The Court of First Instance and Instruction number 1 of Moncada has sentenced a bank to pay a client the 5,895 euros plus interest, which she lost after being a victim of a fraud known as 'phishing', in which payments were charged on her bank account that she did not authorize.
The judge, in accordance with the criteria of current jurisprudence, thus upholds the claim filed by the injured party and concludes that the bank is responsible for the incorrect execution of two operations carried out on the injured party's account, which constituted fraud.
The events began when the woman received an email, which apparently came from her bank, asking for her personal information and the access codes to her bank accounts. After providing them, the fraudulent charges were made corresponding to two card purchases in a technology product store in Barcelona, which the victim had neither made nor authorized.
In his resolution, the judge cites jurisprudence of the Provincial Courts of Madrid, La Rioja or Alicante, among others, and establishes that the applicable legislation in these cases places the responsibility on the bank, unless a fraudulent or serious client fault.
In the court case, it was not proven that the woman acted fraudulently or with gross negligence. Nor was it shown that the bank had provided the victim with sufficient 'antiphishing' supervision mechanisms, to prevent this fraud "without the generic notices on the bank's website being sufficient."
The magistrate argues that the legislation does not attribute responsibility to users in these unauthorized operations due to the lack of means they have to detect these frauds, which banks must have.
The ruling concludes that the cases of 'phishing' respond to "very elaborate criminal conduct, often perpetrated by professional deceivers, who accurately simulate authentic formats (...) and are quite easily misleading".
In this sense, the resolution considers that banks should design control systems for unusual movements or charges that are out of the ordinary, as is the case, since in the deception of which the woman was a victim, there was a modification of the limit daily maximum established in the credit card contract, without the entity verifying that it had been its client who had ordered said modification.
