A new Development Ministry bill provides for the compensation of bank customers should they become victims of electronic fraud, such as the theft and use of their debit card PIN, even if this is due to their own negligence.
The compensation will be provided subject to conditions and for amounts over 1,000 euros, as the responsibility is expected to be fully borne by the cardholder in cases where the amount is less than that.
This regulation is expected to bring relief to many customers, especially as phenomena of electronic fraud, mainly through the misappropriation of passwords (phishing), is showing an increasing trend. There is no lack of criticism of this regulation, as some quarters claim that banks will lower the limit of electronic transactions to €1,000 in order to protect themselves from people who will abuse it and seek damages.
Article 22 of the bill under consultation provides that cardholders are liable up to a maximum amount of €50 for losses from the execution of unauthorized payment transactions which result either from the use of a lost or stolen means of payment or from its misappropriation. If a fraudulent transaction of a larger amount has been made, the difference is covered by the bank – as has been the case since the law was introduced in 2018.
However, if the loss is due to gross negligence, the client is liable up to a maximum amount of €1,000, taking into account in particular the nature of the personalized security credentials and the special circumstances in which the means of payment was lost, stolen or embezzled. This is the new element, namely the compensation of the consumer for amounts above 1,000 euros, even if it is a case of gross negligence.
As pointed out in the analysis of the consequences of the regulation accompanying the bill, the relevant European Union directive allows member-states to reduce the limit of the payer’s liability in the absence of malice/intent, making it possible to legislate a limitation of the payer’s liability in the case of severe negligence.