Every major bank advertises strong fraud protection. ANZ, BNZ, ASB, Westpac, and Kiwibank all offer some form of "zero liability" or "online banking guarantee" for fraud victims. But the protection these guarantees provide is more limited — and more conditional — than many customers realise.
Here's the honest breakdown of what bank fraud protection actually covers.
What banks are obligated to cover
All five major banks have made voluntary commitments to reimburse customers for "unauthorised" transactions — meaning transactions that were initiated by a criminal without your involvement or knowledge.
This covers scenarios like: - A criminal uses your card details (obtained through a data breach or skimming) to make purchases - A hacker gains access to your internet banking and transfers money out without your involvement - Someone physically steals your card and makes purchases after you've reported it stolen
Under their zero-liability policies, banks commit to reimburse these losses when reported promptly.
What banks are NOT required to cover — and often don't
The critical distinction is between "unauthorised" and "authorised but fraudulent" transactions.
If you were tricked — by a phishing email, a phone scammer, or a fake investment platform — into authorising a payment yourself, the bank typically does not have an automatic obligation to reimburse you. You authorised the payment; the fact that you were deceived is not the bank's legal responsibility.
This covers many of the most common and costly fraud types: - Authorised push payment scams (you were tricked into sending money to a fraudster) - Investment scams where you voluntarily transferred funds to a fake platform - Romance scams where you sent money to someone you met online - Any scenario where you willingly initiated the payment, even under false pretences
When banks can (and do) decline fraud claims
Banks can also decline or reduce reimbursement for unauthorised transactions if they determine you: - Failed to maintain adequate security (e.g., shared your PIN with someone) - Were negligent in protecting your credentials - Delayed reporting the fraud unreasonably - Used the device or account in violation of the bank's terms and conditions - Were complicit in the fraud (rare but relevant)
The grey areas
The line between "authorised" and "unauthorised" isn't always clear. If a criminal obtained your credentials through a phishing attack and then initiated transfers from your account, is that unauthorised (a criminal using your credentials without your direct participation) or authorised (they acted as your agent using your login)?
Banks handle these cases individually. Some have improved their approach to refunding customers in borderline cases, particularly when the fraud patterns are well-known and the customer had reasonable security practices.
How to maximise your chance of a refund
- 1.Report immediately — the faster you report, the better your chances. Within 24 hours is ideal.
- 2.Don't delay because you're embarrassed — banks see all types of fraud.
- 3.Document everything about how the fraud happened.
- 4.Be clear about whether you authorised the payment or whether it was taken without your knowledge.
- 5.If your claim is declined, escalate to your bank's internal dispute resolution process.
- 6.If that fails, complain to the Banking Ombudsman (bankomb.org.nz) — the Ombudsman has resolved many cases in customers' favour where banks initially declined.
The broader gap: no mandatory scam reimbursement code
In the UK, banks are required by regulation to reimburse most authorised push payment scam losses (subject to a customer contribution). Australia has adopted a similar framework. We have not yet mandated this — banks here operate on voluntary codes, which are less comprehensive and enforceable.
This is the most significant gap in personal fraud protection. Until it changes, the practical reality is that for scam losses (where you sent money under false pretences), recovery is uncertain.
The Banking Ombudsman's approach offers some protection, and some cases — particularly where the bank had fraud warnings they failed to act on — have been resolved in customers' favour even for authorised payments.
Understanding this gap is important when thinking about your overall financial protection.