The complainant had packages waiting for collection at the Post Office. He received a notification on email, which appeared to be from the post office, with a link, advising that the packages were at the post office, and he needed to pay a “collection fee” of R42.50.


He pressed on the link and inserted card details to make the payment. He received the OTP and inserted the OTP in the link. A few seconds later he received a notification from the bank that an amount of R16 428 had been debited from his account. He reported the matter to the bank and the bank repudiated the claim.


Our office found that the complainant was phished, and he inserted his details on a fake Post Office website. When the OTP was delivered to his cell phone number, he did not read the whole notification and merely inserted the OTP. Had he read the whole notification, he would have realised it was not a R42.50 payment to Post Office, but a CHF 1000 payment to Bigo.live. Unfortunately, he unknowingly authorised the fraudulent transaction and we could not find any maladministration on the part of the bank. Accordingly we could not make a finding in the complainant’s favour.


Principle: Banking customers have a duty to ensure that they carefully read their SMS / OTP Notifications before authorizing a transaction. Failure to do so, will result in the bank customer being held responsible for the loss that is suffered.

Related Case Studies