Phishing – Savings Bank Must Compensate for Damages

News  >  Banking law  >  Phishing – Savings Bank Must Compensate for Damages

Arbeitsrecht-Anwalt-Rechtsanwalt-Kanzlei-MTR Legal Rechtsanwälte
Steuerrecht-Anwalt-Rechtsanwalt-Kanzlei-MTR Legal Rechtsanwälte
Home-Anwalt-Rechtsanwalt-Kanzlei-MTR Legal Rechtsanwälte
Arbeitsrecht-Anwalt-Rechtsanwalt-Kanzlei-MTR Legal Rechtsanwälte

Account Holder Receives €42,000 Back – Ruling of the Karlsruhe Regional Court, Case No.: 2 O 312/22

 

Fraud damages in online banking have been on the rise for years. Despite all precautions and security measures, cybercriminals continually succeed in obtaining their victims’ sensitive banking data to drain their accounts. As reported by Handelsblatt online on July 22, 2024, the Federal Criminal Police Office recorded 90,000 fraud cases in 2023. This marks a 14% increase compared to the previous year. For victims, it’s undoubtedly a shock when they realize their account has been emptied. However, in many cases, it is possible to recover the money from the bank or savings bank.

Phishing remains one of the most popular fraud methods in online banking. Victims often first receive emails or voice messages that appear to come from their bank or savings bank, urging them to click a button or link under some pretext. This is often said to be necessary to, for instance, update information or continue using all account functions. The link or button leads them to a website that often looks deceptively similar to their bank’s site, where they are then asked to enter sensitive bank details. Complying with this request should be avoided at all costs. If victims do, however, it is usually too late, and the perpetrators use the bank data to make payments from the victims’ accounts.

Account Holder Liable Only in Cases of Gross Negligence

 

However, in many cases, the bank or savings bank may be held responsible for the damage. The account holder is only liable if they acted with gross negligence. The bank must prove this gross negligence. According to § 675w BGB (old version), the bank must demonstrate the authorization of a payment transaction by the customer if this is disputed. The Federal Court of Justice (BGH) confirmed this burden of proof for the bank in its ruling on March 5, 2024 (Case No.: XI ZR 107/22), as noted by MTR Legal Rechtsanwälte, a law firm specializing in banking law.

Numerous courts have also ruled that the bank or savings bank must compensate for damages if the payments were not authorized by the account holder. This was the outcome in a case before the Karlsruhe Regional Court (Case No.: 2 O 312/22).

Perpetrators Strike 122 Times

 

In the case before the Karlsruhe Regional Court, the criminals acted particularly boldly, making 122 payments from the victim’s savings account over ten days. By the time the account holder noticed the payments, the perpetrators had already withdrawn about €42,000 from his account. The criminals had used the Apple Pay payment method.

As the account holder had not authorized the payments, he demanded that the savings bank compensate him for the damage. He claimed that he had neither set up the Apple Pay payment method nor knowingly or intentionally activated it. Additionally, the savings bank should have noticed the frequent withdrawals, which would have enabled them to stop the unauthorized transactions.

However, the savings bank refused to cover the damages. They argued that their customer had authorized the payments or, at the very least, had not adequately protected his banking information from third-party access.

Savings Bank Held Liable

 

The Karlsruhe Regional Court ruled in favor of the account holder. The savings bank must compensate him for the incurred damages. The court found that the plaintiff could not be accused of gross negligence, which would have allowed the perpetrators to access his account.

How the criminals obtained the sensitive banking data could no longer be determined. It is possible that they obtained the information through phishing. Fraudsters are becoming more sophisticated, and fake websites are often barely distinguishable from the real ones, according to the court. It is also possible, however, that a data breach in the savings bank’s environment allowed the criminals to obtain the sensitive banking information. In any case, the court found no gross misconduct on the part of the account holder, meaning the savings bank must compensate him for the damages.

MTR Legal Rechtsanwälte has extensive experience in banking law and advises clients in legal disputes with their banks.

Feel free to contact us!

Your first step towards legal clarity!

Book your consultation – choose your preferred appointment online or call us.
International Hotline
now available

book a callback now

or send us a message!