media release (17-376MR)

Citibank refunds $1 million following misleading statements made to customers about their rights under the ePayments Code


Citibank has refunded around 4,000 current and former customers more than $1 million after misstating the bank’s obligations around unauthorised transactions on customers’ accounts.

Citibank had refused customers’ requests to investigate unauthorised transactions because it claimed the requests were made outside the time period permitted under the Visa and MasterCard scheme chargeback protections.

Affected customers had made reports to Citibank about ‘card not present’ unauthorised transactions (such as internet transactions), where a payment was made using the credit or debit card number details, rather than the physical card itself.

In letters sent to customers in response to their requests, Citibank incorrectly stated that because the request was made outside the timeframe specified by Visa and MasterCard, it was not required to assess the claim, and that the customer’s only options were to approach the merchant or a fair trading agency.

The letter would likely have misled customers about their protections under the ePayments Code. The ePayments Code provides protections to consumers for unauthorised transactions – these protections are separate to, and not the same as, the protections provided by Visa and MasterCard.

As a result, customers did not have their claims properly considered in accordance with Citibank’s contractual obligations with those customers under the ePayments Code.

To remediate affected consumers:

  • Current customers will have their accounts refunded
  • Former customers who are owed more than $20 will be sent a bank cheque
  • Former customers whose individual amounts were more than $500 and cannot be located will have their funds treated in accordance with unclaimed money requirements
  • For former customers owed less than $20, and those who cannot be located with amounts less than $500, an equivalent amount will be donated to charity

If a donation is made and the customer comes forward, Citibank will honour individual refunds.

Citibank has also reviewed its processes to ensure there are no further miscommunications about its obligations under the ePayments Code.

“If an unauthorised payment has been made on their account, customers should be confident that their bank will appropriately investigate the payment. Customers should never be misled about their rights under the Code.” ASIC Deputy Chair Peter Kell said.

“Banks should ensure in all their communications that they are clear and accurate with customers about their consumer rights.”

Citibank’s remediation program covered consumers who may have received the letter between 1 January 2009 to 22 July 2016, and did not have their claim appropriately assessed.

Customers who have questions about the remediation should contact Citibank:13 24 84


ASIC administers the ePayments Code, which regulates consumer electronic payments, including ATM, EFTPOS and credit card transactions, online payments, internet and mobile banking, and BPAY.

The Code sets out banks’ responsibility to their customers regarding unauthorised transactions on their accounts.

An unauthorised transaction means a transaction that is not authorised by the customer (for example, accessing the customer’s online banking and making unauthorised transfers or making purchases using a stolen credit or debit card).

Separately, the card schemes such as Visa and MasterCard have ‘chargeback’ processes outlined in their scheme rules. A chargeback is a customer request for their bank or card company to get the money back from the merchant or shop, and is often initiated by the customer’s bank. Although the protections provided by Visa and MasterCard may overlap with the protections in the ePayments Code, there are differences.

A subscriber to the ePayments Code cannot refuse to investigate an unauthorised transaction and return those funds to the customer under the framework provided under the ePayments Code just because the time limit for requesting a chargeback has expired.

ASIC's MoneySmart website has information for consumers about the ePayments code, including how to report an unauthorised transaction on their bank account or credit card.

Media enquiries: Contact ASIC Media Unit