LAWFUEL – The Australian Securities and Investments Commission (ASIC…

LAWFUEL – The Australian Securities and Investments Commission (ASIC) has today released a consultation paper inviting members of the public to make submissions on the Electronic Funds Transfer Code of Conduct (EFT Code).

The EFT Code is a voluntary industry code of practice covering all forms of consumer electronic payments transactions. ASIC is responsible for administration of the EFT Code, including undertaking periodic reviews. The Code was first introduced in 1986 and was most recently reviewed between 1999 and 2001.

ASIC’s Executive Director of Consumer Protection, Mr Greg Tanzer, noted that the great majority of consumer banking transactions are now undertaken electronically and emphasised the importance of the EFT Code in regulating the way transactions are carried out and maintaining consumer confidence in the electronic payments marketplace.

‘The EFT Code has played a pivotal role in the regulation of consumer electronic payments for many years. It deals with issues of disclosure, transaction confirmation, liability allocation in cases of fraud, dispute resolution and other areas that are important to us all as users of the payments system’, Mr Tanzer said.

‘The EFT Code complements and extends the protections of the financial services laws, as well as addressing issues such as who bears liability for losses when there is third party fraud that are not dealt with by the law.’

Mr Tanzer encouraged all interested stakeholders to participate in the review process, including representatives of consumer and small business organisations, the banking and payments industry, providers of payments solutions in the retail, m-commerce, transit, tollway,
m-commerce and other sectors, ombudsman schemes and regulatory bodies.
‘Views of a range of interested parties were sought in preparing this consultation paper, and ASIC has endeavoured to reflect the issues raised to date.

‘We also want to ensure that the Code remains relevant and up-to-date, so we are asking people to comment on changes in the marketplace and regulatory developments since the last review and what implications these may have’, Mr Tanzer said.

Key matters to be examined as part of the review include:
�� liability issues arising from the growth and growing sophistication of Internet fraud;
�� regulation of alternative payment facilities;
�� coverage issues, including whether the protections of the Code should extend to small business as well as consumer account holders;
�� obligations around mistaken payments;
�� administrative arrangements associated with the EFT Code, including compliance monitoring and ASIC’s role as Code administrator; and
�� other more specific issues raised by stakeholders in preliminary consultations.
Page 1 of 3
Liability issues arising from the growth and growing sophistication of Internet fraud
‘There have been significant developments in the consumer payments marketplace and regulatory environment since the last review of the Code’, Mr Tanzer said.
‘For example, rapid growth in the use of the Internet as a transaction channel. Unfortunately, this has stimulated an accompanying growth in Internet fraud, including the use of deception-based phishing and the installation of malicious code on users’ equipment. Whether account holders should be required to bear any liability for losses resulting from these types of fraud, is one of the important issues to be addressed by the review, and the matter is discussed in detail in the consultation paper.’
Regulation of alternative payment facilities
In recent years, a greater number of pre-paid payment products, such as electronic gift cards and e-tags, have been introduced to the market. For the most part, these have been issued by entities outside financial services which have not subscribed to the Code such as retailers, toll operators, telecommunications businesses, transit authorities, universities and others.
‘The consultation paper seeks to open a broad discussion of the voluntary framework for regulating alternative payment facilities going forward. I would particularly urge newer or non-traditional providers of payment products and services to make a submission’, Mr Tanzer said.
Mistaken payments
‘Internet banking customers often key in the wrong account number when undertaking a ‘pay anyone’ direct credit transaction, and a mistaken payment results. The current Code does not address this problem. Given this, ASIC’s consultation paper asks whether the Code should mandate practices designed to minimise the chances of mistaken payments situations arising, and whether it should also address questions of liability allocation’, Mr Tanzer said.
All submissions will be considered and the EFT Code will be redrafted by a stakeholder working group chaired by ASIC. The working group, which will be established in early 2007, will include representatives of relevant industry, consumer, dispute resolution scheme and government stakeholders, as well as other experts in the electronic payments area.
There will be a further public consultation on a revised draft code once the working group has completed its initial redrafting of the Code.
Copies of the consultation paper and the EFT Code are available at the EFT Code Review web site:
The closing date for submissions is Friday 13 April, 2007.
The EFT Code regulates consumer ATM and EFTPOS transactions, card-not-present credit card transactions (for example, when goods and services are purchased by phone or over the Internet), telephone and online banking, and telephone and online bill payments. The Code also regulates stored value cards and other stored value products.
The EFT Code only applies to businesses that subscribe to it. All retail banks, building societies and credit unions that offer EFT services to consumer clients subscribe to the Code. In addition, there are a small number of other subscribers. Subscribers agree to be bound contractually by the requirements of the Code, and must reflect this commitment in the terms and conditions applying to their payment services.
Page 2 of 3
Page 3 of 3
The EFT Code has a three-part structure:
�� Part A applies to funds transfers to and from accounts maintained with account institutions including, but not limited to, banks and other financial institutions;
�� Part B separately regulates stored value facilities and transactions; and
�� Part C covers privacy, electronic communications and Code administration.
The EFT Code provides consumer protection in areas including:
�� disclosure of terms and conditions;
�� receipt requirements/ records of available balance;
�� provision of statements;
�� liability allocation when there is a dispute about an unauthorised transaction*;
�� rights to exchange stored value, and refund lost or stolen value (in the case of stored value facilities);
�� dispute resolution procedures;
�� privacy; and
�� electronic delivery of statements and other information.
*A central aspect of the EFT Code is the detailed regime it sets out (in Clause 5) for determining when the account institution (and when the cardholder) bears losses resulting from an unauthorised transaction by a third party. Under the Code, the account holder will be liable if the account institution can prove that:

�� The account holder (or authorised user) acted fraudulently;
�� There was ‘unreasonable delay’ by the account holder/ user in notifying loss or theft of the card or other security breach; or
�� The account holder/user failed to safeguard the security of access codes (such as PINs) in one of a number of specific ways – by voluntarily disclosing their PIN, by keeping an undisguised record of their PIN on or with their card, by using certain easily guessed PIN numbers, or by acting ‘with extreme carelessness’ in failing to protect their PIN and any other access codes.

Otherwise, however, the account holder is either:
�� Liable for a maximum of $150 only (on a ‘no fault’ basis); or
�� Not liable at all. For instance, in situations when the loss is due to conduct of the account institution’s employee, when loss occurs before the account user receives their access code, or when it occurs after notification of the security breach.

ASIC has been responsible for administering the EFT Code since 1998. As part of its responsibilities, ASIC is required under Clause 24.1(a) to periodically review the Code and associated administrative arrangements, in consultation with other stakeholders. The Code was last reviewed by a stakeholder working group, chaired by ASIC, during 1999 – 2001.

For further information contact:
Greg Tanzer
Executive Director Consumer Protection
Telephone: 07 3867 4704 Mobile: 0411 549 144
Emma Forehan
ASIC Media Unit
Telephone: 03 9280 3354
Mobile: 0409 702 310

Scroll to Top