Home Page Navigation Contents Contact Sitemap Search

Caution advised with payment orders by e-mail

A new Federal Court ruling is the talk of the town: Hackers ransacked a customer’s account, and his bank didn’t accept any liability. Yet you can protect yourself against such losses.

Jean-Claude Henchoz (name changed) went into shock when he read the last ruling: The Federal Court had decided that a Geneva private bank customer had to foot the bill himself for the damage a hacker had caused him. And this after the cantonal court in the previous instance had ordered the bank to repay the majority of his loss to Henchoz, amounting to several hundred thousand Euros.

Criminals had obtained access to this bank customer’s e-mail account and used it to send out several payment orders to his bank. Certain accounts abroad were stated as the recipients of these payments. The problem: As per the contract between bank and customer, it was possible to make payment orders via e-mail, telephone or fax. There was no need for any written order. Hackers exploited this fact.

While the Geneva cantonal court had found that the bank should have noticed these improper payments at an early stage and stop them, the Federal Court saw no error on the bank’s part, since contractually governed orders via e-mail don’t have to be automatically considered potentially fraudulent and therefore don’t have to be checked. Risks with regard to identification and transmission errors are borne by the customer.

Please note the following recommendations to protect yourself against losses as a result of improper payment orders:

  • Where possible, only ever make payment orders via your bank’s e-banking facility or mobile banking app, or in person at your branch. Have other channels such as e-mail, telephone and fax contractually blocked for payment purposes.
  • In case you just cannot do without payment orders via e-mail, use an e-mail provider who offers two-factor authentification, and avail yourself of this additional level of protection.
  • Use different, complex passwords for all your e-mail accounts and for e-banking. Keep them safe (e. g. inside a password manager), and never let anybody know your passwords.
  • Create a separate e-mail address to communicate with your bank. Don’t use this address for any other purpose, and don’t advise anyone but your bank of this address.
  • Where possible, ask your bank to set up a transaction authorisation facility so that all payment orders from a certain amount onwards have to be explicitly approved by you via a different channel (e. g. telephone) before they are executed.
  • Regularly check your bank statements, and also look at the last entries of your statement online. If there are any discrepancies, you should immediately notify your bank.

What else would you like to learn about security when e-banking?

Register for a course now
and learn more:

Online basic course

Find out about current Internet threats and some easy protective measures, and how to securely use e-banking.

further information

Online course mobile banking/payments

Find out about mobile banking, mobile payments and how to securely use these apps.

further information

Online course for the under-30s

Learn how to use your smartphone securely. Next to basics, we will show you what you should know about social media, clouds, mobile banking and mobile payments.

further information

Online course for SMEs

Is your organisation sufficiently secure? Learn which measures you can take to significantly strengthen your organisation’s IT security.

further information