Whose fault is it if my bank is hacked

Reports are piling up on social media: someone’s cell phone is stolen or stolen, and thieves are able to access their bank accounts, making voluminous financial transactions.

But what is the responsibility of banks in this situation? And what about the customers?

“Smartphones came to help us be more productive and have mechanisms that store dozens of passwords that we need to know on a daily basis. The mistake starts here”, says Felipe do Nascimento, Director of Solutions Engineering at Tanium, a cybersecurity company .

According to Nascimento, with the device unlocked, thieves gain full access to all installed applications and passwords saved on the cell phone. However, even those who do not use this functionality are at risk after a theft.

“Let’s imagine a scenario where you don’t have your passwords saved. The crooks can select the option to recover password. Almost always a new password will be sent by email, which is configured on the cell phone, or by SMS. have full access to their applications”, he explains.

Can banks avoid scams?

For Nascimento, both financial institutions and customers need to take measures to prevent damage from being great in these cases.

Banks could implement mechanisms that identify an operation that deviates from that individual’s standards, so that it is not authorized.
Felipe do Nascimento

How can customers mitigate risk?

In turn, smartphone owners should follow four tips to prevent unauthorized access to their bank accounts and, in case of theft, minimize damage:

  1. Always use complex and different passwords
  2. Use a secondary password recovery email that is not connected to your mobile
  3. Use a second authentication fact via PIN or biometrics
  4. Keep written down, in a safe place, the number of the cards and telephone of the banks to contact and block as soon as possible

“We know that it is difficult to memorize all passwords, so today there are applications that are ‘password vaults’ that can store them in an encrypted way and protected by a master password. That is, instead of memorizing dozens of difficult passwords, you would only need to know one”, declares Nascimento.

What does the law say?

According to attorney Breno Stefanini, a specialist in consumer law and a postgraduate in constitutional law, customer-bank relationships are considered within the sphere of consumption by the Supreme Court of Justice (STJ).

Therefore, in these cases, the rules established by the Consumer Protection Code (CDC) must be observed. Mainly in article 14, which establishes the civil liability of service providers:

The article establishes the following: “The service provider is liable, irrespective of the existence of fault, for the repair of damages caused to consumers by defects related to the provision of services, as well as for insufficient or inadequate information about their enjoyment and risks.”

“If this rule is analyzed in isolation, it would be easy to point out that the bank should reimburse all losses suffered by bank customers who have their accounts invaded after the theft of the cell phone”, explains Stefanini.

“It so happens that the CDC also lists some cases in which the supplier will not be held liable. There are two: when there is no defect or when it is the exclusive fault of the consumer or a third party.”

In general, banks are resistant to returning the amounts because they understand that there was customer carelessness and there is no security breach in the applications.

However, the TJ-SP (São Paulo Court of Justice) has adopted the position that financial institutions are responsible for damages suffered by customers when the transactions carried out are incompatible with the profile and consumption pattern.

“The incompatibility must be observed by the bank’s security system and, if found, the movements must be immediately blocked”, says Stefanini.

According to the lawyer, this incompatibility occurs when a client only makes transfers of low values ​​and, suddenly, a Pix with a value of R$ 10 thousand appears.

On the other hand, there is also the understanding in the courts that banks can only be held responsible after the customer reports the theft or theft of the cell phone.

“This positioning is minority, but it exists. All transactions carried out between the moment the smartphone is stolen until the moment when the customer communicates the bank would be, then, the responsibility of the customer”, he explains.

Therefore, to ensure the least possible inconvenience, Stefanini recommends that banks be notified immediately after the cell phone is stolen.

What to do in case of theft?

Febraban (Brazilian Federation of Banks) advises that, in case of theft or theft of the cell phone, the customer acts quickly to minimize damages. Firstly, one should try to erase smartphone data remotely (see more below) and then contact your bank’s customer service channel to block accounts and cards.

After blocking bank accounts, lawyer Breno Stefanini says that customers should block their cell phone with telephone operators and then file a report.

How to erase cell phone data remotely

To erase cellular data remotely, you will need another phone or computer as soon as possible.

For Android models, go to android.com/find. Enter login, password and click “Erase Device”.

For iOS phones, visit icloud.com. Enter login, password and locate your iPhone. Click “Erase Device”.

For Xiaomi phones, go to i.mi.com and login with Mi account. Click “Find Device” and finally Wipe Device” to erase your information.

About Yadunandan Singh

Born in 1992, Yadunandan approaches the world of video games thanks to two sacred monsters like Diablo and above all Sonic, strictly in the Sega Saturn version. Ranging between consoles and PCs, he is particularly fond of platform titles and RPGs, not disdaining all other genres and moving in the constant search for the perfect balance between narration and interactivity.

Check Also

Grupo Mateus (GMAT3) becomes a rocket and jumps 14%; Proved resilience and worth buying, says BTG – Money Times

For BTG Pactual, it is time to buy shares in Grupo Mateus (Image: Grupo Mateus/Disclosure) …