2 Likavittou Street, Kolonaki
210 36 41 214 - 210 36 46 874
   EL

main image

June 2024

Decision of the Athens Magistrate Court Regarding Recognition of Bank Liability in Case of Phishing


phising

Decision no. 1434/2024 of the Athens Magistrate Court was published, which accepted our client's lawsuit and obliged a well-known credit institution to pay him: a) the amount of €4,920 with legal interest, and b) the amount of €300 as monetary compensation for moral damage from the service of the lawsuit.

Specifically, in 2021, twelve (unauthorized) transactions were made to our client's bank account for a total amount of €4,920. For these transactions, our client never received from the well-known credit institution, at the declared communication mobile phone number, the one-time password (OTP) or any other transaction confirmation code, as it is required to send, pursuant to Law 4537/2018, which incorporated Directive 2015/2366/EU into Greek law. At the same time, the security and internal control systems of the well-known credit institution did not respond to the obvious riskiness of the specific transactions, as they did not detect: a) the unusual and repetitive charge, ii) the high-risk location of the beneficiary, and did not take into account, among other things: a) the previous charges, b) the payment history of our client, and c) the detection of unusual payments by our client in relation to his payment history.

In fact, the relevant decision specifically accepted that "the defendant showed gross negligence in the security provided in its electronic transaction services, which was affected by the fraudulent interception of money, as it did not follow all the necessary highest security measures for the execution of the disputed transactions, failing to apply the process of strict customer identification verification and to check the authenticity of the account to which the money was sent, thus not detecting the suspicious nature of the transaction, did not take comprehensive and improved protective measures aimed at better protecting its customers from malicious attacks and online fraud, and preventing unauthorized third-party intrusions, and did not comply with the obligations of enlightening, proper informing, and warning its consumer-client-plaintiff, as it failed to sufficiently inform her about the attempts to intercept her personal data. This behavior, apart from being culpable, constituting gross negligence, was also illegal, as it would be illegal even without the contractual relationship".

Read more
 
back to top