Spanish Court Orders Bank to Refund €46,000 Over Failure to Detect Fraudulent Transactions
The Provincial Court of Santa Cruz de Tenerife has ordered a bank to refund 45,967 euros to a client, ruling that the institution failed to prevent fraudulent transactions despite clear warning signs of the customer's digital vulnerability.
A recent ruling by the Provincial Court of Santa Cruz de Tenerife has set a major precedent for bank liability in cybercrime cases. The court ordered a bank to refund 45,967 euros to a client, concluding that the institution failed to properly monitor transactions that showed clear signs of fraud.
The criminal case resulted in a one-and-a-half-year prison sentence for the perpetrator. Because the individual is insolvent, the court ruled that the bank must cover the losses. The core issue was not who committed the crime, but the bank’s failure to flag a series of suspicious transactions between May and June 2021. During this time, multiple daily transfers of 999 euros were made—a pattern the judges noted was highly unusual and inconsistent with the client’s typical banking behavior.
The case highlights the risks vulnerable customers face with digital banking. The client, who struggled with technology, had previously been a victim of theft by her son—a situation bank staff were already aware of. Despite the client’s repeated requests to cancel her cards, the bank allowed digital banking to be set up using an email address linked to her son, which bypassed security protocols.
The bank argued that it had not been negligent, noting that the transactions were validated with legitimate credentials and that it had met its obligations regarding security information. However, the court rejected this defense. The judges emphasized that European payment regulations require banks to do more than just verify passwords. They concluded that the bank prioritized selling investment products to the client—following a recent real estate sale—over monitoring for fraud, ignoring clear warning signs that should have triggered an investigation.
This ruling reinforces the idea that banks act as guarantors in the digital space. The court concluded that when a bank is aware of a client’s digital vulnerability and history of issues, it has a duty to exercise extra caution. Ultimately, the court found that account supervision is not just a technical requirement, but a proactive responsibility that must be tailored to the specific needs of each customer to prevent fraud.