It will have happened to all of us, at least once in our life, to undergo a practice of phishing, which are none other than theft on the online current account. This practice is implemented through a series of techniques aimed at capturing personal data and codes of credit cards, ATMs and internet banking in order to steal the money.
Sometimes this data is provided inadvertently by the customer who is misled through trick phone calls, other times in much more sophisticated ways. In fact, it may happen that the collection of the account holder data is the result of the attack on the computer system of the credit institution by hackers.
The latter, even, may be able to enter the databases, obtaining all the information necessary to illegally operate on the accounts of the unfortunate. So, we ask ourselves: “who will compensate if the money disappears from the current account?” and then: “does the bank answer for it?”.
Liability of the bank in case of undue withdrawals
Well, let’s see what the reference legislation is. The Payment Services Directive implemented in 2010, it further defined the obligations of credit institutions. The latter have been called upon to ensure the spread of electronic payment systems and raise the levels of consumer protection.
EU legislation establishes that when the user of a payment service denies having authorized a payment transaction, the successful payment recorded is not sufficient proof. In other words, the dispute demonstrates the absence of consent to the economic transaction. It is therefore the bank’s responsibility to prove the customer’s negligence in custody of their access credentials.
In the absence of such proof, the intermediary institution will have to return the money illegally withdrawn, precisely as a result of the alleged inadequacy of its security systems. So, who will compensate if the money disappears from the checking account? Certainly, the bank, which bears the proof that it has done everything possible, according to the criteria of professional diligence, to prevent fraud. Therefore, he will have to acknowledge that he is using an IT system appropriate to the risks. The account holder will only have the burden of proving that he has suffered the illegitimate withdrawal and therefore the damage.