By George Skampoulos, Associate LL.M
A draft bill of the Ministry of Development that regulates, among other things, issues related to electronic fraud and the status of theft or accidental loss of credit and debit cards has already been put to consultation and is expected to come into force next month. The justification for the regulation is the rapid rise in cases of electronic fraud (phishing), via fake websites, emails or alerts, through which perpetrators obtain or hijack the secret passwords (“PIN”, “TAN”) of users of electronic banking services. A relevant survey by the Bank of Greece showed that the number of fraud transactions in the first half of 2022 amounted to 136,153 with the value of fraud transactions amounting to EUR 6.24 million. The vast majority (117,000) of fraud incidents involved transactions without physical presence.
Following the above, the Greek legislator establishes an obligation for banks to return money to the accounts of victims of electronic fraud, even if the victim has shared their personal data to third parties through gross negligence. It is worth mentioning that the regulation is not universally applicable but concerns money transfers of more than a thousand euros. In other words, the new legislation provides that up to EUR 1,000, the e-banking cardholder is responsible, and no claim for reimbursement by the banking institution arises.
In addition, the new regulation genuinely resolves the practical issue of the theft or accidental loss of credit or debit cards. In this particular case, a time problem arises because a short period of time may elapse before the user can report the loss or theft, but long enough for the accidental or unlawful acquirer of the credit or debit card to proceed with electronic transactions. The legislator therefore provides that, with the exception of the first EUR 50, which is charged to the cardholder, banks are obliged to reimburse the difference between the EUR 50 and the amount of any electronic transactions made by the accidental or unlawful acquirer of the credit or debit card, unless the loss or theft could not have been detected by the payer before the payment transaction was made; or (b) the loss was caused by the acts or omissions of an employee, agent or branch. The abovementioned regulation does not invalidate any individual liability of the payer for the entire amount.
In conclusion, the implementation of the new regulation will provide a legal safeguard for users of electric banking services and will resolve practical issues that occur frequently in practice.