EU advocate general rules on bank liability for phishing victims

On Thursday, Athanasios Rantos, Advocate General of the Court of Justice of the European Union, issued an opinion regarding a case involving a Polish citizen who fell victim to a phishing scam. The user was deceived by an individual posing as a buyer on an auction site, leading her to enter credentials into a fraudulent website that mimicked her bank's interface. Consequently, an unauthorized transaction was executed from her account, and the bank refused to refund the stolen funds, citing gross negligence on the customer's part. The case was brought before a national Polish court, which requested a preliminary ruling from the EU Court of Justice on whether banks must immediately refund such amounts. Advocate General Rantos argued that under EU law, a bank must provide an immediate refund unless it has documented, well-founded suspicions of fraud reported to authorities. However, this immediate obligation does not prevent the bank from later seeking to recover the losses from the customer if it is proven that the user violated their contractual obligations. Rantos emphasized that consumer protection remains the priority in such financial disputes.