Bank Liability Questioned in Fraud Case Following Conviction for €46,000 Theft
A court is weighing whether a bank should be held civilly liable for failing to protect a vulnerable client from digital fraud after a man was sentenced for stealing nearly 46,000 euros from her account.
The debate over whether banks should be held responsible for digital fraud has intensified following a recent court case. A man has been sentenced to 21 months in prison for stealing 45,967 euros from a woman’s bank account between May and June 2021. While the criminal case is now closed, a significant legal question remains: should the bank be held civilly liable for repaying the stolen funds?
The defendant, who originally faced a three-year sentence, admitted to the theft. He claimed the victim’s son provided him with the necessary banking credentials, the mobile device, and the email address linked to the account. He testified that he carried out 14 separate transfers in exchange for a commission, exploiting the victim’s financial vulnerability following a property sale.
The trial centered on whether the bank exercised proper due diligence. The account manager admitted that the 68-year-old client struggled with digital tools and that branch staff were aware of this. Although the employee had previously flagged the son’s frequent small withdrawals, the bank did not trigger any specific security protocols to protect a customer clearly at risk.
Prosecutors argue that the bank failed in its duty to oversee the account, noting that the digital activity was inconsistent with the client’s known technological abilities. Conversely, the bank’s defense maintains that its security systems were not breached and that all transactions met standard requirements. They argue that a customer’s age should not be a factor in determining the validity of digital transactions.
This case highlights the ongoing tension between the push for digital banking and the need for consumer protection. Under current regulations, which follow European Directive 2015/2366, the burden of proof lies with the bank; if a transaction is unauthorized, the institution must prove the client acted with gross negligence or fraud. Courts are increasingly requiring that security measures be accessible and functional for all users, regardless of their tech-savviness. The court must now decide if the bank’s failure to act on clear warning signs—such as the suspicious account activity and the client’s profile—is enough to hold them responsible for the victim's loss.