”
Unauthorized account withdrawals and card transactions as a question of liability
\n\n
Anyone who discovers that money has been debited from their account without consent, or that payments have been initiated via a credit card, is regularly faced with two levels of clarification: First, it must be examined whether this is an “unauthorized payment transaction” within the meaning of payment services law. Second, the question arises whether, and to what extent, payment service providers—especially banks and card issuers—must bear liability for the damage incurred, or whether the payment service user can be met with attribution due to breaches of duty.
\n
Legal framework: authorization and attribution
\n
Distinction between authorized and unauthorized
\nThe decisive factor is whether the individual payment transaction was validly approved by the account holder or card holder. If such approval is missing, the transaction is generally to be classified as unauthorized. The legal classification does not depend solely on whether technical security mechanisms (e.g., TAN procedures, card PIN, 3D Secure) were used, but on whether the user’s consent can in fact be attributed to the specific payment transaction.
\n
Significance of security features
\nSecurity features serve to legitimize transactions in payment services. Their use may have indicative value, but does not necessarily replace the question of effective consent. Depending on the constellation, it may be necessary to assess whether authentication was carried out properly and whether the procedure used corresponded to the recognized state of the art.
\n
Typical constellations: account and credit card
\n
Unauthorized transfers and account debits
\nIn the case of unauthorized transfers or other account debits, the focus is regularly on whether access data, TANs, or other authentication features were spied out or obtained through deception. Consideration may be given, for example, to manipulative contact attempts, fake websites, or technical attacks that lead to a debit without the user having an overview of the transaction’s content or consciously confirming it.
\n
Fraudulent card payments
\nIn cases of misuse of credit or debit cards, the assessment may depend on whether a card was used physically, whether it concerns card-not-present transactions, or whether additional approval procedures were required. Here, too, the central point of review is authorization: Was the transaction initiated by the cardholder, or did it occur without their consent?
\n
Liability standards under payment services law
\n
Principle of reimbursement for unauthorized payment transactions
\nIf a payment transaction is unauthorized, payment services law generally provides for reversal. At its core, it must be clarified whether the payment service provider is obliged to reimburse and at what point the account balance must be restored. The details depend on how the transaction occurred, what notification was made, and which statutory requirements are met in the конкрет case.
\n
Contributory responsibility of the payment service user
\nIn addition, it must be assessed whether the payment service user can be confronted with a breach of obligations. Relevant considerations include, in particular, questions surrounding the secure safekeeping of personalized security features, the use of end devices, and conduct in the event of suspicious contact attempts. Depending on the facts, this can influence the allocation of risk.
\n
Issues of proof and documentation
\nIn disputes about unauthorized payment transactions, factual and evidentiary issues play a significant role. Relevant items may include, for example, account movements, authentication logs, communication histories, blocking notes, or timelines. The legal assessment is tied to specific circumstances; blanket assumptions are generally not tenable.
\n
Classification in light of current case law and reporting
\n
Significance of court decisions
\nCourt decisions on online banking and card transactions show that the allocation of liability depends decisively on the specific design of the payment transaction, the authentication, and the conduct of those involved. Both the question of authorization and the scope of any attribution may be disputed; technical details and the specific sequence of individual steps are often decisive.
\n
Note regarding ongoing and/or disputed proceedings
\nInsofar as public reporting covers individual disputes or proceedings, the following applies: As long as there is no final and binding decision, the outcome remains open; moreover, where allegations concerning individuals are involved, the presumption of innocence must be observed. The decisive factors in each case are the available sources and the procedural status.
\n
Context of banking business: risk allocation and compliance
\n
Structure of claims and contractual relationships
\nAccount management, card agreements, and payment services are based on contractual foundations that are overlaid by mandatory statutory requirements. In the legal assessment, it is therefore regularly necessary to distinguish between contractual provisions, statutory reimbursement mechanisms, and possible breaches of ancillary duties.
\n
Technical and organizational due diligence requirements
\nPayment service providers set requirements for the design of secure procedures, for monitoring, and for response mechanisms in the event of anomalies. Whether and to what extent this results in consequences in an individual case depends on the specific circumstances that can be identified.
\n
Conclusion: classification instead of a blanket answer
\n\n
The question of whether a bank or a card issuer is liable after unauthorized account dispositions or card transactions cannot be answered schematically. What matters are the course of the payment process, the authorization, the security mechanisms used, as well as possible issues of attribution and proof. If legal questions exist in this regard and a reliable classification within the framework of banking and payment services law is desired, corresponding matters can be addressed as part of professional support – further information can be found at MTR Legal under the link Legal advice in banking law.
“
