The bank must compensate the victim of embezzlement and other fraud

Banks and credit cards are preferred targets for fraudsters. In a study published by Serasa Experian, of the 331,200 frauds applied in Brazil in May of this year, 53.3% of them misused the identity to open accounts and issue cards without the owner’s authorization. When this happens, are financial institutions responsible for returning the money to the victim?




Photo: RacoolStudio/Freepik/DINO

University professor and lawyer Fabricio Posocco, from Posocco & Advogados Associados, reminds that, according to the understanding of the Supreme Court of Justice (STJ), yes. “The thesis established in precedent 479 STJ is that financial institutions are objectively responsible for damage caused by fraud or the use of false documents”.

Fraudulent bank account opening and handling

A lawyer specializing in consumer law explains that fraudulent operations, such as obtaining loans and opening accounts using false identification, must be canceled by the bank. “What was unjustifiably charged must be returned to the consumer, because he is not responsible for damage for which he is not responsible, according to Article 393 of the Civil Code.”

Pix fraud and kidnapping

Since the launch of Pix, in November 2020, until the last month of July, more than 933 million BRL transactions have been confirmed. Unfortunately, not all of them are legitimate. In courts across the country, there are victims of service failures, such as unauthorized transfers made due to stolen cell phones, lightning hijacking and coercion of Pix key registration.

“Judges have condemned banks for compensating clients. Decisions, for the most part, point out that financial institutions must invest in the security of their branches, services and, mainly, in the areas of online banking and digital applications. For the judges, it is up to the bank to verify the regularity of transactions, as well as to evaluate the entire profile of the client to block those who are suspicious, under penalty of configuration of civil liability of financial institutions,” quotes Posocco.

Fraud in credit card transactions

A leak of sensitive data, like the one that happened last December at the Central Bank, can be used by fraudsters who use fake call center and fake motoboy scams, for example. Then the usernames, CPF, bank, branch number and account number of around 160,000 people were exposed.

“The fraudster contacts the victim by phone, pretending to be a fake employee of the bank or company with which he is related. He says that the card has been purchased or cloned. Then he asks for confirmation of personal and bank information, which he already has. The tactic leads the consumer to believe that he talks to the bank. Later, the victim realizes that he has suffered a financial loss,” says the lawyer.

Posocco emphasizes that companies are obliged to protect customers’ personal data and passwords from leaks, in accordance with the General Data Protection Act (LGPD). “In case of failure to comply with this procedure, as stated in Article 42 of the LGPD, the controller or operator who causes property, moral, individual or collective damage to another is obliged to repair it”.

What if the data breach was not initiated by the financial institution whose client was the victim? The expert explains that the bank is responsible for not identifying repeated transfers, in a short period of time and beyond the usual amount. “Each financial institution knows the client’s profile. Therefore, in the case of atypical transactions, the bank must prevent authentication and collect confirmation from the client”.

malicious messages

In 2021, mobile attacks reached 70.61% and already represent the majority of fraud affecting Brazilian e-commerce, anti-fraud firm Konduto reveals.

The fraudster develops a fake website and social network profile to auction and sell products, clones WhatsApp, sends SMS with a misleading link, creates an unauthorized ticket and asks for updates to applications of social programs and benefits for citizens, such as Caixa Tem. All this comes to the victim through a smartphone. The problem is that they never deliver the goods paid for and can still steal personal and financial information.

“When an account on a social network is hacked by an embezzler, in order to sell non-existent products and ask for money from contacts, the platform can also be liable for moral damages to the victim,” warns Posocco.

What to do to get the money back

Lawyer Fabricio Posocco advises that STJ Precedent 297 and Article 3 paragraph 2 of the Consumer Protection Code establish that the bank is a service provider and is responsible for any risk arising from its activity. In other words, any unexpected damage to the consumer must be compensated by the bank.

“The victim must contact the financial institution to report the fraud and dispute the amounts. He must also register a police report (BO) at a physical or virtual police station. The victim finds a link to the electronic police station,” recommends the expert.

In order to further reduce the damage, in case of theft of the mobile phone, the victim must also inform the phone operator to block the device using the IMEI. Then, using another smartphone, you need to change all passwords for e-mail, social networks and other applications that were on the device taken by the criminal.

“The current legislation and theses established by the higher courts guarantee that, if the money is not returned by the financial institution, the consumer protection agencies, such as Procon or the judiciary, can be contacted to repair the damage,” concludes Fabricio.Posocco, from the office of Posocco & Advogados Associados.

To find out more, just access the website: https://posocco.com.br

Web page:

https://posocco.com.br

Leave a Reply

Your email address will not be published. Required fields are marked *