Rose Altomare’s lunch with a friend in Etobicoke last August ended up costing her much more than the price of the meal. After she returned home, she discovered her wallet was missing.
“My heart just sunk. I thought I forgot it at the restaurant,” Altomare said.
But it wasn’t there, and it was soon obvious what happened.
“The manager at the restaurant looked at security footage and it showed the actual theft. (A woman) put her hand in my purse and pulled out my wallet,” Altomare told Global News.
She called police, but first she called her credit card companies: MBNA MasterCard, Capital One MasterCard, American Express and Scotiabank Visa. The calls were all made within an hour. But it was too late because in that short span, the thief spent about $3,000. About $1,600 was billed on her Scotiabank Visa card.
Altomare said American Express, MBNA, and Capital One were all “sympathetic” and agreed to reverse the charges. But Scotiabank would not because the bank said her PIN code was too easy to break.
Altomare used part of her birth date as her PIN for years – numbers that would leave the consumer liable in the case of a fraud.
Scotiabank Visa’s Personal Credit Agreement Companion booklet warns: “DO NOT select your birth date, telephone number, licence plate, address, or other easy to guess combinations.”
The bank’s Cardholder Agreement, which is a more detailed document, goes further by warning consumers, “not to use an electronic signature that is a combination selected from your name, date of birth, telephone number, bank account number, address or social insurance number.”
“While we are certainly sympathetic to any of our customers that fall victim to theft or fraud, we also undertake to educate our customers of their security responsibilities as outlined in our Personal Credit Agreement Companion booklet,” Scotiabank spokesperson Rick Roth said in a statement to Global News.
“One of their primary responsibilities is to maintain the confidentiality and safekeeping of their credit card and electronic signature.”
Visa, which does not issue cards directly, markets a zero liability policy.
“Should someone steal your Visa card number you pay nothing for their fraudulent activity,” the policy reads.
Visa’s marketing is plainly written and has no conditions mentioning exemptions if an insecure PIN is chosen.
Zero liability can’t be reinterpreted by individual banks, Visa Canada told Global News.
“However the cardholder does have an element of responsibility to adhere to the cardholder agreement, which may include provisions around liability where the cardholder may have contributed to the unauthorized use of the card by failing to protect the account,” spokesperson Carla Hindman said.
For instance, if Altomare’s card was stolen in parts of the U.S. or defrauded where chip-and-pin technology wasn’t used, she would not be on the hook for the $1,600 loss.
Altomare appealed to Scotiabank’s ombudsman to overturn the bank’s decision, but the bank is holding firm.
“Selecting your date of birth as your PIN is a direct contravention of the terms and conditions of your credit agreement. As such, we are not prepared to recommend to the Bank that your loss be reimbursed to you,” wrote assistant Scotiabank Ombudsman Lise Fraser.
Altomare was issued a new Scotiabank card, but she said she has no plans to use it.