Online Banking Security: Heilbronn Ruling | IT-Medienrecht

Learn how online banking security is impacted by a recent Heilbronn court ruling. Understand legal challenges & protect your finances. Get insights now.

The Heilbronn Regional Court Ruling: A New Perspective on Online Banking Security

Digital transformation has made online banking a popular and convenient way to manage finances. However, as online transactions increase, so do the number of security concerns and legal challenges.

In our practice, we are currently experiencing a significant increase in mandates and mandate requests dealing with unlawful online banking debits. A recurring theme here is the question of whether users were negligent or whether the banks’ systems offered inadequate protection. This often leads to complex liability issues.

A recent ruling by the Heilbronn Regional Court brings interesting insights to this discussion. It sheds light on the practice of using banking apps and PushTAN apps on the same device.

The Heilbronn Regional Court Ruling on Online Banking Security

In the decision of the Heilbronn Regional Court (see Heilbronn Regional Court ruling), the use of a banking app together with a PushTAN app on the same smartphone was deemed insufficient. This ruling is based on the principles of two-factor authentication (2FA) set forth in Regulation (EU) No. 2018/389, better known as Regulatory Technical Standards (RTS) for Strong Customer Authentication and Secure Communications.

Two-Factor Authentication and Independence of Elements

The RTS specify that two independent elements are required for authentication. These elements must come from two different categories. These categories are:

If both the banking app and the PushTAN app are installed on the same device, a critical question arises. Are these elements truly independent of each other?

The court’s concerns are clear: If the smartphone is compromised, for example by malware, both apps could be affected simultaneously. This significantly increases the risk of unauthorized access to the bank account.

Implications for Banks and Users

The implications of this ruling could be far-reaching. Banks may now be forced to revise their security protocols. They might also need to encourage users to use separate devices for banking and TAN generation.

This new requirement could be especially challenging for users. Many value the convenience of mobile banking and will now need to reevaluate their security practices.

Conclusion

The Heilbronn Regional Court’s ruling is a clear indication that security protocols in online banking need to be critically scrutinized and, if necessary, adapted. Both banks and customers should be prepared to take the necessary steps to ensure a secure online banking experience, even if this involves some additional effort.