EU Advocate General Rules Banks Must Immediately Refund Phishing Victims

First reported

08.03.2026 17:25

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

The Advocate General of the Court of Justice of the EU (CJEU) has issued an opinion stating that banks must immediately refund customers affected by unauthorized transactions due to phishing, even if the customer's negligence contributed to the fraud. The opinion clarifies that banks can later seek recovery of the losses if they can prove gross negligence or intentional misconduct by the customer. The case involved a Polish bank, PKO BP S.A., and a customer who fell victim to a phishing scam. The customer entered their credentials on a fake bank login page, leading to an unauthorized transaction. The bank refused to refund the victim, arguing the customer's negligence caused the loss. The Advocate General ruled that under the EU Payment Services Directive (PSD2), banks must first refund the victim unless they have reasonable grounds to suspect fraud.

Timeline

08.03.2026 17:25 1 articles · 23h ago

EU Advocate General Rules Banks Must Immediately Refund Phishing Victims
The Advocate General of the Court of Justice of the EU (CJEU) has issued an opinion stating that banks must immediately refund customers affected by unauthorized transactions due to phishing, even if the customer's negligence contributed to the fraud. The opinion clarifies that banks can later seek recovery of the losses if they can prove gross negligence or intentional misconduct by the customer. The case involved a Polish bank, PKO BP S.A., and a customer who fell victim to a phishing scam. The customer entered their credentials on a fake bank login page, leading to an unauthorized transaction. The bank refused to refund the victim, arguing the customer's negligence caused the loss. The Advocate General ruled that under the EU Payment Services Directive (PSD2), banks must first refund the victim unless they have reasonable grounds to suspect fraud.
Show sources

EU court adviser says banks must immediately refund phishing victims — www.bleepingcomputer.com — 08.03.2026 17:25
Open in new tab

Information Snippets

The Advocate General of the CJEU issued an opinion requiring banks to immediately refund phishing victims, regardless of customer negligence.
First reported: 08.03.2026 17:25

1 source, 1 article
Show sources
- EU court adviser says banks must immediately refund phishing victims — www.bleepingcomputer.com — 08.03.2026 17:25
Banks can later seek recovery of the refunded amount if they prove the customer's gross negligence or intentional misconduct.
First reported: 08.03.2026 17:25

1 source, 1 article
Show sources
- EU court adviser says banks must immediately refund phishing victims — www.bleepingcomputer.com — 08.03.2026 17:25
The case involved a Polish bank, PKO BP S.A., and a customer who fell victim to a phishing scam.
First reported: 08.03.2026 17:25

1 source, 1 article
Show sources
- EU court adviser says banks must immediately refund phishing victims — www.bleepingcomputer.com — 08.03.2026 17:25
The customer entered credentials on a fake bank login page, leading to an unauthorized transaction.
First reported: 08.03.2026 17:25

1 source, 1 article
Show sources
- EU court adviser says banks must immediately refund phishing victims — www.bleepingcomputer.com — 08.03.2026 17:25
The bank refused to refund the victim, arguing the customer's negligence caused the loss.
First reported: 08.03.2026 17:25

1 source, 1 article
Show sources
- EU court adviser says banks must immediately refund phishing victims — www.bleepingcomputer.com — 08.03.2026 17:25
The Advocate General ruled that under the EU Payment Services Directive (PSD2), banks must first refund the victim unless they have reasonable grounds to suspect fraud.
First reported: 08.03.2026 17:25

1 source, 1 article
Show sources
- EU court adviser says banks must immediately refund phishing victims — www.bleepingcomputer.com — 08.03.2026 17:25