After logging in to the site of the bank, you see the message
the need to install software on the phone, which is to protect you
from criminals. Obediently you perform the command, and a few days later
account history you see a series of transfers to unknown people. In such
case, the bank will return the money?
In recent years, the pages Bankier.pl repeatedly
We warned against malware targeting the customers of banks.
Trojans such as ZeuS or mobile ZitMo, attacked users what
least a few Polish institutions. Functional diagram of a pest
as follows:
- Trojan horse infect the victim’s computer
(Infection can take place, eg. When you open the attachment to the message
e-mail). - The software captures data logging
in the service of internet banking on the victim’s computer. - When you use the services of the bank pest “injected” into your browser
web extra
message displayed so that it seemed that it comes from the bank.
He encouraged to install additional software on the phone (eg.
“Antivirus” or “certification”). - You install on your phone
software that invisibly to the victim forward your SMS
authorization to another number. - Criminals having a set of data needed
to perform the operation, looted funds from your account by transferring it to the accounts of intermediaries-poles
(Sometimes recruited under the guise of working with “accounting transfers”).
The victims of such crimes often were forced to
struggle to regain their funds before the court. Banks often rejected
complaints, citing provisions in the law on payment services, saying,
that unauthorized transactions charged to the customer if he showed a blatant
negligence in the protection of data enabling access to the account. assumed
the fact that if the customer himself has installed additional software
phone and did not protect your computer against infection, it showed
was indicated by the negligence of law.
The courts in such situations, however, can stand on the side
client. That is so, in fact, can provide two recent judgments
District Court in Lodz, which drew attention publisher facebookowe’go
fanpage “PozwałemBank.”
Antivirus did not help
In both cases, the case concerned the events of a few
years, the awareness of the risks associated with mobile Trojans was
still relatively small. Customers had at their computers
date antivirus software installed, but nevertheless fell
victim of malware.
Assuming that the message about the need to install
additional software on the phone really comes from the bank fulfilled
requests criminals. In the first case the client has lost almost
140 thousand. zł, and the second from customer accounts poured nearly 90 thousand. zł. In both
cases, the bank refused to return the funds that flowed from accounts
as a result of unauthorized by the holders of the operation, citing records
bill payment services on gross negligence.
Court against the bank
The court does not share that point of view. In one of the cases
we read: “The Court considers that the plaintiff can not be assigned to enable a
unauthorized transactions as a result of gross negligence. computer plaintiff
You have antivirus software installed. In the opinion of the Court use
by the applicant from the displayed page when you log on Bank statement
encouraging users to ‘additional protection for the telephone, which
It resulted in further infection of malware
Camera mobile phone and PC plaintiff
bears the features of gross negligence (emphasis editorial). “
“The plaintiff had the right to remain in the belief that the message
displays when you log on the website of the Bank comes precisely from the Bank and
is getting better security. A message saying the need to download
additional security software appear after typing the address
the true side of mBank and appears on this page. Message occupied part
part. He was also a visible symbol of a closed padlock denoting safe
page. It was possible to bypass this message and the normal use of the site
the bank. Bank warned not to date
events their customers from this kind of messages (emphasis added. Ed.)
He not informed that the exercise of which may entail negative consequences ”
we read in the document.
“It should be emphasized that the plaintiff did not provide your username
or password to a bank account, and only a phone number, so it does not infringe
the obligation referred to in Article. 42 paragraph. 2 bill payment services. (…)
Unfounded is the same claim the defendant that the plaintiff contributed to
the damage. It should be noted that the plaintiff fulfilled due to the art. 42
paragraph. 1 point. 2 of the Law on Payment Services must immediately
notification of the occurrence of an unauthorized payment transaction, “the Court pointed out
District in Lodz in a document dated 8 February 2016.
Banking Network – safe or reckless?
do not block access to the phone, use the same password for different systems, log on to the bank, despite unsecured WiFi, too rarely monitor transfers and payments – these are just some of the sins of customers internet and mobile banking – says Michał Kisiel.
Customers will receive a refund
In both cases, the court ordered the bank to promptly
refund of amounts of unauthorized payment transactions and transfer fees
commissioned by criminals. Customers will also receive interest and reimbursement
incurred in connection with the process.
In the first case (Judgment
SO in Łódź of 01.15.2016 r., Ref. Act I C 307/15) the judgment is
final, and the bank did not appeal. In the second (Judgment
SO in Łódź of 01.27.2016 r., Ref. Act I C from 1908 to 1914), the defendant may
still appeal. Decisions of Lodz court may be helpful for
people who have been victims of similar crimes, if only because of
of the circumstances that convinced justice to the arguments
customers.
Michal Kisiel
No comments:
Post a Comment