Home Page Navigation Contents Contact Sitemap Search

Cau­tion advised with pay­ment orders by e-mail

A new Fed­eral Court ruling is the talk of the town: Hackers ran­sacked a customer’s account, and his bank didn’t accept any lia­bility. Yet you can pro­tect your­self against such losses.

Jean-Claude Hen­choz (name changed) went into shock when he read the last ruling: The Fed­eral Court had decided that a Geneva pri­vate bank cus­tomer had to foot the bill him­self for the damage a hacker had caused him. And this after the can­tonal court in the pre­vious instance had ordered the bank to repay the majority of his loss to Hen­choz, amounting to sev­eral hun­dred thou­sand Euros.

Crim­i­nals had obtained access to this bank customer’s e-mail account and used it to send out sev­eral pay­ment orders to his bank. Cer­tain accounts abroad were stated as the recip­i­ents of these pay­ments. The problem: As per the con­tract between bank and cus­tomer, it was pos­sible to make pay­ment orders via e-mail, tele­phone or fax. There was no need for any written order. Hackers exploited this fact.

While the Geneva can­tonal court had found that the bank should have noticed these improper pay­ments at an early stage and stop them, the Fed­eral Court saw no error on the bank’s part, since con­trac­tu­ally gov­erned orders via e-mail don’t have to be auto­mat­i­cally con­sid­ered poten­tially fraud­u­lent and there­fore don’t have to be checked. Risks with regard to iden­ti­fi­ca­tion and trans­mis­sion errors are borne by the customer.

Please note the fol­lowing rec­om­men­da­tions to pro­tect your­self against losses as a result of improper pay­ment orders:

  • Where pos­sible, only ever make pay­ment orders via your bank’s e-banking facility or mobile banking app, or in person at your branch. Have other chan­nels such as e-mail, tele­phone and fax con­trac­tu­ally blocked for pay­ment purposes.
  • In case you just cannot do without pay­ment orders via e-mail, use an e-mail provider who offers two-factor authen­tifi­ca­tion, and avail your­self of this addi­tional level of protection.
  • Use dif­ferent, com­plex pass­words for all your e-mail accounts and for e-banking. Keep them safe (e. g. inside a pass­word man­ager), and never let any­body know your passwords.
  • Create a sep­a­rate e-mail address to com­mu­ni­cate with your bank. Don’t use this address for any other pur­pose, and don’t advise anyone but your bank of this address.
  • Where pos­sible, ask your bank to set up a trans­ac­tion autho­ri­sa­tion facility so that all pay­ment orders from a cer­tain amount onwards have to be explic­itly approved by you via a dif­ferent channel (e. g. tele­phone) before they are executed.
  • Reg­u­larly check your bank state­ments, and also look at the last entries of your state­ment online. If there are any dis­crep­an­cies, you should imme­di­ately notify your bank.

What else would you like to learn about security when e-banking?

Reg­ister for a course now
and learn more:

Basic course

Find out about cur­rent Internet threats and some easy pro­tec­tive mea­sures, and how to securely use e-banking.

fur­ther information

Online course mobile banking/payments

Find out about mobile banking, mobile pay­ments and how to securely use these apps.

fur­ther information

Online course for the under-30s

Learn how to use your smart­phone securely. Next to basics, we will show you what you should know about social media, clouds, mobile banking and mobile payments.

fur­ther information

Course for SMEs

Is your organ­i­sa­tion suf­fi­ciently secure? Learn which mea­sures you can take to sig­nif­i­cantly strengthen your organisation’s IT security.

fur­ther information