraud: A FS consumer from Harghita noticed that payments were being made to several companies in Spain from his personal account without his consent. The bank returned the entire amount (2,400 lei) for the contested transactions. The decision states that the bank will collect this amount if damages are compensated as a result of criminal proceedings conducted in this case.

The Center for Alternative Dispute Resolution in Banking (CSALB) received 46 inquiries on the topic of account fraud, observing an upward trend in the number of inquiries in December, also driven by the fact that online transactions increased.

Only a third (14 cases) of these requests were accepted by the banks for reconciliation, the rest were rejected after the sellers cited the fact that the bank was a third party to the reimbursement obligation, or the payments were made by consumers who disclosed their personal information and independently entered all security data.

Alexandru Peunescu, representative of the National Bank of Romania in the CSALB Coordination Council: “The issue of account fraud, card fraud or identity theft is a big responsibility for both consumers and banks. We encourage consumers to check their account more often, especially during this period. If they don’t have online banking apps that allow them to do this remotely, one method would be to access SMS alert services for payments made from the account. Even if it will involve a fee charged by the bank, a good guard in such cases avoids the danger and the benefits are undeniable. Then, if they notice that money has disappeared from their account, they should immediately notify the bank and the police and issue a chargeback that they believe is fraudulent. Banks are obliged to resolve the issue of withdrawal of consumer payments as soon as possible, so that illegally made payments are not processed and money is not transferred from consumer accounts. We recommend that banking institutions optimize their procedures for blocking payments that consumers consider fraudulent. These fraud claims should be flagged and filtered through all banks’ customer communication channels, whether it’s call centers, email, chat or complaint pages. In addition, it would be advisable for banks to indicate as prominently as possible on their websites when they advise consumers to send a payment refusal about situations in which they notice a fraudulent attempt on their accounts.”

How cybercriminals try to scam you

  • Through emails telling you that you’ve won an expensive gift (or even received an inheritance) after a contest you didn’t even enter;
  • Through cloned sites, the content of which differs from the original sites. They often announce unnaturally high discounts even on newly launched products;
  • Through messages over the phone or received on social media accounts that have links attached and appear to be sent by friends, family or colleagues;
  • Placing fake ads on Google that sometimes appear when you enter the name of a bank in a browser or search engine. The ads simulate bank details and direct you to a page that duplicates the screens of the Internet banking platform. Thus, when you enter your login details, they are copied by attackers to fraudulently log into your account.

Phishing refers to fraud involving banking information: consumers are misled by messages purporting to be sent by a bank, asking them to provide confidential information (card number, PIN code, user or authentication codes); they receive an SMS to the name of the bank asking them for activation data, passwords or activation codes, or asking them to change existing security data. If you receive such a message, call the bank or write to the representative of the bank with whom you are communicating and explain what happened.

How to avoid fraud? Check the received information!

If you receive a message that you are about to receive a cash or prize money into your account, you can verify the authenticity of the message using the requested information. Thus, in order to receive the amount of money, it is necessary to transfer only the IBAN and your name, and not the card data. You only need to enter your card details if you want to make an online payment yourself.

When you shop online, you can check if a site is safe to enter personal data by accessing the information available on the lock that appears next to the site name

Do not proceed with the payment if you are in doubt, and if you have already paid, immediately ask the bank to block the transaction.

Another way to confirm is the name of the email address from which you receive messages or the phone number from which you can receive sms. If you notice grammatical errors, abbreviations, or unusual graphics in the message you receive, these are additional signs that it did not come from the bank, but from a fake or fraudulent account.

Another important tip is not to apply for online banking programs through search engines. Do not share the login data and passwords required to access online banking programs to anyone!

Don’t enter your PIN on any website you visit, no real online transaction will ask you for it!

Pay special attention to envelopes sent by banks with card/PIN codes. They must be intact and the initial PIN set by the bank must be changed at the earliest opportunity. In addition, the personal card and PIN should never be stored in the same place.