Advocate General Athanasios Rantos has advised that under PSD2 banks must immediately refund customers for unauthorised transactions even when the customer’s negligence contributed to the loss. Banks may later seek recovery from the customer only if they can prove intentional conduct or gross negligence, and any suspicion of customer fraud must be communicated in writing to the competent national authority. #PKOBP #PSD2
Keypoints
- The opinion arose from a dispute between PKO BP S.A. and a customer victimised by a phishing scam.
- The AG states banks must promptly refund unauthorised transactions under PSD2 unless they have written grounds to suspect customer fraud.
- The phishing attack used a fake bank login delivered via a malicious link after an auction-platform sale listing.
- Banks can pursue reimbursement from customers only if they can prove the customer acted intentionally or with gross negligence regarding personalised security data.
- The Advocate General’s opinion is advisory and signals the CJEU’s likely direction, but the final CJEU ruling will be binding on EU courts.