Bank scam

Can the bank be held liable for a scam?

Publié le 13 février 2025 - Directorate for Legal and Administrative Information (Prime Minister)

Mr. and Mrs. H. make 2 bank transfers from their joint account to purchase a motor vehicle. They communicated the seller’s unique identifier (IBAN) electronically to their bank. But a few days later, the seller did not receive the funds. A third party hacked into the couple’s email and substituted their unique ID for the seller’s. Can the bank be held liable?

When the bank refuses to return the embezzled sums and pay damages, the spouses take the matter to court. They consider that the bank can be held liable.

The Court of Appeal first recalls the principle laid down by the Monetary and Financial Code (CMF, Article L. 133-21), according to which: the payment service provider shall not be liable for the incorrect or non-execution of a payment transaction if the unique identifier provided by the payment service user is inaccurate.

It considers, however, that the bank could be held liable for failure to observe its duty of care. With that obligation, it is its duty to check that there is no apparent anomaly in the transactions submitted to it.

The Court of Appeal found that the bank executed the transfer on the basis of a unique identifier contained in a simple email. It did not mention the address of either the beneficiary or his bank. The Court of Appeal grants the spouses the right.

The bank took the matter to the Court of Cassation. In its view, the liability of payment service providers can only be incurred on the sole basis of Article L. 133-21 of the Monetary and Financial Code, without recourse to another liability regime which would be based, in the case cited, on a general duty of care.

Can the bank be held liable for failure to comply with its duty of care when it executed the transfer on the basis of the wrong unique identifier provided by Mr. and Mrs. H?

Service-Public.fr is answering you :

The Court of Cassation, in its decision of January 15, 2025, overturned the Court of Appeal’s judgment and ruled in favor of the bank.

It considers that, in the case of unexecuted or poorly executed payment transactions, only the liability regime defined by Article L. 133-21 of the Monetary and Financial Code applies.

Thus, the liability of the bank cannot be sought on the basis of a breach of its duty of care, since the payment at issue was executed in accordance with the unique identifier provided by the H spouses.

Since the Court of Cassation annuls the decision of the Court of Appeal, the case of Mr. and Mrs. H. is referred to another Court of Appeal which will have to apply the principle laid down by the Court of Cassation.

Agenda