Fraud through Apple Pay: A recent ruling by the Regional Court of Cologne and its implications

Introduction

In everyday practice, there are always clients who have fallen victim to fraud through Apple Pay. These cases require careful examination in order to clarify responsibilities and possible claims for reimbursement. A recent ruling by the Regional Court of Cologne (case no. 22 O 43/22) provides important insights and could serve as a precedent.

The judgment of the Cologne Regional Court: Reimbursement for spoofing fraud

The Regional Court of Cologne has ruled that a bank must reimburse a customer 14,000 euros that were lost as a result of fraud by means of spoofing. Spoofing is a fraud method in which attackers falsify the telephone number or e-mail address of a trustworthy sender in order to obtain sensitive data. In this case, the plaintiff was tricked into disclosing his online banking details by a fake email.
The court found that the bank had breached its duty of care by failing to implement sufficient security measures to prevent such attacks. The reasons for the ruling state: “The defendant failed to take appropriate technical and organizational measures to prevent the misuse of online banking data”.

Significance for banks and consumers

This ruling is an important step towards strengthening consumer protection in the digital age. It shows that banks are obliged to continuously review and improve their systems in order to protect their customers from increasingly sophisticated fraud methods. For start-ups and solopreneurs in the IT sector, this is a clear signal that investment in cyber security is not only necessary, but also legally required. The decision of the Cologne Regional Court underlines the importance of robust security measures and could serve as a precedent for future cases of online banking fraud. It remains to be seen how other courts will react to similar cases, but this ruling sets a clear standard for the responsibility of banks in the digital age.

Similar judgments and their relevance

The judgment of the Regional Court of Cologne is one of a series of decisions concerning the liability of banks in cases of online banking fraud. The Munich Local Court ruled that passing on a TAN over the phone is to be classified as gross negligence (Munich Local Court, judgment of 05.01.2017 – 132 C 49/15). Similarly, the Regional Court of Cologne ruled in an earlier case that a bank customer acted with gross negligence if they followed the telephone request of an alleged bank employee to send them a TAN to change their previous password and PIN (Regional Court of Cologne, judgment of 10.09.2019 – 21 O 116/19).

These rulings make it clear that case law sets clear standards as to when gross negligence is present and when it is not. Banks must therefore not only improve their security measures, but also better inform their customers about the risks and rules of conduct in online banking.

Author: Marian Härtel

Marian Härtel ist Rechtsanwalt und Fachanwalt für IT-Recht mit einer über 25-jährigen Erfahrung als Unternehmer und Berater in den Bereichen Games, E-Sport, Blockchain, SaaS und Künstliche Intelligenz. Seine Beratungsschwerpunkte umfassen neben dem IT-Recht insbesondere das Urheberrecht, Medienrecht sowie Wettbewerbsrecht. Er betreut schwerpunktmäßig Start-ups, Agenturen und Influencer, die er in strategischen Fragen, komplexen Vertragsangelegenheiten sowie bei Investitionsprojekten begleitet. Dabei zeichnet sich seine Beratung durch einen interdisziplinären Ansatz aus, der juristische Expertise und langjährige unternehmerische Erfahrung miteinander verbindet. Ziel seiner Tätigkeit ist stets, Mandanten praxisorientierte Lösungen anzubieten und rechtlich fundierte Unterstützung bei der Umsetzung innovativer Geschäftsmodelle zu gewährleisten.