Victims of bank fraud who lose their money due to unauthorized payment transactions often face an uphill battle against banks. Evidence is often lacking about how fraudsters authorized the payments, which reduces the likelihood of a successful lawsuit.

Past challenges

In the past, it was difficult for victims to win their case, especially if they could not prove how the payments were authorized. Judges require victims to explain exactly how the fraud was carried out (the “aggravated proposition requirement.”) They usually could not explain this well because it requires technical data that they do not have. The claim for damages was then dismissed because the plaintiff could not meet the burden of proof. The case law also showed that banks often successfully invoked the customer’s gross negligence, which removes the bank’s liability. This led to a situation where victims often had the disadvantage of not being able to describe the facts, or were given the benefit of the doubt that made the other side right. Banks could suffice by questioning the fraud victim’s account without providing technical information about the circumstances of the fraud.

A new course?

A recent ruling by the Amsterdam District Court (Jan. 22, 2025, ECLI:NL:RBAMS:2025:404) offers new hope. This ruling recognizes the unequal information position between customers and banks and states that banks have an obligation to share relevant information at their disposal to restore procedural equality. This can alleviate the burden of proof for victims and increase their chances of success in court cases.

The importance of log files

Log files are crucial in cases involving unauthorized payment transactions. They can include detailed information about transactions, such as the number of failed login attempts, the location from which the transactions were performed, and the method of authentication used. This information is usually shielded by banks, but can help the plaintiff prove that the payments were not authorized by the customer but apparently by fraudsters, such as in the case of a phone theft, and that there was no gross negligence (for example, by writing the PIN on a bill and keeping it in the phone’s case). By accessing these log files, victims can prove that the fraud did not happen because of their actions, but was, for example, the result of phone theft, after which the fraudsters gained access to Internet banking. The circumstance is exactly what has been virtually unprovable in lawsuits until now, so plaintiffs could never actually win a lawsuit, essentially suggesting that the victim had robbed himself.

Implications for future cases

This development is positive because it corrects the power imbalance between litigants and ensures a fairer trial. It is now possible for victims of bank fraud to have better access to crucial information needed to support their case. This could lead to more transparency from banks about fraud and better protection of consumer rights. In the future, log files and other technical data will allow victims to better prove that the bank is responsible for failing to block transactions in a timely manner or provide adequate security. Other types of information, such as unusual transaction reports, may also come into play (especially in case law on duty of care to third parties, which requires the bank to have subjective knowledge of the fraud; this can be inferred, for example, from FIU reports).

Conclusion

The Amsterdam District Court’s recent ruling offers new opportunities for victims of bank fraud. Requiring banks to share relevant information will restore procedural equality and allow victims to better prove that the fraud was not their doing. This development is a step toward greater transparency and better consumer protection. It is now up to victims and their lawyers to take advantage of these new opportunities and make the fight against bank fraud more effective, and it is up to banks to make online banking and banking via apps as secure as possible to recognize and block unauthorized payment transactions.