A Rotorua woman who feels "angry and violated" after her bank account was hacked, with $755 worth of online purchases made, has received all her money back.
However, Lyn Maner said more needed to be done at a government level to protect people from this kind of theft.
Maner's Co-operative Bank account was hacked on Saturday by a "lowlife" who made $750 of online shopping gift card purchases on Rebel Sports' website and a $5 purchase with another business.
She has since been given a refund of $500 from Briscoe Group, the parent company of Rebel Sports, and the balance has been reimbursed by her bank.
"I am impressed by Rebel Sports' parent company Briscoe Group for taking such quick action to reimburse me most of the stolen money. I am still waiting to hear from my bank about how this could have happened."
Maner said she has never shared her credit or debit card details with anyone and always used the encrypted security symbol when making online purchases.
"My situation goes well beyond the cases where people have shared these personal banking particulars with others or failed to click on the "s' padlock symbol in the browser which encrypts your credit card/debit card payment information.
"I am speaking out to try and educate the public that this can happen to anyone no matter how careful you are. It is very clear that something needs to be done at a higher level to ensure we can be protected from these types of scams."
Briscoe Group's chief financial officer Geoff Scowcroft confirmed Maner contacted the business on Saturday to report the three fraudulent Rebel Sports purchases.
"We immediately cancelled and refunded the two gift cards that had not been used and advised her to contact the police and the bank. She would have received the refund in the past couple of days from the Briscoe Group.
"There was no hacking of any [Rebel Sports] accounts, the person who used the stolen credit cards went through the website with a guest-checkout, not a registered/logged-in account, so was not using the account details of the customer.
"However, if the fraudulent user had gone through her account, we do not save credit card details for people to hack into and use – so this would not have been possible anyway.
"We work with global software and payment partners who have built-in fraud and security practices, which they are constantly reviewing and updating to make sure customers are protected from any fraudulent activity. We never store credit card details on our system."
Scowcroft said he planned to personally follow up with the customer to assure her that her account was not compromised.
The Co-operative Bank marketing communications manager Jessica Wallace said the unauthorised transactions had been credited back to Maner's account.
"We do not yet know how the customer's details were obtained before these unauthorised transactions. The customer has reported the fraud to police and the bank will now liaise with the police.
"As these transactions were through online providers, the stores involved may be able to assist the police with details."
Card details can "possibly be" obtained when the card had been used in a previous purchase at an online store, and the data was later compromised by clicking on a malicious link, she said.
"Or they previously entered their card details on a fraudulent website or someone close to the customer used the card online and returned it before it is noticed missing."
Banking Ombudsman Nicola Sladden said unfortunately these types of thefts were not uncommon, and sometimes the hacker cannot be identified especially if they are overseas.
However, the bank is generally liable to refund unauthorised transactions provided the customer has followed the bank's terms and conditions and also takes responsible steps to protect their banking information, she said.
"We recommend that customers alert their bank immediately to any unusual or unfamiliar transactions on their account. The bank will then investigate to determine if the payment can be reversed or reimbursed.
"If the customer is not satisfied with the outcome of the investigation, they can make a formal complaint - either to their bank directly via our office."
Customers can also help protect themselves by:
* Protecting their card details and passwords
* Looking for the padlock when shopping online as the secure symbol connection
* Always questioning unexpected contacts
* Being wary of scams
* Checking for unusual activity on accounts daily and if needed, blocking cards within
the bank's app
* Reporting incidents immediately to the bank, the business and the police.
Sources: Netsafe, Banking Ombudsman and the Co-operative Bank