A verdict against a German financial institution is once again sparking a debate about a bank’s liability in cases of successful phishing scams. How is this handled in Switzerland?
Should bank customers fall for a phishing attempt and lose their money because of unauthorised access to their bank account, financial institutions assume in most cases that they have neglected their duty of care. Reimbursements are therefore only ever made out of goodwill, and usually only cover part of the loss.
A new verdict from Germany now questions standard bank practice: The district court of Berlin required the Apotheker- und Ärztebank to reimburse more than 200.000 Euros and is demanding improved fraud prevention (source: Heise online). For the first time, a court has therefore strengthened bank customers’ rights in scam attempt cases similar to phishing attacks, at the same time reminding financial institutions of their technological duties.
This verdict illustrates that with scam scenarios becoming ever more sophisticated, the assumption of negligence is hardly tenable anymore. The attackers used a highly professional approach, deceiving their victim several times in the process. According to the court, falling for such a “nearly perfectly staged scam” does not constitute a grossly negligent act. The bank should have been able to detect and prevent the attack using technological measures. This view is in line with the tendency of other German courts and sends out an important signal.
In digital fraud cases in Switzerland, case law is currently still more restrained. With most phishing attacks picked up on by the media, the decision on whether any reimbursement is made remains with the banks. In the majority of cases, these still assume a breach of a victim’s duty of care and will often not pay for any losses.
For the time being, responsibility to protect against phishing and other scams therefore still remains with the end consumer. You can find out how not to fall into the trap in our article on phishing.
