Online banking fraud – new wave of internet banking scams floods Germany. More than half of Germans use online banking to conduct their financial transactions. The fact that this can be done quite practically with a smartphone makes it even more attractive.

Cyber criminals take advantage of this. They try to steal the passwords and deprive their fraud victims of their finances. Fraud of this kind will most likely continue to increase in the coming months, perhaps even years. Have you had part of your savings or possibly your entire fortune stolen in an online banking scam?

In many cases, the perpetrators are abroad. A circumstance that makes it difficult to recover the money. And how do the banks usually react? They often refer the victims to their obligations as bank customers, which they have allegedly violated. Is that really the case?

Table of contents

  1. Online banking fraud: the perpetrators’ approach
  2. The fraud has occurred – what to do?
  3. Legal situation, compensation, liability
  4. Account hacked: getting your money back?
  5. In concrete terms: 10 tips to protect yourself from online banking fraud
  6. Online banking fraud – lawyer helps and supports

How do the fraudsters commit their crimes?

The criminal perpetrators have a number of ways to hack into online banking accounts and commit fraud. Many use phishing and pharming techniques. The goal of a phishing attack is identity theft. A common tactic is to create fake emails or websites that look like they are used by the banks they claim to be.

Users are asked to enter their own passwords, which are then given to the fraudsters. Pharming uses computer viruses to redirect consumers to a fake website, even if they enter the correct URL. Fraudsters can even use this malware to exchange account numbers.

In this way, they make themselves recipients of financial transactions. Even with a special TAN, which is actually required for secure bank transactions, it is no longer possible to adequately protect oneself from fraudsters.

What should be considered in the event of fraud?

Detecting this type of online banking fraud is quite difficult. Often, the problem is only discovered when the account balances show a lack of funds. Some of these cases may also come to light later than they should. This means you need to protect yourself as best you can in advance.

If you are asked to provide personal data or TANs, you should be very vigilant, as it could be a phishing scam. Don’t forget to check your account numbers carefully if you notice a small change on your usual banking website. Contact your bank immediately if you notice anything suspicious.

If you have been the victim of an online banking scam despite taking all preventative measures, you should act immediately. Contact a lawyer immediately. If necessary, the accounts in question can be blocked.

To find out whether the perpetrator(s) have already withdrawn money from your account, you should check your bank statements. You should also alert the police as soon as possible.

Legal regulations & compensation

Who bears the burden of proof and is liable for any financial loss incurred? Who is responsible in cases of online banking fraud? If a third party gains unauthorised access to your account and carries out unauthorised transactions, you as a victim of fraud generally have a claim for damages against the bank (see § 675u BGB).

You only have to prove to the bank that it was not you but an unauthorised third party who transferred the money. Banks can also sue for damages under certain circumstances. If a person does not fulfil their responsibility towards the bank, they can be held liable for their actions (§ 675v BGB).

Online banking fraud – who is liable in case of fraud?

More and more bank customers, both private individuals and companies, are falling victim to internet fraudsters. Trojans or phishing software are used by cyber criminals to steal customers’ personal data and empty their bank accounts. But who bears the responsibility for a hacked bank account?

What due diligence obligations does the bank customer have to avoid joint liability?

Online banking – clear duties of care for the account holder

The German Civil Code (BGB) stipulates in § 675I that online banking customers must take all reasonable measures to ensure that their personal security features cannot be accessed by third parties. An obvious violation occurs when someone does the following:

  • write down your PIN on a piece of paper and keep it with your EC card or carry it with you
  • Carries out online banking on an unprotected computer (without virus protection programmes, firewall, etc.) or a computer accessible to the public (library, Internet café)
  • gives his PIN and TAN when contacting the bank by telephone or electronically or otherwise passes them on to unauthorised third parties.

If an account holder fails to take these precautionary measures, he or she is guilty of gross negligence under section 675v (2) of the German Civil Code.

Account hacked? Liability claims

In the case of a hacked bank account, the liability of the credit institution is determined on a case-by-case basis. However, in the case of online banking fraud, the legislator has provided additional safeguards in §§ 675 ff. BGB, the legislator has provided additional safeguards.

If your bank account is hacked and you lose money as a result, you may be entitled to compensation from the bank. Payment service providers are obliged to quickly refund the money to the victim of a stolen amount or restore the account to its previous state if an unlawful payment transaction has taken place.

However, the customer must be able to prove that the transfer was initiated by a fraudster and not by him or herself. If a thief uses an EC card to withdraw money from an ATM, the victim must be able to prove that the bank card has been lost or stolen.

That is why it is even more important to report a stolen or lost EC card to the banking institution as soon as possible.

When two claims are challenged in court

Online banking fraud is a double-edged issue. According to § 675u BGB and § 675v BGB in conjunction with § 675l BGB, the bank also has a claim for the return of the lost money.

Nevertheless, the following applies: The bank must restore the affected account to the condition it would have been in without the illegal payment if the customer had fulfilled his or her duty of care.

The two claims are set off against each other if it is established that the consumer has breached his duty of care. Offsetting according to § 387 BGB results in both parties having a claim in the same amount against each other. This does not result in a financial obligation for either party.

Since you do not get your stolen money back in this case, this is extremely annoying. The most important information is summarised once again:

  1. First of all, the bank must take action. Even if the fraudsters have used your PIN to place an order via your bank account, your banking institution must be able to prove that a genuine PIN was used and that the bank’s systems show no signs of malfunction. If you have taken the necessary precautions to prevent unwanted access, this is the case.
  2. If the mobile operator intercepts the transaction numbers sent by the bank via SMS, you are not liable. In this case, the bank is legally obliged to pay for the damage.
  3. If malfunctions occur on your mobile phone, you are not obliged to inform the bank.

Online bank account hacked: get your money back?

Is it possible to get your money back after your online banking account has been hacked and emptied? There are two ways to approach this legally.

  1. Possibility: If the account was hacked by criminals, although the account holder fulfilled his duty of care, he can assert his claim for repayment of the money against the financial institution. The stolen money can be recovered in this way.
  2. Possibility: Recover the money from the perpetrators.

However, this is often an almost hopeless endeavour – especially if the person affected by the fraud is too slow to act. In the vast majority of cases, the perpetrators cannot be convicted. Financial couriers or middlemen can also be involved.

Sometimes a transfer is made to a domestic bank account first. It often happens that account users have money worries and are lured with an attractive job offer: They make their account available to the perpetrators and participate in the illegal transactions.

After a successful hacking attempt, the money that ends up in the account is transferred to the actual perpetrators for a fee. These often have international accounts: Reversing the money transfer is almost as impossible as identifying the perpetrator.

10 concrete recommendations for action to protect against online banking fraud

In most cases, you should take care of the security of your online banking yourself. Below you will find 10 practical tips on how to avoid becoming a victim of fraud.

  1. Be careful with your personal data. Make sure you do not leave your password and PIN lying around in the open and do not write them down. Do not give your password to anyone else under any circumstances.
  2. Anti-virus software should be installed. With an up-to-date firewall, fraudsters are less likely to get their hands on your personal data. You can also activate phishing protection in your browser.
  3. When searching for your online banking site, enter the URL manually. Avoid using the search bar suggestions and do not connect to other websites. Don’t forget to secure your internet connection.
  4. In addition, it is important to use the latest TAN procedures. Ask your bank about security procedures.
  5. Make sure that your password has a sufficient number of digits if you can change it manually yourself. Numbers, upper and lower case letters and special characters should be used.
  6. Setting a transfer limit is the last step. This way, in case of a fraudulent transaction, you will not lose more than the specified amount.
  7. When transferring files, it is advisable to do so at home. Public wireless networks make it easier for criminals to steal your personal data.
  8. If you want to protect yourself successfully, you need to pay attention to details. Don’t log into internet banking if something doesn’t seem right.
  9. Pay special attention to mobile banking and the so-called smartphone banks.
  10. In any case, you should notify your bank immediately if you have been the victim of an online banking scam. Change your password and call the police if you have been hacked.

Online banking fraud – lawyers can help

The assistance of a lawyer is essential when two claims – that of the customer and that of the bank – collide. So if you ever find yourself in the situation of being a victim of online banking fraud, our team of lawyers is here to help. Get in touch with us. We will be happy to help you.

As soon as a bank suspects fraud, it assumes that the customer is at fault and consequently they have to pay for any losses themselves. You need to know that you have the possibility to defend yourself against this. If you have become a victim of online banking fraud, you should immediately notify the police.

The criminal relevance will be examined and, if necessary, evidence will be secured. Legal expenses insurance can be helpful in finding a competent lawyer and protect you from the financial consequences of a legal dispute with your financial institution.

Time and again, desperate clients who have fallen for internet fraud contact us. The first important step is to contact a law firm. Together with you, we reconstruct the exact course of events and work out a strategy with the aim of getting your money back.