Johnson, 71, discovered the money had been siphoned from his savings in three unauthorised transactions over two days in June, and immediately alerted Westpac and police.
Though Westpac was able to “stop” the two latter transactions of $11,000 and $38,000, the first withdrawal of $48,839 could not be recovered and the bank refused liability.
Johnson believes the thieves likely hacked his Westpac internet banking app before the money was wired offshore. The lost cash represented a third of his retirement savings, which he’d bequeathed to his grandnieces.
Westpac - which announced a $1.1 billion profit this month - wrote to Johnson in September saying there was no evidence the bank’s security systems had been breached and it would not reimburse him.
However, after questions from the Herald, the bank apologised to Johnson for its handling of the matter and promised to review the case, meeting with him two weeks ago and carrying out a forensic analysis of his laptop computer and mobile phone.
In a statement yesterday, a Westpac spokesman confirmed it would refund Johnson’s money.
“This has been a complex case and the outcome of our wider investigation remains inconclusive.
“Recognising the specific circumstances of this case, that further investigation would take more time, and our desire to provide Ray with certainty, we have decided to make a goodwill payment covering the full amount of the lost funds.”
The Herald put further questions to the bank, most of which went unanswered. They included:
* Given Westpac’s investigations remain inconclusive after a two-week forensic analysis, why did the bank originally hold Johnson liable and refuse to reimburse the stolen money?
* Does Westpac stand by its earlier statement that the bank’s security systems have not been breached, and how can it be sure, given it remains inconclusive as to how thieves accessed Johnson’s accounts?
* What internal investigations are underway to ensure other customers’ funds are not similarly compromised, and how can other Westpac customers have confidence their money is safe?
The spokesman responded with a one-line statement.
“There continues to be no evidence that Westpac One online banking or any other Westpac systems have been compromised,” adding that Westpac had “nothing further to add”.
Johnson said Westpac told him the reimbursement was a “one-off to give me peace of mind”.
He was relieved that money earmarked for his young relatives would now be refunded. The situation had been hugely stressful, he said through tears.
“I’d go to sleep and I’d think, ‘Well a third of my money is not going to go to them’, so I’ve lost a lot of sleep over it.
“It was like a brick wall to the head talking to [Westpac].”
He said the bank were “still baffled” by the theft. He did not think Westpac would have changed tack without the Herald’s intervention.
“I can’t thank you enough.”
Matthews said Westpac appeared confident in their security systems despite not knowing how the theft occurred.
“The reality is often you can’t prove how tech has broken down or how somebody has breached your system.
“If there is a weakness in their system you would have expected it to be exploited more frequently. You wouldn’t expect it to be a one-off.”
Matthews felt Westpac’s initial refusal to reimburse Johnson had likely breached the Code of Banking Practice, which requires banks to reimburse customers unless they have been wilfully negligent.
She said Johnson could file a complaint with the Banking Ombudsman and seek compensation for stress.
Banks were conscious of bad publicity, Matthews said.
“They put a lot of emphasis on customer satisfaction ratings. They don’t like being bottom of the pack ... and negative publicity is going to influence those ratings.”