A High Court judge has refused the spread betting company Spreadex permission to recover £50,000 in losses accrued on a customer's account unless it could show that the trades were made by the customer himself or with his actual or ostensible authority, despite a contrary clause in the customer agreement.

Background

In October 2010 Colin Cochrane opened an online account with Spreadex.  Mr Cochrane was given the option to view Spreadex's customer agreement elsewhere on the website before clicking "agree" to signify agreement to its terms.  Whilst staying with a friend for two days, Mr Cochrane accrued almost £50,000 in losses on his account, which, he alleges, resulted from trades made by his girlfriend's young child.  Spreadex (perhaps unwisely) did not dispute the facts put forward by Mr Cochrane, arguing that they were irrelevant as Mr Cochrane had no defence.  Clause 10(3) of Spreadex's customer agreement states:

"Your password must be declared, together with your account number, when you wish to access your account. You will be deemed to have authorised all trading under your account number..."

Decision

The judge held that the customer agreement was not a binding contract as there was no consideration.  Spreadex's argument that the grant of access to the online platform was good consideration was rejected by the Court as Spreadex could, "reduce or remove altogether the online service at any time".  Accordingly, Clause 10(3) was not binding.  This is a major decision and raises serious questions about whether or not online consumer Ts & Cs are binding where the service provider retains the right to withdraw service at any time.

Even if there had been a contract, Clause 10(3) would have been unfair under the Unfair Terms in Consumer Contracts Regulations 1999 ("UTCCR"), due to a significant imbalance of the parties' rights and obligations. Further, the judge stated that "it would have been quite irrational" for Spreadex to assume that Mr Cochrane had read the clause, found in a dense 49 page document that users were only invited (and not compelled) to view.  Two points arise here.  First, this is a good example of the danger of long consumer Ts & Cs.  Simple and short is a better risk management technique.  Second, "password security" clauses which are common, should be limited to things users can control and should not be absolute if you want them to be enforceable.

A copy of the judgment is here.