A bank was sentenced to return to a customer the money extracted from his account by cybercriminals through “Bizum” and “online” transfers.
The “SIM swapping” is a type of scam that consists of fraudulently duplicating the SIM card of a person’s cell phone by impersonating their identity, and then, once the victim is left without telephone service, accessing their personal information and taking control of their digital banking using the verification SMS that arrive at the phone number.
A recent judgment of the Provincial Court of Zaragoza (AP) has pointed out the following about the responsibility for the swindled money:
If the user denies having authorized a payment transaction already executed or alleges that it was executed incorrectly, it is up to the payment service provider to prove that the transaction was authenticated, accurately recorded and accounted for, and that it was not affected by a technical failure or other deficiency in the service provided by the payment service provider.
The payment service provider must promptly refund the amount of the unauthorized transaction and in any event no later than the end of the business day following the day on which it observed or was notified of the transaction.
The exception would be if there was a breach or gross negligence in the protection of the personalized security credentials, and in case of loss, theft or misappropriation, to notify it without delay. Generic warnings from banks cannot be used to impute responsibility for what happened to negligence on the part of the user.
It has been within a process initiated by an online banking user who claimed from the provider the amount of 15 transfers “Bizum” or made through the electronic banking platform in favor of criminals known to the Police. It was through the mobile line owned by the wife, using a duplicate SIM card.
The bank evaded responsibility by stating that the operations were correctly authorized and registered in its computer systems, and the operations were perfectly documented, with no evidence of simulation or fraud, since they were carried out correctly, duly identified with the keys and passwords provided. In any case, the data were stolen from the client, who, remember, receive personalized warnings, notices and advice on how to act.
However, the AP understands that the bank has not accredited that this client committed any negligence. They were attacks that have little to do with the user’s behavior and can and usually go unnoticed.
He adds a generic appeal to the banks: If the new technologies have given them advantages such as lower costs, including the closing of branches and the dismissal of employees (turning customers into a kind of unpaid employees), it is only fair that they take on that margin of risk that has been introduced precisely by the use of new technologies and that before, when operations were carried out in person, was non-existent.
What is sim swapping and how can you avoid becoming a victim?
Sim swapping is a type of illicit practice carried out by cybercriminals with the aim of intercepting the data traffic that circulates through our mobile devices. This technique consists of exchanging our SIM card for that of the attackers, which allows them to access our bank accounts, social networks and instant messaging applications, among others. To carry out the sim swapping process, cybercriminals need to know our personal data, such as our ID card or telephone number, and simulate an identity theft from our telephone company.
To avoid becoming a victim of sim swapping, it is important to take extreme precautions when using your cell phone and social networks. First of all, it is advisable to set up a security PIN to make it difficult to carry out banking transactions, for example. In addition, personal and confidential data should never be shared with strangers, either by telephone or e-mail.
It is also advisable to deactivate the roaming option, since in this way it will not be possible to make calls or send text messages from another country. Finally, it is very important to establish additional security measures, such as the use of two-factor authentication to protect our accounts against possible attacks.
In short, it is a matter of common sense and prudence to avoid becoming a victim of sim swapping.
If you find yourself in a situation similar to the one described above, our professionals can provide you with the appropriate assistance and take whatever action may be necessary.