In IBAN victimization files, the legal liability of the bank as well as the fraudulent perpetrator is frequently brought up. The bank is under a high duty of care to protect customer assets and detect suspicious transactions. This obligation is often the subject of a lawsuit before the consumer court, and the 11th Civil Chamber of the Supreme Court of Appeals develops consistent jurisprudence in this field.
Legal Framework
- Debit Cards and Credit Cards Law No. 5464 — limited liability in card transactions
- Banking Law No. 5411 — the bank's obligation of trust and care
- Consumer Law No. 6502 — defective service, consumer arbitration committee / court
- TBK No. 6098 Art.49 et seq. — Tort liability
- BRSA and CBRT secondary legislation — remote identity verification, behavioral analytics, etc.
Typical Arguments Against the Bank
- Weak 2FA architecture: Reliance on SMS-OTP only, no device authentication / out-of-band authentication
- Lack of behavioral analytics: Unusual amounts of one-time EFTs do not generate alarms
- Device fingerprint: No additional verification when identifying a new device
- Geolocation inconsistency: Entry alarm does not work from two remote locations in a short time
- In-branch social engineering: Not questioning the unusual cash withdrawal request of an elderly/disadvantaged customer
- KYC violation: The opened account was activated with a fake identity
Customer's "Reasonable Care" Obligation
In order for the bank's liability to be accepted, the customer must also have exercised reasonable care. The following behaviors are in your favor:
- Not sharing password/OTP with anyone else
- Not clicking on suspicious SMS links
- Keeping transaction notifications on when the account is paid
- Device security (screen lock, updated operating system)
- Immediate notification to the bank in case of doubt
Consumer Arbitration Committee / Consumer Court
Disputes below a certain monetary limit are mandatory in provincial/district consumer arbitration committee; Anything above it will be seen in the consumer court. The limit is updated every year; The current limit should be checked before applying.
Delegation or court; It evaluates the bank's breach of care, the customer's fault and the fault rate together. When joint fault is accepted, compensation is awarded proportionally.
Evidence File — Practical List
Supreme Court 11th HD Perspective
The 11th Civil Chamber of the Supreme Court of Appeals adopts the "security vulnerability in the system + reasonable care of the customer" test in accepting bank liability. Neither customer fault alone completely exonerates the bank; nor does the bank's vulnerability completely relieve the customer of liability. The result often results in defect sharing
Conclusion
Bank liability in IBAN victimization is a parallel legal remedy that must be carried out together with the perpetrator. Consumer arbitration committee and court proceedings may yield results in favor of the victim with the correct evidence file; However, the distribution of faults is different in each file and exact collection cannot be promised.