In mid-September 2021, a woman from Małopolska received a call from a man pretending to be a bank employee. He knew the woman’s details, including her name. He said that there had been an attempted theft on her bank account and recommended that the account and card be secured. He advised the woman to download a special application that was supposed to detect fraudulent transactions. In fact, the application was used to view user data.
The woman installed the application according to the man’s instructions. She also heard that text messages would be sent to her phone with the amounts that the thieves were trying to steal. At the man’s request, she provided the information contained in these text messages. Finally, she heard that the thieves also tried to take out a loan of PLN 15,000 for her. zloty. The woman then became seriously suspicious and hung up.
A resident of Małopolska logged into her bank account and realized that not only had her money been stolen (a total of PLN 9.7 thousand), but also that it had been transferred to her account from a loan she had taken out (nearly PLN 15,000, the thieves did not have time to steal funds). When she called the bank, she was told that she had authorized all these transactions.
A few days later, the bank client filed a complaint. She claimed that she had not entered any transaction authorization codes anywhere. The bank did not accept the complaint. An investigation was also initiated into the case, which was ultimately discontinued due to the failure to detect the perpetrator.
However, the woman decided not to give up. In August last year, she sued the bank, demanding the return of PLN 9,700. PLN along with statutory interest. The bank accused the woman of showing gross negligence and recklessness. He also pointed out that the client was repeatedly informed in the messages sent about the criminals’ methods of operation and security rules. Moreover, the transactions did not arouse the bank’s suspicions because the amounts did not differ significantly from the transfers the client had previously made.
“Although, as a result of manipulation, she was mistaken as to the nature of the activities performed, there is no doubt that she thoughtlessly provided a third party with all electronic banking data necessary to authorize and then carry out the questioned transactions” – we read in the justification of the judgment of the District Court for Krakow – Podgórze in Krakow, which fell on December 20.
A fraudster robbed a woman. The court dismissed the lawsuit
The court agreed with the bank and also found that the woman had committed “gross negligence” and the lawsuit must be dismissed. He pointed out, among other things, that according to the regulations, “the payer is liable for unauthorized payment transactions in the full amount if he or she caused them intentionally or as a result of an intentional or grossly negligent violation.” The ruling is invalid.
“There is no doubt that the plaintiff independently installed an application on her phone used to monitor her activity in real time, including tracking entered data and passwords. She then sent her interlocutor data used to authorize individual transactions, i.e. all SMS passwords necessary for carrying out operations initiated by an unauthorized person. The bank sent authorization passwords to the plaintiff’s telephone number – in accordance with the contract between the parties,” we read.
The court noted that “it was the plaintiff who caused a third party to obtain data allowing him to withdraw funds from her account.” “Since the disclosure of authentication and authorization data occurred consciously and due to the user’s fault, the bank is not responsible for the loss of his financial resources,” he emphasized.
The woman herself admitted that she had not read the security advice sent by the bank. “She thoughtlessly downloaded the application to her phone without reading its description and without checking what it was actually used for. Thanks to the application, the perpetrator gained access to the plaintiff’s data enabling her to log in to online banking. Moreover, she sent SMS messages containing authentication data for transactions made to an unauthorized person” – indicated by the court.
Source: Gazeta
Mabel is a talented author and journalist with a passion for all things technology. As an experienced writer for the 247 News Agency, she has established a reputation for her in-depth reporting and expert analysis on the latest developments in the tech industry.
