Banks may not have to pay for phished users

If you are dumb enough to fall for a phishing scam, you have only yourself to blame and your bank does not have to bail you out, a top German court has decided.

The German Federal Court of Justice in the southwestern city of Karlsruhe has ruled that clients, and not banks, are responsible for money lost in online phishing scams.

A German retiree lost $6,608 in a bank transfer fraudulently sent to Greece as part of a phishing scam.

According to the The Local, the man gave phishers 10 transaction numbers, also known as TAN codes, which are commonly used in German banks, on a site which looked like his bank’s site, Sparda Bank.

The court ruled the bank had specifically provided warnings to its customers against this practice, so the man was responsible.

The customer argued that the bank had a duty to protect its customers from the abuse of these codes. So far, however, the courts have not agreed.

Sparda Bank had warned that it was “widely known” that being asked to input multiple TAN codes was a sure fire sign of phishing.

It is not clear at this point how influential this ruling will be in the rest of the EU. Certainly we expect the court’s arguments will be touted in similar cases thoughout the region.