Victims of bank fraud should not expect automatic refunds and are sometimes at fault for not taking a "duty of care", the CEO of RBS has reportedly said.
Chief Executive Ross McEwan said that banks could not always be blamed if customers give out their account details to online scammers, according to U.K. newspaper the Daily Mail.
"We are working very hard to help customers detect when there are difficulties, but I think this has to be in partnership with the customer and with the bank," McEwan told the paper on Monday.
"You can't keep blaming this on an organization where customers don't take their own duty of care as well."
"When people are passing their iPads or laptops over with their passwords and the likes, there's got to be a care here, otherwise this will just become a major issue for all and the cost will pass through."
The bank also owns NatWest, and is still 72 percent publicly funded by British taxpayers.
Daily Mail article 'sensationalist'
A spokesman for RBS told CNBC that the article run by the Daily Mail was "sensationalist" and that "the quotes were taken out of context."
"The important thing to stress is that whenever a customer has suffered a loss, we review the situation, we establish the facts, and we make a decision (whether to refund or not) on a case-by-case basis," the spokesman told CNBC via phone call.
In a statement the bank said it was working hard to develop services to respond to customer needs, and that five million customers use its mobile app.
"It is our priority to keep customers safe and secure regardless of how they bank with us. We do this in a number of ways, including transaction monitoring, customer prompts while they're banking digitally, and dedicated customer education campaigns," the bank said.
The Financial Conduct Authority, the U.K.'s independent financial regulator, has said that banks should refund victims of fraud except when the bank can prove customers authorized a transaction or are otherwise at fault.
The FCA declined to comment on the situation.
In January, accountancy giant KPMG said that the value of fraud committed in the U.K. had peaked at £1.1 billion ($1.43 billion), topping £1 billion for the first time since 2011.