Fraudulent E-transactions Involving Credit and Debit Cards: Who is Liable? - A Case Study


Monday, August 31, 2020 05:00PM / Aelex / Header Image Credit: Aelex

 Proshare Nigeria Pvt. Ltd.


With the adoption of e-payment channels as a preferred means for commercial transactions in Nigeria, there has been an increase in incidences of e-payment frauds. One of methods employed in perpetrating these frauds is to obtain the Automated Teller Machine ("ATM") card information of unsuspecting card holders and use the information to carry out illegal transactions on the bank accounts of the card holders. In such a situation, an issue arises as to who bears liability for the fraud. This issue is pertinent because there are certain key players involved in every card transaction. They include; the card holder, the acquiring bank, the issuing bank, and the card company (e.g MasterCard or Visa).


In the recent case of Abolade Bode v. First Bank of Nigeria Plc. & MasterCard West Africa Limited,1 the Federal High Court, sitting at the Lagos Judicial Division was confronted with this issue of liability for a fraudulent e-transaction on a bank customer's account involving the MasterCard information of the bank customer. The court relied on the doctrine of privacy of contract arising from a banker/customer relationship to hold that it is the card holder's bank, and not the card company that should bear liability for such fraudulent transactions.




The Plaintiff who maintained an account with First Bank of Nigeria Plc ("the 1st Defendant) asserted that in 2012, unauthorized transactions were carried out on his account, for which the sum of N750, 509.77 (Seven Hundred and Fifty Thousand, Five Hundred and Nine Naira, Seventy-Seven Kobo) was illegally debited from his account. According to the Plaintiff the online fraud committed on his account was not due to his negligence but was perpetrated by compromises to the security of the 1st Defendant and MasterCard West Africa Limited ("2nd Defendant"). Consequently, the Plaintiff claimed from the Defendants jointly and severally, the reimbursement of the deducted sum, as well as compensation in the sum of N10, 000, 000 (Ten Million Naira) with interest, for the constrains and stress experienced as a result of the sudden and unexpected short fall of cash in his account.



Plaintiff's Submission

Counsel for the Plaintiff submitted that the Plaintiff had through pleadings and testimony, provided sufficient and uncontroverted evidence that a fraud was committed on his bank account with the 1st Defendant, through the compromises and negligence of the 1st and 2nd Defendants. Counsel argued that the 1st Defendant produced and sold the MasterCard to the Plaintiff, and the 2nd Defendant provided the payment technology which was infiltrated by the fraudsters. Counsel for the Plaintiff argued that the fraud was committed by persons who are not parties to the case and as such, proof of fraud beyond reasonable doubt is out of place. Counsel urged the court to discountenance the argument of the Defendants, otherwise the Defendants will continue to deny liability for fraudulent transactions on the ground that the fraud was not proved beyond reasonable doubt, while the victims of fraud will be left uncompensated.



1st Defendant's Submission

Counsel for the 1st Defendant argued that the Plaintiff's claim was speculative and contradictory. According to the 1st Defendant's counsel, an allegation of fraud must be proved beyond reasonable doubt and the Plaintiff has not discharged this burden of proof. The 1st Defendant claimed that by virtue of the debit card agreement signed between the Plaintiff and the 1st Defendant, the Plaintiff undertook to bear responsibility for all transactions made by his card and with his Personal Identification Number ("PIN"). Thus, counsel urged the court to hold the Plainitff liable for the misuse of his PIN.



2nd Defendant's Submission

Counsel to the 2nd Defendant submitted that the 2nd Defendant is simply a payment technology provider linking banks, customers and merchants, and is not involved in the approval process for any transaction. The 2nd Defendant did not produce the Plaintiff's MasterCard nor was it ever in possession of the MasterCard; therefore it did not have any interaction or connection with the Plaintiff whatsoever. It was further submitted that there was no fiduciary or contractual relationship between the Plaintiff and the 2nd Defendant. The only contracts alleged by the Plaintiff are the banking contract and debit card agreement between the 1st Defendant and the Plaintiff, to which the 2nd Defendant was not a party to. Also, the 2nd Defendant argued that the Plaintiff had failed to establish negligence on the part of the 2nd Defendant, or that the fraud on his account was as a result of the compromise of the security of the 2nd Defendant and urged the court to dismiss the case of the Plaintiff against the 2nd Defendant.


In determining the above matter, the court stated that the sole issue for determination in the suit is whether from the fact and circumstances of the case, the Plaintiff's claim should be granted. The court held that the Plaintiff's claim against the 2nd Defendant must fail because there is no privity of contract between the Plaintiff and the 2nd Defendant, as the latter is only a technology provider.  The evidence before the court was that the 1st Defendant, not the 2nd Defendant, provided the Master Card to the Plaintiff, and the Plaintiff failed to establish that his account was compromised as a result of a breach of the 2nd Defendant's security systems owing to the negligence of the 2nd Defendant.


In reaching its conclusion, the court relied on an earlier Court of Appeal decision in Guaranty Trust Bank v. Motunrayo-Tolulope Aloegena (nee Oyesola)2, a case relating to the breach of a banker/customer relationship arising out of a failed ATM transaction. In that case, the Defendant/Appellant had at the trial stage set up a defense that MasterCard was liable for the failed transaction. However, the trial court rejected this defence and held the Defendant/Appellant liable. The Defendant/Appellant therefore went on appeal. In dismissing the appeal, the Court of Appeal held that there was no contract between the Respondent and MasterCard therefore the Respondent has no cause of action against MasterCard. According to the Court of Appeal, per Ebiowei Tobi, JCA:

"The problem here, however, is that there is no privacy of contract between the Respondent and MasterCard. Indeed, there is no tripartite agreement between the Respondent, the Appellant, and MasterCard. For the purpose of the banking transaction, the agreement or contract is between the Appellant and the Respondent and therefore if there be any breach as it relates to the account, it is the Appellant that the Respondent will hold responsible as there is no contract between her and MasterCard. The law on privacy of contract is clear and cannot be disputed."


Considering this decision, the Federal High Court in Abolade Bode v. First Bank of Nigeria Plc. & MasterCard Nigeria Plc. held that the 2nd Defendant was not liable for the fraudulent transaction on the account of the Plaintiff, as there was no privacy of contract between the 2nd Defendant and the Plaintff. The court however found the 1st Defendant liable for the fraudulent transaction on the basis that the 1st Defendant did not do its due diligence by carrying out a detailed investigation of the fraud.




The implication of the decision in Abolade Bode v. First Bank of Nigeria Plc. & MasterCard Nigeria Plc, in the absence of proof of negligence, is that card companies such as MasterCard and Visa, will not be liable for fraudulent transactions on the bank account of a card holder, as there is no privacy of contract between the card holder and the card company. This is more so because the card companies do not produce the debit/credit cards nor do they provide the card information necessary to operate the payment technology. Indeed it is the customer's bank that provides the credit/debit cards and generates the initial information required to operate the cards. Usually, the issuance of a credit/debit card is based on a card agreement, or the general banking contract with between the card holder and the bank.  Card companies connect banks and merchants to fast, secure, and reliable electronic payments platforms. Accordingly, through credit or debit cards, a card company's processing network allows seamless completion of financial transactions conducted via the ATM, laptop, tablet, etc.3 This means, for instance, that even though the name MasterCard is printed on a vast number of credit and debit cards worldwide, MasterCard is not directly responsible for the cards that are branded under its name. The card companies merely license their payment technology to banks and other financial institutions, to aid payment services.


It is worthy of note that the card companies may nevertheless be liable in negligence if it is proven that they breached their duty of care to users of their payment technology (banks and financial institutions or their customers), by failing to provide sufficient features to ensure that information transmitted on the platform is protected from fraudsters. However, the elements of negligence must be specifically pleaded. Evidence must be led to reveal avoidable gaps in the payment technology system of the card company, which leaves it vulnerable to fraudsters. In the extant case court had found that the Plaintiff could not establish negligence on the part of MasterCard in failing to ensure sufficient security to prevent fraudsters from accessing the technology of the MasterCard.


This decision therefore prevents a potential floodgate of cases against card companies by bank customers, such that card companies need not be joined as parties to actions against banks for fraudulent activities on bank accounts of card holders, except there is sufficient proof of negligence on the part of the card company.




1.      Unreported Suit No: FHC/L/CS/405/13, delivered on 10 April 2019.

2.     Guaranty Trust Bank v Motunrayo-Tolulope Aloegena (nee Oyesola), unreported SUIT No: CA/L/461/2016 delivered on 1 March 2019

3.     Christine Thelander, 'How does MasterCard make money?', (2016) Available at: Accessed on 27 April 2019



Previous Posts from Aelex

1.      Powers of the Courts to Interfere with the Exercise of CAC's Discretionary Powers - A Case Study August 27, 2020

2.     Casual Work in Nigeria: The Shortcomings of the Current Legal Framework July 26, 2020

3.     Zooming In: Voice Over Internet Protocol and the Corollary Regulatory Regime in Nigeria - July 19, 2020

4.     Finance Act, 2019: Tax Implications for the Private Equity Industry - July 13, 2020

5.     Data Backup and Security Guideline as Impact Mitigation Strategies in Light of the COVID-19 Pandemic - July 15, 2020

 Proshare Nigeria Pvt. Ltd.


Related News on Business Regulation

1.      FAQs on How to Register a Not For Profit Organization In Nigeria - Deal HQ

2.     DCSL to host Virtual Summit on Business Continuity and Crisis Management

3.     DCSL to host Board Effectiveness Masterclass on August 14, 2020

4.     Accion MFB Konnect Series: Focus on the Implications Of Force Majeure and the Stamp Duties

5.     Maritime Anti-Corruption Network (MACN) To Extend Collective Action Initiative To 2023

6.     SEC, NITDA Collaborate on Data Protection

7.     GTI Finance Academy to host Training on the Understanding of Financial Statements

8.     Promotion Of Foreign Investments In Nigeria Through Investment Arbitration

9.     CAC's Public Notice on Inclusion of TIN on Certificate of Incorporation

10.  FRC Guidance for Reporting on Compliance with The Nigerian Code of Corporate Governance (NCCG) 2018

11.   Maritime Anti-Corruption Network to Scale Up Collective Action in Nigeria with support from Siemens

12.  Experts discuss the Future of Virtual Hearing in Arbitral Tribunal

13.  Intercontinental Apex Regulator's Virtual Session

14.  Detail Solicitors Holds Webinar On Great Expectations Workplace and Wealth

15.  Federal High Court Discharges Interim Order and Strikes Out Suit Against NIPC

16.  COVID-19: Some Considerations Relating to Corporate Governance

17.  Contracts During a Public Health Pandemic - Legal Alert

 Proshare Nigeria Pvt. Ltd.

Related News on Security & Support

1.      When the Cookie Crumbles: Phasing out third-party Cookies - By Elo Umeh

2.     Zooming In: Voice Over Internet Protocol and the Corollary Regulatory Regime in Nigeria

3.     Data Backup and Security Guideline as Impact Mitigation Strategies in Light of the COVID-19 Pandemic

4.     COVID-19: Visa Shares Tips on How to Stay Secured When Shopping Online

5.     COVID-19: Cyber Risks, Insurance and Us

6.     Financial Fraud Solutions Must Beat the Best Criminal Minds And Match The Rate Of Digital Change

7.     Safer Internet Day: Facebook and Nine Partners across Africa to Work Together for a Better Internet

8.     Cybercrime in Nigeria: Causes and Effects

9.     Cybersecurity Threats Call for a Global Response

10.  How to Best Securely Handle Documents in a Modern Office

11.   Financial Institutions Face Growing Cyber Risk Ratings Pressure

12.  New Cybersecurity Rules For Banks

13.  Security, Conflict and Information Management in Nigeria

14.  5 Futuristic Tips To Secure Your Privacy Online

15.  Facebook To Pay $100m For Misleading Investors About The Risks It Faced From Misuse Of User Data

16.  Addressing Business Cybersecurity: The Top Measures That Companies Must Take

17.  World Economic Forum: Investors Must Prioritize Cybersecurity Or Risk Losing Money

18.  Cyber Security and Businesses

19.  Not Quite "Open" Source

20. Perspectives on Nigeria Cyber Security Outlook 2019

Proshare Nigeria Pvt. Ltd.

Proshare Nigeria Pvt. Ltd.

Related News