July 2024 – Phishing claim against the bank – Compensation for electronic fraud

July 2024 – Phishing claim against the bank – Compensation for electronic fraud

Recently, the Athens Court of Justice issued its decision No. 1560/2024, before which our client had brought a lawsuit for economic losses against the banking institution in order to be compensated for the money lost from the bank account held by him through the phishing method (phishing fraud).

Specifically, a malicious perpetrator, faithfully imitating the bank’s e-mail address, with a link that directed the user to a website also similar to that of this banking institution, managed in a fraudulent way, and due to the “vulnerable” security system of the bank, to extract from our client the amount of 5.418,88 euros. Despite the timely notification of the bank by our client and the written questioning of the disputed transactions by the latter, the bank was unable to prevent the financial loss of our client, and defiantly abdicated its responsibilities.

By the above decision, the Court of Justice accepted our client demamds, stating in its judgment that: On the one hand, it acknowledged that the Bank had failed to comply with the security protocol provided for when carrying out electronic transactions, since it did not comply with the security measures required to implement the procedure for the valid identification of the payment transactions at issue, by failing to send the unique one-time codes (OTP’s) to the mobile telephone number declared by the plaintiff and, as a result, the disputed transactions should not be considered either genuine or authorised by the plaintiff – our client, in accordance with the provisions of Art. 64 of Law 4537/2018. On the other hand, the Trial Court also held that the defendant Bank did not comply with the obligation to inform the plaintiff, as it was obliged to do, in accordance with art. 48 and 57 of Law 4537/2018.

As a result of the above, the Court, accepting our claims, ruled that the defendant bank’s conduct (lack of protection of its security systems during the execution of electronic transactions and lack of customer information) was culpable, constituting gross negligence, as well as illegal, as contrary to the provisions of Law 3862/2010 and Law 2251/1994 (Consumer Protection), but also as contrary to the principles of good faith and commercial morality, as laid down in provisions 288 and 914 of the Civil Code. It should be noted that the Court did not attribute a share of responsibility to our client, whom it identified as a victim of fraud in the hijacking of his security codes, solemnly rejecting as substantially unfounded the plea of contributory negligence (contributory fault) submitted by the defendant bank, in its desperate attempt to deflect its responsibilities.

Following this, the Court obliged the Bank to pay to our plaintiff-client, on the one hand, the amount of his loss, amounting to 5.418,88 euros, and on the other hand, the amount of 1.500,00 euros as moral damage for the mental suffering he went through, both of which with the statutory interest, since the service of the lawsuit. It declared the judgment partially provisionally enforceable in respect of the sum of EUR 3.000,00.