The High Court of Uganda recently in the case of Aida Atiku v Centernary Rural Development Bank Ltd Civil Suit No. 0754 of 2020 made a ruling that brought about a development in the law that is governing online banking in Uganda in regard to fraud.
BRIEF FACTS
The plaintiff opened up an account with Centenary Bank with the help of her daughter who read for her all the necessary documents. The plaintiff had an eye impairment but never informed the defendant about it so that they could render any relevant help. In signing these documents, the plaintiff consented to Cente-Mobile which an online banking service for the defendant bank and a notification was sent to her phone through the phone number she used to open up the account. On different occasions, money withdraws were initiated through the plaintiff’s phone number but without the plaintiff’s knowledge or authorization. Other than the plaintiff, no other person accessed her phone other than her daughter and neither was her phone ever stolen. Notification messages were sent to the plaintiff’s number every time a withdraw was initiated but the plaintiff claimed she only received one notification. On realizing her money was missing from her account, the plaintiff approached the defendant bank requesting for a refund which resulted in to the suit.
ISSUES
- Whether or not the plaintiff’s account was fraudulently and/or negligently debited by the defendant?
- Whether or not the defendant is liable for the fraudulent and/or negligent withdraws made on the plaintiff’s account?
- What remedies are available to the parties?
HIGHIGHTS FROM THE RULING
- When a person of full age and understanding puts his or her signature to a legal document without taking the trouble of reading it or without asking the document to be read and explained to him or her. But rather goes on to sign the document relying on the word of another as to its character, content and effect then he or she cannot be heard to say that it is not his or her document. In this case, the plaintiff never informed the defendant bank of her eye impairment and since she went ahead to sign the document relying on what her daughter read hence she was bound by her signature and it represented her consent to all the services she signed up for.
- Where there was no pressure applied by the defendant bank in procuring the plaintiff’s signature, such as where the customer was given the opportunity to obtain independent legal advice but the customer maintains a firm view that he/she wants to execute the instrument, the customer understood the nature and effect of the document, and the terms of the document are not unjust or unreasonable in anyway.
- Under the doctrine of 𝑛𝑜𝑛 𝑒𝑠𝑡 𝑓𝑎𝑐𝑡𝑢𝑚 courts can set aside a transaction just in case the affected party can prove they had a special disadvantage that the other party knew about and that party used this disadvantage to exploit the affected party. Such disadvantage must be substantial enough to affect their ability to make a judgment as to their best interest and must have been sufficiently evident to the other party. In this case, the defendant bank was never informed about the plaintiff’s eye impairment and could not have used it to take advantage of her.
- Banks have a duty to put in place robust fraud detention and prevention solutions to protect their assets, systems and customers. To take reasonable care to ensure that their digital banking systems and technology are secure and also to identify any suspicious transactions.
- Digital bank customers have a duty to prevent fraudsters from gaining access to their personal login details. These are supposed to be kept confidential inclusive of user IDs, passwords, and pin numbers among others. Where it’s the customer that holds the blame for being reluctant on keeping such information confidential and resulting into bank fraud with the customer losing their money, the customer cannot receive any refund for the resultant loss.
- Where the customer fails to change the temporary password that is shared by the bank immediately to one of their choice then they could be construed as being negligent.
- The risk of loss for an unauthorized transaction lies with a customer if the bank can establish that the security procedure it has in place is a commercially reasonable method of providing security against unauthorized payment orders. The protection system of the defendant bank remained secure and could not be blamed for the loss, the fraud happened as a normal transaction initiated through the plaintiff’s phone number. The defendant bank sent notification messages to the plaintiff’s phone number after the transactions were made and the plaintiff could have reported the transaction to the defendant bank to find a way of stopping the same but didn’t. With this, the defendant bank could therefore not hold the blame for the same.
- Losses attributable to fraud should be borne by the parties in the best position to stop them or prevent them. The withdraws from the plaintiff’s account were all initiated through the plaintiff’s account and there was no way the defendant bank could be suspicious of the transactions since the plaintiff never reported to the defendant bank even when notifications of the transaction were sent to the plaintiff’s phone number. The plaintiff therefore was in a better position to stop the fraud and had to bear the losses.
Find the full judgement here:
https://www.linkedin.com/feed/update/urn:li:activity:6957631022981087233
Disclaimer
No information contained in this writing or article should be construed as legal advice from Legal Notch Uganda or the individual authors, nor is it intended to be a substitute for legal counsel on any subject matter.
For additional information in relation to this article, please contact the author
Joel Peter Namugera
THE LEGAL NOTCH 