French court orders bank to refund stolen money

Banks must reimburse customers whose accounts have been cleaned out by criminals – unless they can prove clients passed on their details fraudulently or negligently, a court has ruled.

Published Modified

It raises the question of what happens with email “phishing” scams, in which clients are duped by legitimate-looking (but false) emails seeking their details.

In a recent case, the Cour de Cassation said the fact that criminals could access a client’s bank accounts – in this case at Crédit Mutuel – via supplied details was not proof of negligence.

The bank must go further and prove actual negligence. The client claimed that his personal data had been modified on the bank website so that confirmation codes were sent to email addresses or mobile phones that he did not own.

He claimed nearly €3,000 in reimbursements, but the bank said the client had not done enough to ensure that his banking information remained confidential.

The same court previously ruled against claimants who have given their bank details to criminals via email scams.

At the time, it said the clients had been negligent by communicating information to a phishing email that contained “clues allowing a normally attentive user to doubt its origin”.