The Supreme Court has just failed in favor of users and against banking in one of the most recurrent issues in recent years: Scams through the Internet. He declares that banking is the main responsible in these cases of fraud, being forced to immediately replenish all money stolen from the client.
It is not a user thing. The Supreme Court has confirmed A sentence issued on April 9in which the Civil Chamber rejected the appeal filed by Ibercaja against a resolution issued by the Provincial Court of Zaragoza in November 2022.
In this sentence 571/2025 it is underlined that good banking practices require the activation of systems capable of detecting suspicious activities, as well as blocking or verifying high -risk operations.
Almost 60,000 euros, back to pocket. Unless it can be demonstrated that the client acted negligently, the bank is obliged to assume responsibility and return the money immediately. In this case, Ibercaja Banco SA must reintegrate a client 56,474.63 euros stolen from his account through Sim Swappinga system to supplant our identity stealing the telephone number.
Judge Manuel Almenar Belenguer uses the European Directive before payment servicesas well as the Spanish regulations, concluding that if there is no negligence, the user’s only obligation is to notify the bank about any type of unauthorized operation.
The new jurisprudence. This case feels a fundamental precedent since it establishes that, from now on, the banking entities will be the main responsible in cases of Phishing banking. Consequently, they must respond for user -unauthorized operations, thus marking a significant change in customer protection against electronic fraud.
“The advances of current technology make relatively easy to design ideal computer systems or applications to detect certain anomalies in the provision of payment services. Operations that, in the case of companies or companies with a concrete corporate purpose, can be described as ordinary, must immediately raise suspicions and give rise to an answer when they affect natural persons outside of such activity.”
Banks will no longer have an excuse. Based on Judisprudence, it is stated that contractual clauses that exempt the banking entities of their responsibility with users regarding unauthorized operations must be declared knots.
Until now, banks could hide in alleged bad practices carried out by the user, such as having introduced their data on websites or malicious links. After this sentence, they are responsible for any unauthorized operation.
A plague with which the government tries to end. Scams per call and SMS are a plague. So much, that the Ministry of Digital Transformation It has been trying to put a brake over a year. He End of commercial calls It arrived in February 2025 under ministerial order, but this is just a tiny part in the cybethaf cake.
False calls, Scams by WhatsApp, malware in stores like Google Play, Identity Supplant by SMS… tactics change and evolve to continue having an affectation and result. Recently, The Civil Guard dismantled a network of cybers allegedly led by a 19 -year -old student.
User’s responsibility. Despite the additional protection that the clients of the entities will enjoy in case of cybetafa, it falls on the roof of the user not to fall into practices that can end up being considered as negligence. These have not established themselves, but it is worth not introducing our phone, personal email on the websites whose origin we are not clear.
In case of using Android, we are also responsible for what we download and where we download it, as well as the permits that we give to the applications. Protecting goes beyond possible money subtractions: it is especially easy to end up giving all our data to cybers.
GIPHY App Key not set. Please check settings