After uphill battle, bank refunds $12,000 to skimming victim

Commonwealth Bank of Australia eventually reversed its decision to deny a Sydney man a refund for fraudulent withdrawals from his account

The still photos captured by CCTV are fuzzy: a figure wearing a track suit, a pair of sneakers and a black hooded sweatshirt, standing at various cash machines in northern Sydney in the middle of the night.

In June and early July, the shadowy figure withdrew a total of A$11,790 (US$12,217) from the account of Louay El-sayah, a 38-year-old construction manager from Sydney. (See a map of the withdrawals here.) El-sayah, who has five children, reported the theft to his bank, Commonwealth Bank of Australia, one of the country's largest financial institutions.

After a 45-day waiting period, El-sayah was denied a refund. "I didn't expect that," he said. "Not from Commonwealth Bank."

After several in-person efforts by El-sayah and a telephone query last Friday from IDG News Service, Commonwealth reversed its decision on Monday and will refund his money. But El-sayah's experience highlights the battle consumers can face when claiming fraud on their accounts, and the many reasons banks can use to deny those claims.

View The path of a fraudster, one late-night withdrawal at a time in a larger map

El-sayah appears to have been a victim of "skimming," an attack where a person's debit card details are copied from the magnetic stripe on the back of their card and encoded onto a fake card. The four-digit PIN can be recorded by observation or by modifying the PIN pad on point-of-sale devices or ATMs.

Skimming attacks are still successful in Australia since most banks have not yet fully implemented an upgraded security system being rolled out worldwide called EMV (Europay, MasterCard, Visa). EMV debit and credit cards have a microchip that facilitates a complicated cryptographic transaction that so far has not been defeated by criminals.

Many Australian ATMs, however, continue to rely on the card's magnetic stripe, even if the card has a microchip. Due to how the machines are configured, ATMs can't always detect whether a real or a cloned card is being used, although banks are upgrading the ATMs to the EMV specification. It makes it harder for fraud victims to prove they aren't lying since the banks see only that a valid PIN was entered.

Ross Anderson, a professor of security engineering at Cambridge University's Computer Laboratory, said the upgrade to EMV may even make it more difficult for customers because "banks will start claiming that since the system is now secure, customers who complain must be at fault."

"Of course, EMV has vulnerabilities too, and you'll see them being exploited in due course," said Anderson, who had extensively studied payment systems.

El-sayah said he was always in possession of his debit card and never revealed his PIN to anyone else. El-sayah, who describes himself as a "pretty paranoid person," said he was shocked by the fraud. Five of the withdrawals were for $2,000 each. "In this case, someone is pulling $2,000 out of my account every night and nobody contacted me," he said.

He says bank personnel initially advised him to destroy his debit card and not to file a police report. But a subsequent letter from Commonwealth dated Aug. 15 cites the lack of a police report as one reason for rejecting his claim. He later filed a police report anyway, despite the reluctance of the police to accept it.

The letter says his refund was denied under sections 5.5 and 5.6 of the Electronic Funds Transfer Code of Conduct, a set of rules followed by Australian banks regarding payment system problems. The code gives wide leeway to banks when making decisions about fraud.

Commonwealth also said El-sayah's card was used with the correct PIN on the first attempt. "Entry of correct code at first attempt in an unauthorized transaction is a significant factor in determining liability," the letter states.

The bank also says that having a high withdrawal limit increases the liability consumers can have for fraud. El-sayah's limit was $2,000. The high total amount of the fraud was continually referenced by Commonwealth personnel when discussing his case, despite also telling him he was a victim of skimming.

After receiving the letter, El-sayah contested the decision more aggressively. When IDG News contacted Commonwealth's media office on Friday, spokeswoman Tracy Hicks said that "the number of transactions that took place is obviously an issue" and that the bank was obtaining CCTV footage.

On Monday, in a rare move, El-sayah was allowed to view still images taken by the cameras during some of the fraudulent withdrawals. The images, however, were of low quality, and the perpetrator's face was obscured by the hooded sweatshirt, El-sayah said.

Later on Monday, El-sayah was informed he would receive a refund. Had it not been for the increased pressure on the bank, "I don't think I would have gotten the refund," he said.

Commonwealth's Hicks declined to discuss El-sayah's case further on Tuesday, and the bank did not respond to an email requesting an interview with Commonwealth executives about its fraud policies.

Send news tips and comments to

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments


James Cook University - Master of Data Science Online Course

Learn more >


Victorinox Werks Professional Executive 17 Laptop Case

Learn more >

Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?