top of page

Responding to a phishing email may constitute gross negligence!

A bank customer responds to a phishing email. Sums are unduly deducted from his account.

The victim who had admitted during the trial, having replied to the fraudulent e-mail, asked the bank to reimburse the sums misappropriated.

The trial judges ordered the bank to reimburse the amount of the disputed transactions, ruling out any serious negligence on the part of the victim.

gross negligence

The Court of Cassation censures the decision of the first judges on the grounds that they did not investigate whether the fact that the victim had responded to a phishing email was not the result of a breach of that by gross negligence.

Article 133-19 of the Monetary and Financial Code provides that:

“IV. – The payer bears all the losses caused by unauthorized payment transactions if these losses result from a fraudulent act on his part or if he has not intentionally or through gross negligence fulfilled the obligations mentioned in articles L.133- 16 and L.133-17 [of the monetary and financial code]”.

And article 133-16 of the financial and monetary code: "As soon as he receives a payment instrument, the payment service user takes all reasonable measures to preserve the security of his personalized security data..."

Cass com 03/10/2018 n°17-21395


bottom of page