Whether credit card fraud at booking.com, fake emails in the name of major banks or data theft via companies such as Facebook and vinted: the scams used by fraudsters to obtain your account and payment details are becoming increasingly sophisticated. This clever approach often means that police investigations and chargeback attempts by banks come to nothing.

Have you been the victim of online banking fraud? Report the incident to your bank and the police. If the fraudsters responsible cannot be identified, you should file a claim for damages against your account-holding bank. As banks rarely act cooperatively here, legal support is often required to enforce your claim. In a free initial meeting, we offer you a clear view of the next steps in your case.

The most important facts in brief

  • We experience it with our clients: Online banking fraud scams are very diverse and almost all banks are affected by phishing in particular
  • If you have been the victim of a phishing attack, you should report the incident to your bank and file a complaint with the police
  • According to the law, the bank must pay compensation in the event of fraud. If they refuse to accept liability, you should seek advice from a lawyer

Who pays for the damage caused by phishing, pharming and the like?

As a victim of fraud, you are generally entitled to compensation. If, for example, you have not authorized a transfer and have not breached your contractual obligations, your bank must pay compensation in accordance with §§ 675 u BGB ff.

A payment transaction is considered unauthorized if the transaction was not knowingly and intentionally approved by the account holder or an authorized person. This also applies if the fraudsters have managed to carry out the transfer with your help, e.g. when you receive a call from a supposed employee or by entering data on a fake website. It only becomes difficult if you have authorized the transfer yourself. But in this case, it may still be possible to assert claims.

If the money was sent abroad via a German interim account, you may be entitled to compensation from the account holder. In the legal field, this intermediate figure is referred to as a financial agent.

But even if the transaction went directly abroad: Your bank is generally obliged to reimburse you. After all, the transfer was made without your knowledge or consent. Only if the fault is legally on your side is your bank released from its obligation.

If you have breached your contractual obligations, it must be clarified whether your conduct was grossly negligent.

As the account holder concerned, you must not breach your duty of care. In online banking, you act with gross negligence if you seriously violate the due diligence required for payment transactions. This may be the case in particular if you disclose your online banking access data to a third party by telephone or e-mail.

The burden of proof regarding the breach of your duty of care lies with the bank in the first step(§ 675l BGB). Only when the latter has proven that it cannot be otherwise than that you have passed on the data do you have to demonstrate that you are not responsible for this.

In its ruling of June 5, 2025 (Ref. 8 U 1482/24), the Higher Regional Court of Dresden decided that a savings bank had to assume part of the loss in a specific case even though the customer had acted with gross negligence. This makes it clear that the bank may be liable in individual cases even if it breaches its duty of care.

Invitation to a free initial meeting

Clarify in a short time what next steps you should take and what your chances are in your individual case.

Make an appointment

Types of online banking fraud

Online banking fraudsters use numerous tricks to steal your money. The most common scam is phishing.

Here, the criminals send you links in e-mails that direct you to a fake bank website. Under the pretext of a fictitious problem, you are asked to disclose your account number and other data at this point. A phone call is also one of the popular scams where you are asked to access your account.

Unfortunately, the online banking fraudsters are so well positioned that the fake websites hardly differ from the original websites. The calls also appear to be made by authentic bank employees. It is particularly important that you never disclose your access data or TAN numbers by e-mail or telephone. A reputable bank will never ask for access to your bank account.

In addition, the fraudsters exploit loopholes that arise when changes are made to online banking software. For example, when switching to 2-factor authentication. Here they send numerous e-mails with a notice about the upcoming change of the authentication method. These e-mails contained fraudulent links asking users to install the new procedure themselves. A classic case of phishing.

Transfer fraud in online banking

Simple bank transfer fraud, on the other hand, hardly ever occurs among private individuals. For this scam, the fraudsters find out the bank customer's account details and submit a transfer. Alternatively, the criminals make use of the printed transfer forms by stealing them from the bank and manipulating them. The course of events is much easier to prove in the case of a forged bank transfer.

Under these circumstances, the bank is at fault, as it is obliged to carefully examine the risk of forgery. This not only applies to large banks such as Sparkasse, Postbank & Co. Smaller banks must also ensure sufficient security.

"Because of an unjustified credit card charge on my Barklays credit card, I called Ms. Ruppel, who answered the phone immediately and advised me competently, friendly and free of charge on how to proceed. Simply excellent! Where else can you find something like that today (in the age of AI-supported waiting loops)? Many, many thanks!"

Client in an online banking fraud case

Account opening fraud in online banking

Data leaks also enable yet another method of online banking fraud. Using stolen or forged documents, the fraudsters open a bank account that they use for two options. Firstly, they submit a series of direct debits for the account details. As soon as the money is in the account and before the bank can recognize the fraud, the money flows abroad. In this case, the bank bears the loss.

Secondly, fraudsters can use a forged signature to obtain a debit card and use it to make purchases at various businesses. The merchant usually bears the loss here. The University of Bonn provides an Identity Leak Checker that you can use to check whether your information has been stolen.

However, a financial agent has nothing to do with this attempted fraud. While an account is opened with a false identity, the fraudsters use a real person for a financial agent.

Protection against online banking fraud

The mere suspicion of online banking fraud should prompt you to take action. Contact your bank immediately and have the account and all cards blocked. You can do this online at Sparkasse, Commerzbank and many other major banks. Check your bank statements and card debits.

If you are the victim of attempted fraud, report it to the police. It can help to create a memory log as soon as possible. Keep a written record of which events took place and when. The more details you can provide, the better. Save e-mails and text messages using screenshots and note the content of any phone calls, together with the date and time.

You should also contact a lawyer specializing in banking and capital market law. This will help you to enforce your claim for damages. Experience shows that the banks usually do not want to pay the refund.

The most important thing, however, is prevention. In their own interest, bank customers should never communicate their account details, TAN numbers and personal data by telephone, text message or e-mail.

How to get your money back with CDR Legal

In the event of fraud, banks initially assume that you as a customer have acted with gross negligence and must bear the loss yourself. However, this assumption does not always correspond to the legal situation. That is why we regularly represent clients affected by online banking fraud and enforce their claims with our many years of experience and expertise in banking and financial law.

Book
a free initial meeting

Arrange a free, no-obligation meeting with us to tell us about your case and clarify the next steps. You are then free to decide whether you would like us to handle your case.

F.A.Q.

Who is liable for an emptied account?

According to §§ 675 u BGB ff, your bank must pay compensation. You are only liable if you have breached your duty of care, for example by carelessly passing on your PIN or TAN or storing them in an insecure manner. It therefore always depends on the individual case.

What to do after online banking fraud?

If you suspect online banking fraud, you should contact your bank immediately to prevent any further damage. It is also advisable to file a complaint with the police. The support of a legal advisor can help you to protect your own interests and claim any damages you may have suffered.

How can you recognize online banking fraud?

Phishing emails are usually unprofessional and address you impersonally ("Dear customer"/"Hello"). It is important to know that your bank never sends e-mails with links that lead to websites where you are supposed to enter your personal data. Pay attention to the sender address of the message and always check that the URL address is correct before entering your online banking access data.

What types of online banking fraud are there?

There are several types of online banking fraud, including phishing, identity theft and malware attacks. Essentially, these scams aim to steal your sensitive banking information. If you have any suspicions, you should contact your bank immediately and take legal action.

How do you protect yourself against online banking fraud?

Secure your online banking with strong passwords and two-factor authentication. Do not open any suspicious e-mails and do not click on unknown links. Never pass on confidential information to others. In particular, no bank employee will ask you on the phone or by e-mail to give out your login details or to confirm TANs sent to you using an online banking app installed on your smartphone. Do not carry out such actions.

Is the damage caused by online banking fraud fully compensated?

Usually, account holders have at least partially breached their duty of care, while the greater part of the blame for the fraud lies with the bank. A settlement is therefore often reached between the bank and the account holder. The damage is therefore not fully compensated. The amount of the settlement depends largely on the facts of the case and the negotiating skills.

Is there a maximum liability limit for the bank in the event of fraud?

Under German law, the bank is generally obliged to bear the loss in the event of unauthorized transactions. However, the customer's liability may be increased if he has acted with gross negligence, for example by keeping his PIN together with the card or passing on his access data to third parties. However, there is no general maximum liability limit, as this depends on the circumstances of the individual case.

How quickly do you have to report bank transfer fraud?

If you suspect bank transfer fraud, you should act immediately and inform both the bank and the police. The faster you take action, the greater the chance of stopping the transactions and avoiding further damage.

Wie hilfreich fanden Sie den Artikel?

Klicken Sie auf die Sterne, um den Artikel zu bewerten

Durchschnittliche Bewertung: 4.6 / 5. Anzahl der Bewertungen: 153

Bisher gibt es keine Bewertungen des Artikel

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?