Firstrand Bank Ltd v Kgethile (M370/2018) [2021] ZANWHC 63 (31 August 2021)

Firstrand Bank Ltd v Kgethile (M370/2018) [2021] ZANWHC 63 (31 August 2021)

Issue: Whether a bank can hold a customer liable for losses incurred due to unauthorized transactions resulting from the customer's negligence in disclosing their bank account details to a fraudster.

Facts:

Godfrey Kgethile, the respondent, was a customer of Firstrand Bank Ltd (Firstrand), holding a debit card account. The account was intended for debit transactions only, meaning funds could only be used if they were present in the account.

In October 2015, Kgethile fell victim to a phishing scam. Through a fraudulent email, he was tricked into disclosing his bank account details, identity number, proof of residence, and PIN to a fraudster. This enabled the fraudster to make unauthorized transactions from Kgethile's account, resulting in a loss of R2,926,291.59.

Firstrand held Kgethile liable for the losses, arguing that his negligence in disclosing his sensitive information to a fraudster had directly contributed to the unauthorized transactions. They initiated legal proceedings to recover the amount from Kgethile.

Held:

The court held that Firstrand could not hold Kgethile liable for the losses incurred due to the unauthorized transactions. While acknowledging Kgethile's negligence in disclosing his bank account details, the court emphasized the bank's own responsibility in preventing and detecting fraudulent activities.

The court reasoned that banks have a duty of care to protect their customers' funds and to implement adequate security measures to prevent unauthorized transactions. In this case, Firstrand failed to detect the fraudulent transactions despite having systems in place to monitor suspicious activity.

The court also noted that the fraudster's actions were sophisticated and specifically targeted at exploiting Kgethile's vulnerability. In such cases, the victim's negligence should not be the sole basis for shifting the loss onto the customer.

Key Facts:

• A bank customer fell victim to a phishing scam and disclosed their bank account details to a fraudster.
• The fraudster used the customer's information to make unauthorized transactions, resulting in significant losses.
• The bank attempted to hold the customer liable for the losses due to their negligence in disclosing their information.

Reasons:

• The court found that the bank could not hold the customer liable for the losses.
• The court emphasized the bank's duty of care to protect its customers' funds and implement adequate security measures.
• The court noted that the bank failed to detect the fraudulent transactions despite having systems in place to monitor suspicious activity.
• The court also considered the sophistication of the fraudster's actions and the targeted nature of the scam.

Conclusion:

The court's decision in Firstrand Bank Ltd v Kgethile (M370/2018) [2021] ZANWHC 63 (31 August 2021) highlights the shared responsibility between banks and customers in preventing and mitigating financial fraud. While customers have a responsibility to safeguard their personal information, banks also have a duty to implement robust security measures and act promptly to detect and address fraudulent activities.