Rocio Cerdas never had any use for a bank card, and she never used the Internet to do her banking. For eight years, she had a savings account at Banco Nacional, and she marked down every deposit and withdrawal in pen in a little book.
“Nothing ever happened,” she said. Then one day she went to Banco Nacional to ask for a loan. The bank told her she needed an account with a debit card. So she got the account, linked it to her savings account – and the $3,000 in her savings account disappeared.
“I never used the card, never opened the envelope” that contained the PIN, she said. The bank’s response to Cerdas was: Sorry, but somehow it’s your fault.
It’s a scenario that’s reported dozens of times a month, with online, credit card and debit card fraud on the rise in Costa Rica.
Now both a consumer advocacy association and a lawmaker in the Legislative Assembly are doing something about it.
“Not only do they not give you the money back, they scold you and insult you,” said Adriana Rojas, a lawyer with the Association of Free Consumers.
The association has filed three complaints against Banco Nacional and Banco de Costa Rica, both state-run, and is preparing a classaction lawsuit on behalf of its members.
Meanwhile, José Manuel Echandi, a lawmaker with the National Union Party (PUN), has filed a bill in the Legislative Assembly that would place the financial consequences of electronic fraud on the bank or card issuer, as well as require the Superintendence of Financial Entities (SUGEF) to confirm financial entities have taken “all necessary security measures” to prevent fraud.
“In our country, there is no law that establishes the responsibility of banks,” he said.
The two efforts come on the heels of a year-long series of reports on electronic fraud and lack of consumer protection in the daily La Nación and other media outlets.
Rojas said the Association of Free Consumers intends to approach the topic through existing laws. The three complaints it presented – to the Ombudsman’s Office, the National Consumer Commission and SUGEF – accuse the banks of not living up to their legal obligations.
For example, the SUGEF complaint alleges the banks have violated consumers’ “right to security” and requests that the SUGEF send the banks a directive instructing them to change their ways.
Diego Artavia, a student heading up the technical side of the association’s complaints, said the two banks don’t meet what would be minimum security requirements by today’s standards.
“The use of static passwords like Banco Nacional and Banco de Costa Rica has been declared obsolete,” Artavia said, pointing out that private banks in Costa Rica use a combination of dynamic passwords and key-generating flash drives.
The complaint before the National Consumer Commission, meanwhile, alleges that ad campaigns notifying customers that “security depends on you” amount to false advertising.
Another element of all three complaints is the accusation that the two banks do not make the risks of banking with them clear enough.
“Consumers don’t have the least idea that all their money is in danger because the bank doesn’t tell them until after they’ve lost it,” Rojas said.
The association is also preparing a class action lawsuit against the banks, which Rojas said it should be able to present in May. The association will be suing on the behalf of its affiliates.
Joining the association costs a $100, onetime fee.According to a fact sheet sent out by the association, it would take 25% of all recovered money and damages from the lawsuit to cover its costs.
Banco Nacional responded to the association’s complaints with a written statement: “Banco Nacional has abided by what is established in Costa Rican legislation. We assert that the responsibilities for these frauds will be established by judicial means.”
In the past, Banco Nacional representatives have said the bank, as a public institution, is legally not allowed to reimburse customers unless a judge orders it to.
However, whereas the association disputes the banks’ interpretation of the law, Echandi’s proposed bill would simply change it.
On one count, it would require banks and other financial entities to have up-todate security measures in place – and SUGEF to enforce that regulation.
On another count, the law would require the financial entity to return to the customer any money lost through electronic fraud within five working days, save for ¢50,000 (about $100) which would always be the responsibility of the customer.
That, unless a judge finds the customer was negligent.
However, though Echandi said there is quite a bit of support among other legislators for the measure, nothing is likely to happen on it while the assembly remains tied up debating the laws needed to implement the Central American Free-Trade Agreement with the United States.
The deadline for passing the bills is Oct. 1. “Until the implementation laws pass, this is in the keepsake box,” Echandi said with a chuckle.