A Significant Court Ruling in Greece on Online Fraud and Unauthorized Electronic Transactions
The rapid expansion of electronic transactions and e-banking services has simultaneously given rise to an increasingly complex field of legal disputes relating to online fraud, phishing, and unauthorized transfers of funds. Greek courts are now called upon to assess, on the basis of strict legal criteria, the obligations of payment service providers and the actual scope of their liability towards their customers.
In this context, a recent decision of the Athens Single-Member Court of First Instance, issued in a case handled by our firm following intense litigation, is of particular legal significance. This ruling clearly strengthens the position of victims of online banking fraud and clarifies critical issues concerning the concept of an “authorized transaction”, the burden of proof, and the liability of banks and other payment service providers.
The Factual Background of the Case
The case concerned a series of unauthorized electronic transactions, carried out through electronic banking services (e-banking and mobile banking) following deceptive actions by third parties. The client – the victim of the fraud – immediately contacted the payment service provider upon discovering the transfers, requesting the cancellation of the transactions and the reimbursement of the funds.
Despite timely notification, the payment service provider refused to compensate the loss, arguing that the transactions appeared to have been authorized through the prescribed security mechanisms. This led to intense judicial proceedings, focusing on whether the disputed transactions could indeed be considered lawfully authorized, and whether the security systems applied complied with the requirements of the applicable legal framework.
The Key Legal Issue
At the core of the dispute was the question: when is an electronic transaction deemed to be “authorized” by the payer, and who bears the burden of proof in the event of a dispute?
The Court examined whether the mere use of security credentials (such as passwords, OTPs or push notifications) is sufficient to establish valid user consent, or whether additional elements are required—particularly where there are indications of deception, fraud or compromise of security mechanisms.
The Legal Analysis of the Court’s Decision
The Court extensively applied the provisions of Law 4537/2018, which transposes Directive (EU) 2015/2366 (PSD2), and reached particularly clear conclusions.
First, it held that in the event of a disputed transaction, the burden of proving that the transaction was authorized and properly executed lies with the payment service provider. Mere reliance on internal system functionality or the formal completion of a transaction is insufficient.
The Court further ruled that genuine user consent cannot be automatically presumed from the activation of technical security mechanisms when it is proven that such mechanisms operated within a context of deception or fraud. Particular weight was given to the fact that the client had no intention of executing the disputed transfers and reacted immediately upon becoming aware of the issue.
Moreover, the Court emphasized that payment service providers are required to maintain effective and adequate fraud detection and prevention systems, adapted to the modern risks of electronic transactions. The absence or inadequate operation of such systems constitutes a breach of their obligations and gives rise to liability.
Award of Compensation and Moral Damages
Of particular importance is the fact that the Court did not limit itself to establishing liability, but proceeded to award:
- the full amount of the funds claimed and unlawfully removed through the unauthorized transactions, and
- monetary compensation for moral damages, taking into account the psychological distress and insecurity suffered by the victim.
At the same time—and this is a point of substantial practical importance—the Court ruled that the awarded amounts bear statutory interest from the date of service of the lawsuit. The awarding of interest from this early stage highlights the seriousness with which delays in restoring the victim’s financial position are treated and significantly increases the overall value of the claim.
The Significance of the Decision for Similar Cases
This judicial ruling has broader implications for all cases involving online fraud, phishing, and unauthorized electronic transactions in Greece. It makes clear that:
- banks and payment service providers cannot evade liability through vague references to “security systems”,
- the concept of transaction authorization is interpreted substantively rather than formally,
- victims are entitled not only to reimbursement, but also to compensation and statutory interest, and
- under certain conditions, the Court may declare a judgment provisionally enforceable, recognizing the need for the immediate protection of the injured party.
The acceptance of our request for provisional enforceability in the present case was neither automatic nor procedural. It required a specific assessment of the circumstances and significantly strengthened the position of the victim by allowing immediate satisfaction of the claim, without waiting for lengthy appellate proceedings.
For victims of online banking fraud, this decision confirms that recourse to the courts can lead to full and immediate restoration of damages, when the case is legally substantiated in a sound and methodical manner.
Conclusion
Cases involving electronic fraud and unauthorized payment transactions require a specialized legal approach, in-depth knowledge of the regulatory framework, and careful analysis of the factual background. This recent ruling confirms that Greek courts now examine the conduct of payment service providers with increased scrutiny and provide effective judicial protection to users of electronic payment services.
In an environment where electronic transactions are part of everyday life, this body of case law sends a clear message: payment security and genuine user consent are not formalities, but fundamental legal obligations.
Frequently Asked Questions (FAQ) – Online Fraud & Unauthorized Transactions
When is an electronic transaction considered unauthorized?
When there is no genuine and informed user consent, even if security codes or OTPs were used.
Can a bank be held liable in cases of phishing or online fraud?
Yes, if it fails to prove that the transaction was genuinely authorized and that adequate security measures were in place.
Who bears the burden of proof?
The burden of proof lies with the payment service provider, under Law 4537/2018.
Can the victim claim full reimbursement of the funds?
Yes, the victim may claim the full amount removed through unauthorized transactions.
Is compensation for moral damages available?
Yes, where psychological distress and insecurity are proven.
From when is statutory interest calculated?
Statutory interest may be awarded from the date of service of the lawsuit.
What does provisional enforceability mean?
It allows the claimant to enforce the judgment immediately, without waiting for it to become final.
Is judicial action worthwhile in online fraud cases?
Yes, provided the case is legally sound and properly substantiated.
When should a lawyer be consulted in cases of electronic fraud?
Immediately upon discovering an unauthorized transaction, to safeguard legal rights from the outset.
This article is for informational purposes only and does not constitute legal advice. Each case requires an individualized legal assessment based on its specific facts and the applicable legal framework. For specialized legal advice, please contact our law firm.
No comment