By Oluwatosin Damilola Mese, Esq

People do not keep money or valuables in banks expecting to lose it due to fraud or unexpected deductions. The primary reason for using a bank is the assurance of safety. When that safety is compromised, it not only raises doubts about the bank’s reputation but also puts customers’ trust in the security of their funds at risk.

The false impression that only those who have an account with the bank can be considered as customers was clarified by the explanation given in the case of G.T.B. V. EKEMEZIE (2016) 2 NWLR PT1497 P.579 PP. 597, PARAS C-E where the court held as follows:

A customer is someone who has an account with a bank, or without having an account the relationship of banker and customer exists. In the latter case, some money transaction must connect banker and customer, but must arise from the nature of a contract.

In the world of banking, an unwavering duty befalls financial institutions-the promise to take good care of your money and other valuables. This is not just a nice thing that bankers are supposed to do; it is in fact a must-do, a fiduciary duty to safeguard the financial interests of their customers. However, here is the twist; this fiduciary duty has caused some legal headaches for the banks. Regrettably, a host of litigation has arisen from this. Now, here is the big question: does the implied duty of care bestowed upon bankers absolve customers armed with the convenience of ATM CARDS, from their own responsibility to shield their funds merely because they repose trust in the vaults of financial institutions? Is the choice to wield the ATM card a pact with ease, or an implicit covenant of shared responsibility?

In the case of AGI V. ACCESS BANK PLC (2014) 9 NWLR PT 1411, Per OGBUINYA, J.C.A. at page 163, paras. B-G opined as follows:

“Before I am done, I must observe that, the process of withdrawing money from the banks by dint of Automated Teller Machine (A.T.M.) debit card is a banking procedure invented to ensure prompt access to customers’ funds, decongestion of the banks over trivial transactions and alignment with the international best standards in banking practices. Unfortunately, for the customers, a regrettable one at that, this commendable objective has turned into their albatross in that it has not yielded the desired laudable results. The helpless and unsuspecting customers are constantly being exposed to avoidable frauds and thereby subjecting the banks to litany of litigations. Tons of banks’ customers lose colossal funds, stashed in the banks’ vault for protection, to unscrupulous and faceless swindlers.

Although, the Automated Teller Machine (ATM) itself and its operations are under the control and management of the banks as held in JWAN V. ECOBANK (NIG.) PLC (2021)10 NWLR PT 1785, P. 449 P. 486, PARAS. A-B, it is crucial that an ATM card-wielding customer is educated on his/her duty as a cardholder. By virtue of paragraph 2.4.6.1 of the Guidelines on Operations of Electronic Payment Channels in Nigeria issued by the Central Bank of Nigeria CBN dated June, 2020 (The guideline), a cardholder has the control and care of his Automated Teller Machine Card. Paragraph 2.4.6.1 of the guideline provides thus:

“A cardholder shall:

Store the payment card and protect his/her PIN with due care.
Not keep his payment card together with the PIN.
Notify the issuer without delay, about missing, stolen, damaged, lost or destroyed card.
Not make the payment card available to unauthorized persons.”
From the above, it becomes clearer that the words “custody” and “care” are synonymous. See NIGERIA PORTS PLC V. B.P. PTE LTD. (2012) 18 NWLR (PT. 1333) 454, P. 484, PARA. H.

In the case of AGI V. ACCESS BANK PLC (Supra) at Pp. 155-156, paras. H-A, His Lordship Per OGBUINYA, J.C.A. established that a cardholder who has custody also is in care of his ATM card.

Where a person has custody of an item, it implies that the person in custody is in care and control of it for inspection, preservation and security. In the instant case, the appellant’s evidence confirmed that the appellant’s Automated Teller Machine card was in the appellant’s custody.

Interestingly, once a transaction is authorized with the customer’s PIN, the bank’s ability to intervene is limited unless prompt reports of fraudulent activity are made. This underscores the pivotal role of customers in safeguarding their ATM cards. Responsibility for the card’s safety rests squarely on the customer’s shoulders. The bank, once provided with the correct PIN, assumes the transaction is legitimate. See the case of JWAN V. ECOBANK (NIG.) PLC (2021)10 NWLR PT 1785, P. 449 Pp. 485, paras. G-H where it was held thus:

The Automated Teller Machine (ATM) card issued by a bank is akin to a cheque, which must be honoured on request once there is enough funds in the customer’s account. Failure to do that means the banker is in breach of the duty of care owed to its customer.

It is the customer’s responsibility to ensure that the card is not lost or stolen, preventing unauthorized individuals from exploiting the PIN for malicious purposes. In essence, the customer’s actions directly influence the integrity of the transaction process.

If customers observe any unauthorized transactions, it is imperative that they report it to the bank without delay. Failure to do so can exacerbate the situation, as the bank’s ability to intervene diminishes over time. The efficiency of the system relies partly on the customer’s diligence in promptly identifying and reporting any irregularities. While the bank provides security measures, the effectiveness of these measures also hinges on the proactive engagement of customers in adhering to best practices for card safety.

In the case of U.B.A. PLC V. WASIU (2017)4 NWLR PT 1555, P. 318 PP. 338, PARAS. F-H the court held as follows:

In line with established traditions in the banking industry, the Central Bank of Nigeria as a regulator of the industry in accordance with international best practices issued a policy guideline to regulate the industry called “Guidelines on Electronic Banking in Nigeria”. In relation to automated teller machine (ATM), the Guidelines provide the prescriptive guideline that a bank will be considered liable for fraud arising from card skimming and counterfeiting except where it is proven that the merchant is negligent. However, the card holder will be held liable for fraud arising from pin misuse.

Atm Card-wielding customers must therefore ensure that their card details are not carelessly put just on any website/platform using ‘card on file’ while initiating transactions online. For the avoidance of doubt, ‘Card on file’ is a situation where a business or service provider securely stores a customer’s debit card information for future transactions which enables and allows the customer to make purchases or payments without needing to enter their card details again each time. The stored card details and information is used to process payments automatically whenever the customer makes a purchase with a view to making payment process more convenient and efficient.

While the responsibility of keeping an ATM card safe is indeed crucial for customers, it is essential to acknowledge certain factors that may limit their control and place shared responsibility with the bank.

Firstly, vulnerabilities in the banking system, such as data breaches or card skimming devices, can compromise the security of ATM cards without any fault on the part of the customer. In such cases, customers may fall victim to unauthorized transactions despite their diligence in keeping the card secure. The evolving landscape of cyber threats demands continuous improvement in the security infrastructure of banks, placing a shared responsibility on financial institutions to fortify their systems against external threats.

Furthermore, it is only fair that the burden of responsibility should not be solely on customers but shared, as the bank possesses advanced fraud detection technologies and has access to transaction patterns and anomalies. Banks could play a more active role in proactively identifying and preventing fraudulent activities, thereby reducing the reliance on customers to notice and report irregularities.

In conclusion, while customers undoubtedly bear a significant responsibility for the safety of their ATM cards, it is crucial to recognize external factors that can contribute to security breaches. Shared responsibility with banks becomes paramount in addressing these challenges, ensuring a more robust and collaborative approach to safeguarding financial transactions.

Written by Oluwatosin Damilola Mese, Esq.,Managing partner, Tatose Attorneys, Tatoseattorneys@gmail.com, 08138409651