TD Canada Trust has declared Nova Scotia resident Shakir Ahamed responsible for nearly $15,000 in unauthorized e‑transfers, citing his IP address and device usage as evidence. Ahamed discovered the theft after a text alert about his line of credit and says he never received the one‑time passcodes required for the transactions. The bank has refused to disclose how it excluded account takeover or malware, and the banking ombudsman upheld TD’s decision.

Bank’s Claim That Ahamed’s IP Address Proved Authorization

According to the bank’s written response, investigators linked the fraudulent transfers to the same IP address and device that Ahamed regularly uses to log in. Senior manager Ashleigh Murphy said the bank’s security protocols flagged the activity as “outside of normal behaviour” but ultimately concluded the customer was negligent. The statement does not explain whether the IP could have been spoofed, hijacked, or compromised by malware, leaving a critical gap in the bank’s justification.

How the Fraud Unfolded:Transfers to Kraken and Payper

The unauthorized e‑transfers were sent to the cryptocurrency exchange Kraken and a payment service called Payper, using unfamiliar email addresses. Ahamed reported the activity to his local TD branch and Halifax Regional Police within hours of the alert, yet weeks later received a text from the bank stating he was liable for the loss. The timing mirrors other TD cases where victims learned of fraud days after the first transaction.

Ombudsman’s Decision Reinforces TD’s Stance

The Ombudsman for Banking Services and Investments (OBSI) declined Ahamed’s compensation claim, echoing TD’s assertion that his credentials were used. OBSI’s brief ruling did not request the bank to produce forensic evidence or detail the investigative steps taken, effectively endorsing the bank’s narrative without independent verification.

Expert Warning: Banks Shifting Blame to Victims

Cybersecurity specialist Eugene Popa warned that financial institutions are increasingly denying reimbursement while offering little proof of customer negligence.. Popa notes that banks often cite “a problem with the transaction” and place the burden on the consumer, a pattern also seen in other TD fraud incidents involving customers Ron Panetta and Lindsay Enair.

Unanswered Questions About the Investigation

Key gaps remain :Did TD conduct a forensic analysis to rule out IP hijacking? Was malware on Ahamed’s device examined? And why did the bank not provide the one‑time passcodes that should have been generated for each transfer? The bank’s refusal to answer these specifics leaves the credibility of its conclusion in doubt.