Bank found responsible in credit card scam involving phishing attacks
Individuals and businesses frequently find themselves as victims of cyber attacks, leading to financial losses. These attacks can take various forms, such as phishing, where cybercriminals attempt to obtain sensitive financial information through deceptive emails or websites.
In such cases, the victims are not necessarily liable for the damage. Financial institutions have an obligation to implement adequate security measures to safeguard against cybercrime. In many instances, these institutions bear the full or partial cost of the losses.
DKB's legal setback
Recently, DKB faced a legal defeat in the Berlin Court of Appeals (Case No. 4 U 79/23). A customer's credit card was fraudulently used, resulting in substantial losses. The customer refused to compensate DKB for the damage. In response, DKB filed a lawsuit against the customer.However, both the initial trial court and the Court of Appeals dismissed DKB's claim.
The Court of Appeals further expanded on the implications, highlighting fundamental responsibilities banks must fulfill to avoid bearing the brunt of fraudulent transactions. Although the case involved traditional credit card fraud, the court's ruling can be applied to common digital crimes.
Banks must scrutinize transactions
The Berlin judges stated that banks must implement automated, algorithmic transaction monitoring, enabling them to identify unusual or atypical transactions (based on amount, country, etc.) for account holders. Payment providers are expected to recognize and halt suspicious payment requests to prevent the execution of questionable payments.
In the Court of Appeals view, banks have the responsibility to validate transaction plausibility and prevent unauthorized access, especially when it deviates from typical customer behavior. If the bank fails to perform this due diligence, it is liable for the resulting losses.
Banks frequently argue that they have implemented robust security measures, such as two-factor authentication, to protect against unauthorized account access. However, the Berlin court has deemed such claims insufficient. Financial institutions must also recognize and thwart foreign access if it deviates from the standard account activity of the customer.
Decision favors affected parties
Our experience suggests that most banks generally refuse to acknowledge fault and reimburse damages during direct customer interactions. However, this often changes when legal representation is involved or the case proceeds to court. We have successfully negotiated out-of-court settlements, particularly for online banking customers, to recover damages.
The new ruling by the Berlin Court of Appeals greatly enhances the chances of injured parties. Individuals should seek expert advice on their case, which can be provided at no cost and without obligation through the Consumer Rights Enforcement Association. If legal expenses insurance is not available, a contingency fee agreement may be possible. By Roland Klaus, founder of the Consumer Rights Enforcement Association, which supports specialized lawyers in upholding consumer rights in financial matters.
In light of the Berlin Court of Appeals ruling, banks are now expected to implement more robust transaction monitoring systems to identify and halt suspicious activities, as failing to do so could make them liable for losses due to unauthorized access or unusual transactions. Credit card users, who have been victims of fraudulent transactions, now have a stronger case in demanding compensation from their banks, especially when seeking legal representation or pursuing court action.