A high-profile swindling case committed by a bank staff member has put a clause by many banks regarding password use in question, with one professor saying it is invalid, reported Beijing News.
A bank employee was sentenced to 15 years in prison for transferring more than 19 million yuan ($3 million) from an account by using the account's number and password only, without the account holder being present or having a valid ID. The bank was later not ruled guilty of neglect of duty.
Lawyer Wang Dianxue said many banks stipulate in their contracts that money transactions made possible with just a password are regarded as an act of the debit card holder.
Wang said card users nowadays might have their passwords jeopardized or leaked on the Internet, webcams or by other means so banks should not only attribute such risks to the customers themselves.
Wang has made a written request to the China Banking Regulatory Commission (CBRC), demanding it review whether the clause violates the rights of card holders. CBRC said it has forwarded the letter to China's bank association for a reply.
Staff at Agricultural Bank of China, Bank of China, Industrial and Commercial Bank of China and China Merchants Bank all confirmed that transferring more than 50,000 yuan requires the applicant to provide his or her ID and bank cards otherwise the transactions cannot be processed.
A staff member said it's impossible for one person to transfer 19 million yuan on his own and it's almost certain that the bank's internal control has problems.
Professor Yang Lixin, who participated in the drafting of the Tort Liability Law, said transferring a large amount of money should not just rely on a password alone. Yang said the bank's contract clause that regards password-based money transfers as the act of card holders is invalid and the bank should be held responsible too.