The odyssey of a client to recover the 40,000 euros that were stolen by cloning the card: "I felt alone and unprotected by the bank"

When in 2019 Carlos -figurative name- discovered an important break (

of hole) in his current account, in addition to anger, uncertainty or fear, he felt bewilderment.

The charges, perfectly detailed in the matter of transfers, alluded to a vacation that he had not lived.

Mentions of renting yachts or houses in Ibiza, a life of luxury that, however, closed the doors of other more mundane ones, such as the entrance of a flat.

Everything, because at some point

, which also made it take him longer to realize what had happened.

Now, finally, a judge has said that the bank has to return the money.

"Look, I was afraid of these things and I didn't even have the bank's application," recalls the affected person with some resignation.

Thus, he limited himself to entering "sporadically on the page with the computer", which was just what he did on Monday after a weekend of thefts.

"I got the silly face you can imagine," he explains.

At that time he did not know it, but, in addition to the robbery, an odyssey began that three years later still continues, although with a sentence in his favor.

After going to the BBVA branch, he found out how the theft had taken place: after somehow cloning the card - he still does not know how it could have been - and obtaining his pin number,

.

The entity notified of this, but with an email that ended up in the spam folder.

"I felt alone and unprotected by the bank," laments the affected person, who was 39 years old at the time.

"They said that the phone could not be changed from the ATM, but then they took out the report of all the operations of those days and it was there."

He also complains that, unlike a robbery or even a case of phishing, he couldn't report it before because he wasn't aware of what was happening: "They said it was my problem, but I hadn't reported anything because I didn't I had never lost the card".

Three years later, the 99th Court of First Instance in Madrid has sentenced BBVA to return the stolen money, plus interest, to the customer.

According to the sentence, if the entities consider that the users committed negligence that allowed the criminal to seize their savings, they must provide evidence of this.

The document cites article 44 of RDL 19/2018, which "imposes on the financial institution the burden of proof that the user of the payment service committed fraud or gross negligence in cases in which the user denies having authorized a payment already executed or alleges that it was executed incorrectly".

In other words, if the bank says that there should have been a confirmation from the client, such as entering a password received in an SMS, and the latter maintains that they did not do so, it

.

In addition, with regard to the "obligations of the parties", the sentence also tries to clarify what the role of each one should be, by means of a new appointment -in this case, the resolution of a higher instance, the Provincial Court from Lleida.

Thus, he points out that "as far as the consumer is concerned,

, while with respect to the banking entity, the diligence required is that of a professional."

On the other hand, it is argued, also based on the previous resolution, that in the face of the risk of cloning "it corresponds to the banking entity (which provides the card and profits by charging commissions for its possession and use) the obligation to adopt all the means at its disposal to achieve the effectiveness of the system, which requires that transactions be carried out within a framework of security guaranteed by the entity".

In this sense, if the system fails, and except for gross negligence or in the case of fraud, "the direct responsibility of the entity must be proclaimed".

In the opinion of

, Asufin's collaborating lawyer who has handled the case, there are two important keys to this whole matter.

The first, the court's decision to transfer to the banks the need to demonstrate the misuse of their services.

The second, the importance of denouncing these crimes.

"We are facing a case that is very far from the average," explains Royo.

"In these matters, they usually don't reach 3,000; they usually do two or three charges," he points out, and "

."

And that, he recalls, "the bad guy himself knows it, that's why they play with those amounts."

Royo agrees with the decision made by the judge and considers that the entity is responsible.

"The bank defended itself by saying that they cannot be responsible if we have clicked or if our card has been stolen... Well, if they are not responsible, turn it off and let's go."

In addition, he is hopeful about a "devastating" sentence, which he believes will not be appealed, although the company has requested clarification.

Carlos, for his part, is "disheartened", but, after three years of legal journey, he is more pragmatic: "I had already made up my mind that I had lost him, so if he comes, then welcome."

How to avoid fraud

Patricia Suárez, president of the Association of Financial Users, explains that in the face of new digital frauds, traditional advice continues to be "fully valid".

That is, complex passwords -with letters, numbers or symbols- that are not repeated and that are changed over time.

"It is also advisable to have up-to-date equipment, including smartphones, to implement the improvements offered by companies in terms of security," says Suárez.

And, on the other hand, "be especially attentive to the security loopholes that cybercriminals take advantage of", so it is not recommended to open links or SMS that ask for data or carry out suspicious actions, such as logging into an account or downloading applications or programs.

In the event that it is too late, it is best to immediately contact the bank and the police to make the corresponding report.

Conforms to The Trust Project criteria

Know more

• Companies