Banks will have to refund victims of phishing scams.
A Supreme Court ruling rules in favor of a woman who had 83,000 euros stolen from her in a single night.

BarcelonaOvernight, more than fifteen transfers had been made to his account, and 83,000 euros had been stolen. SIM swapping, which involves duplicating SIM cards to access confidential information and take control of digital banking. Their case has reached the Supreme Court and resulted in a ruling requiring banks to return money lost in scams. phishing or identity theft if they cannot prove that the client has been careless to the point of gross negligence. woman who brought the case to court, the judges reproach that "such an unusual event" as fifteen transfers of more than 80,000 euros in one night "did not set off alarm bells at that very moment"
In fact, the Supreme Court emphasizes that technological advances and computer tools are already suitable for detecting certain anomalies" in payments. "It cannot be considered normal and irrelevant that a person who never carries out transactions at dawn, suddenly carries out up to seventeen transactions in a row and for such a high amount," the court reproaches the bank.
With this ruling, the Supreme Court establishes that if the affected customer immediately reports that their data has been stolen to make an unauthorized transfer, the bank "must rectify the situation and refund the amount immediately, unless it has reasonable grounds to suspect fraud and communicates these reasons in writing." However, regarding whether the fraud could be attributed to the customer's negligence, the ruling clarifies that the fact that a third party gains access to a user's digital banking "does not imply any negligence" because the bank codes were stolen.
In the specific case that led to the ruling, the court found "diligent conduct" on the part of the affected party, who reported the information immediately and repeatedly. On the other hand, it accuses Ibercaja of acting "defectively, both in failing to take into consideration the information received despite its seriousness, and in failing to adopt measures that would enable the detection of potential fraudulent schemes."