Unauthorized bank charges

The implementation of digital banking has led to the proliferation of computer scams by impersonating the bank customer's identity. One of the most common is the so-calledphishing, which consists of fraudulently obtaining the user's access keys and passwords to log into their current account and dispose of their funds.

When these scams occur, banks usually refuse to take responsibility. Generally:

• They argue that the entity's obligation is to carry out digital banking operations following a pre-established and regulated process of authentication and registration of such operations.

• In addition, they claim that they cannot verify if the keys and passwords have been used by a third party.

However, the bank also has its duties of diligence, so it may have to respond depending on the case.

Based on the payment services regulations, the courts have ruled that in principle the bank is liable to its customer for unauthorized payment transactions, i. e., those in which the user's consent is lacking, whether due to loss, theft, or unauthorized use of a payment instrument (for example, if you have lost or had your credit card stolen and it has been used without your consent, or if someone has electronically accessed your account and made transfers or payments through Bizum).

In these cases, if the customer denies having authorized the payment transaction already executed, the bank must rectify said transaction and immediately refund the money, or at the latest, by the end of the next business day after being notified of the unauthorized transaction. However, it is necessary that the incident is reported without undue delay and, in any case, within a maximum period of 13 months from the date of the debit.