Banks usually refuse to compensate victims of phishing. However, customers often win compensation in court. How to go about it.
It is the horror of most bank customers: strangers have withdrawn money from their account. The number of cases is increasing year after year, and the fraudsters typically steal between 5,000 and 25,000 euros. In very rare cases, the crooks can be traced.
What many people don’t know: In principle, the bank is obliged to compensate for the damage immediately if a stranger withdraws money. Unless the bank can prove that the customer acted “grossly negligently”. Banks regularly refuse to pay compensation on this ground. But customers should not accept this as a solution.
Not every stupidity is “grossly negligent”
What actually counts as “gross negligence” is a matter of interpretation. The consumer centers say that consumers generally find it difficult to distinguish fraud from genuine bank inquiries. And they have recently backed this up with studies.
The problem for customers: Those who have fallen for online fraud usually feel guilty themselves – and quickly give in. But in a number of cases, lawyers have managed to get money from the banks for their clients. So it can be worth fighting back.
Finanztip recommends lawyers specializing in phishing scams
The consumer advice service Finanztip has therefore investigated which law firms have already successfully obtained compensation for bank customers. Because one thing is clear: without a lawyer, customers generally have no chance against their banks.
Attacks on accounts usually take place in two steps: customers are lured to a fake shop or a fake bank website with a message via email or WhatsApp. There they unsuspectingly enter their bank details.
Then the crooks need an activation code for a withdrawal. Sometimes the code is also used to activate a digital credit card (such as Apple Pay) or an additional cell phone for the TAN procedure. Then even multiple withdrawals are possible. In order to obtain this authorization, the fraudsters often call the customer after a successful phishing attempt – and pretend to be a bank advisor.
Activation code given to wrong bank advisor: almost 25,000 euros gone
Finanztip has reported where those who were cheated were compensated by the bank: A Sparkasse customer was duped by a fake bank advisor who called with a number on the display that matched the bank. But that was just a technical trick, called “call ID spoofing.” The Cologne Regional Court took this as a reason not to accuse the customer of gross negligence.
A similar case was that of a student who gave a fake bank employee an activation code for another TAN device over the phone. She had previously passed on her bank details via phishing. In the end, 24,890 euros were lost. In this case, the Celle Higher Regional Court confirmed the decision of the first instance that no gross negligence could be proven because the student had not passed on a TAN, PIN or net key for a transfer. However, the bank had also made mistakes in this case.
These rulings are always individual decisions. Customers fall for different scams, and technology is also evolving. Many cases ended with the bank winning. Some ended in a settlement, and the bank at least paid part of the costs. Only in a small number of cases did the customers win completely.
Before filing a lawsuit, it is worth contacting the arbitration board
Before victims of fraud file a complaint, it is often worth going to the arbitration board, as this is less costly. However, banks are generally not bound by the arbitration rulings. Because banks fight the claims so resolutely, it can be worthwhile to hire a lawyer for the arbitration.
“For larger sums, we recommend getting legal advice,” advises Finanztip legal expert Britta Schön. Then you can clarify how good your chances are “and what costs will be incurred.”
It is important not to make any further mistakes in the event of fraud. First of all, you should immediately block your account and cards. Then you should file a report, as this is a prerequisite for a claim against the bank. Then you should request that the bank compensate you for the loss. This should be done immediately afterwards – and in writing, with reference to the report.
Do not make rash assumptions to the police
It is important to note that “phishing victims should not make any assumptions to the police or the bank about how the online fraud came about,” recommends Britta Schön from Finanztip. Because everything that bank customers say can also be used against them. In the report, it is sufficient to refer to the fact that a stranger withdrew money without authorization.
Of course, it is better not to fall for phishing in the first place. In general, it is extremely risky to follow links in emails or text messages. Or to respond directly to calls from “a bank employee”. It is better to log in yourself using the app or call the bank’s hotline yourself. Incidentally, the consumer advice center collects information about current scams.
Source: Stern