Adam Fried didn't suspect the caller at first.
The 50-year-old father of two was working from his Ottawa home on Sept. 18 when his phone screen lit up. According to his phone, the incoming call was from TD Canada Trust and the number matched the number printed on his debit card.
On the other end of the line, a bank employee alerted Fried that a suspicious bitcoin purchase had been made from his account. Fried had never bought Bitcoin in his life.
Alarmed at the thought that someone was trying to steal him and his family, he answered a series of seemingly routine security questions. He was also instructed to change his password using what the employee described as “TD's secure text system.”
Then the caller made a strange request: cut the card in half and seal it in an envelope. The courier came to the house to pick it up and bring it to the bank for a “forensic examination” of the chip.
Fifteen minutes later, a man in his 30s with thinning hair arrived at his doorstep, received a card and disappeared into a silver Honda Civic.
It was only the next day that Fried realized that the supposed employee was in fact a fraudster. Thus, $10,000 was missing from his bank account and TD Bank did not reimburse him.
“Our findings indicate that the person responsible had access to financial information that you are responsible for protecting,” TD wrote in an email to Fried after the investigation.
The email said Fried is expected to protect his card, account information and credentials used for electronic banking in accordance with the product agreement.
The loss was a heavy financial blow for Fried and his wife Michelle Gauthier. Their son has GRIN2B disorder, an ultra-rare disease that causes lifelong cognitive and physical impairment.
“It made me feel terrible. It made me feel exposed, vulnerable,” Fried said. “The whole approach was very professional and very, very convincing.”
Over the past five years, the amount of money lost by Canadians to bank fraud has increased dramatically. The type of scam Fried fell victim to, called the “bank investigator scam,” saw the largest increase in victims, followed by phishing scams in 2024, according to the Canadian Anti-Fraud Center (CAFC).
In 2024, the last full year for which data is available, the CAFC reported that scammers stole $643 million from victims. The figure is nearly 300 percent higher than the amount stolen in 2020 and represents only a small fraction of the actual amount thieves stole, as most cases go unreported, according to the agency.
Recognizing the prevalence of fraud, the federal government has taken new steps to combat it by announcing a new anti-fraud strategy in Budget 2025. The initiative would create a new Financial Crimes Enforcement Agency and amend the Banking Act, the law governing federally regulated financial institutions.
But the budget didn't address a key question at the heart of protecting consumers from fraud: Should financial institutions take more responsibility for inflating bills left by scammers?
Consumers pay the price
As it stands, the Banking Act makes consumers liable for most types of bank fraud.
The only exception is fraud involving unauthorized credit card transactions, where consumers' maximum liability is $50 unless they demonstrate “gross negligence.”
For debit card transactions, consumers are not liable for losses due to circumstances beyond their control. This includes, for example, someone using their card after they have already reported it lost or stolen, according to the Government of Canada website.
But there are many types of scams where banks are not required to cover losses at all – and consumers may be shocked to find that their bank won't help them when thousands or even hundreds of thousands of dollars disappear from their accounts.
“I think most Canadians agree that banks should be held more accountable than they currently are,” said cybersecurity and security expert Claudiu Popa.
“If they shift the full burden of fraud losses onto vulnerable customers, the financial system will have much less incentive to improve its own security measures,” he said, adding that banks have the size and resources to detect and prevent fraud.
Popa said most banks insist they warn customers not to trust suspicious links or callers pretending to be bank employees, but consumers shouldn't be expected to be experts in all types of scams.
In response to questions from the Star, TD Bank spokeswoman Ashley Murphy said the bank was very sorry to hear about Gauthier and Fried's situation, but acknowledged that being a victim of fraud is very frustrating.
Murphy couldn't provide specific details about his case due to privacy concerns, but generally said bank employees would never ask customers to reveal their passwords or PINs over the phone.
She said scammers often use call spoofing technology to make the call display show the name of the financial institution as well as its phone number to make people believe their request is genuine.
“If you receive a call from someone claiming to work for TD's fraud department and you feel uncomfortable for any reason, hang up and call the phone number on the back of your debit or credit card—it's best to use a different phone line if you can.”
Shared Responsibility Model
David Shipley, CEO of New Brunswick-based cybersecurity company Beauceron Security, argues that if banks are forced to take full responsibility for fraud losses, they will likely pass the cost on to customers through higher credit card interest rates or service fees.
“The danger with the bank taking sole responsibility, or even up to a certain threshold, is that people might feel it's not a risk. I can do whatever I want and it might actually make the situation worse,” he said.
Shipley said Canada should instead try to create a model of shared responsibility between banks and customers. Banks should be required to strengthen security, such as implementing mandatory multi-factor authentication, and give customers more control over their accounts, such as the ability to turn off wire transfers and limit the amount of outgoing transfers, he said.
Banks also need to be more transparent about how much money is lost to fraud and how many cases result in chargebacks, since not all cases of fraud are reported to the RCMP, Shipley added.
“We need to destigmatize it,” he said. “Because the irony is that criminals talk about it to each other more openly and brag about it to the world than we as a society try to protect ourselves.”
Popa said he also hopes amendments to the Banking Act will require banks to report fraud patterns and new types of fraud to each other, as well as provide data to the public.
“They did almost no investigation.”
The scammer exceeded the $5,000 limit on Fried's line of credit two days in a row, triggering an alert on his TD mobile app when thief I tried to withdraw more on the second day.
Freed reported the incident to TD's fraud unit and immediately filed a police report, but said he never heard back from Ottawa police. In October, the bank told him the investigation was complete and rejected his request for a refund.
Ottawa police said in a statement that they are not confirming or denying investigations to protect the privacy and safety of victims.
Gauthier, Fried's wife, said TD “did almost no investigation” and didn't ask about the courier who came to their home. She was disappointed that the bank refused to share responsibility.
“They make the appeal process very difficult and time-consuming,” Gauthier said. “We have a severely disabled son. We're barely keeping our heads above water to raise him, plus another daughter, and work full time.”
Murphy, the TD spokesman, said the bank takes reports of fraud seriously and conducts a thorough review based on available information.
“Each case is carefully assessed for compliance with our internal fraud procedures and security protocols, which include review of transactions, digital footprints and any evidence provided by the customer.”
While the appeals process may seem lengthy, “it is an important safeguard to ensure fairness and accountability in the review process,” she added.
“TD provides training, tools and proactive alerts to help protect customers, but individual vigilance remains an important part of staying safe.”
Government cracks down on fraud
In several countries around the world, regulators have taken steps to hold banks, rather than victims, accountable for fraud losses.
Popa pointed to a world-first rule introduced in Britain in 2024 that requires banks to reimburse up to £85,000 ($156,000) for fraudulent losses within five days of a victim being tricked into sending money to scammers, even if they technically authorized the transfer.
Last December, Singapore introduced a general liability system applicable to phishing. Banks and telecommunications companies are required to reimburse customers if they fail to meet their anti-fraud obligations.
During an industry consultation last year, the Canadian government considered introducing a maximum liability threshold for unauthorized transactions where funds are not obtained through credit cards. This may include, for example, bank transfers or electronic funds transfers.
In Budget 2025, the government's proposed changes to the Banking Act include requiring banks to have “policies and procedures” to combat fraud, and allowing consumers to change maximum transaction amounts.
Banks will also be required to collect fraud data and report it annually to the Consumer Financial Services Agency of Canada, the regulator that monitors banks' compliance with laws and codes of conduct to which they are signatory.
However, the Liberals made no mention of introducing a liability cap in their budget this year.
A Treasury spokesman explained that “policies and procedures” will be related to preventing suspicious transactions, training staff and determining when to provide redress to consumers. The official said that the government will introduce amendments to the upcoming Budget Execution Law.
The government will then develop regulations that will put the new requirements into effect and further define rules to protect banks from fraud, the official added.
The Canadian Bankers Association (CBA) said “banks are committed to fighting fraud and have policies and procedures in place to combat fraud and support customers,” according to a statement emailed to the Star.
“Combating fraud and scams requires collaboration across sectors,” the CBA said. He added that in September the banking sector led the creation of the Canadian Anti-Fraud Coalition, a coordinated effort among financial, telecommunications and technology companies to combat fraud.
The CBA said it hopes for further clarity on the government's proposed measures.
Without changes in legislation, victims will continue to be exposed to potential fraud.
Gauthier said she often gets calls from her bank about her insurance or mortgage, but now she just wishes the bank wouldn't contact her by phone anymore because it's hard to tell which ones might be scams.
“They should be responsible for staying ahead of all these scammers,” Gauthier said. “Instead, they simply shift all the responsibility onto their customers.”
