OLG Dresden: Sparkasse is 20 percent liable for phishing fuss!

OLG Dresden: Sparkasse is 20 percent liable for phishing fuss!

In a directional decision, the Dresden Higher Regional Court found on June 5, 2025 that a Sparkasse bears a complicity of damage from a phishing attack, even if the customer concerned is considered gross negligent. This decision, which was made under file number 8 U 1482/24, could have far-reaching effects on the protection of bank customers and shows that credit institutions can also be held responsible for inadequate security precautions if there are online banking fraud, such as Anwalt.de reported.

In the underlying case, a Sparkasse customer was delivered a deceptively real phishing email in which he was asked to enter his access data on a fake website. The customer who believed that he had to carry out necessary updates not only gave his login data prize, but also authorized transfers via the S-Pushtan app without the recipient data or amounts being displayed. Ultimately, more than 50,000 euros were transferred from his account. The court decided that the Sparkasse had to replace the plaintiff 20 percent of the damage, i.e. around 10,000 euros, because it was held responsible for the defective security measures.

shared responsibility in online banking

In the judgment, it became clear that the account holder acted grossly by negligence by transmitting sensitive data, but also the Sparkasse is also obliged to take appropriate security measures. The bank's criticized approach only included entering the user name and PIN in the online access, which was not sufficient for the requirements for strong customer authentication in accordance with § 55 ZAG, so rectangle

experts are surprised by the shortcomings under protection against online banking fraud. According to a report by tagesschau.de , up to 80 percent of the fraud in online banking does not lead to compensation for the customers concerned. The need for better protection is required by state supervisors and consumer advocates.

The challenges of consumer protection

Another example illustrates how difficult the situation is for many bank customers. Angelika Brunner, a customer of the Sparkasse, was the victim of a so-called "Imperspart Frau", in which fraudsters exposed themselves as bank employees and asked them to reinstall their Pushtan app. The Sparkasse refused to reimburse the 4,154.88 euros that Brunner had lost and referred to gross negligence. In many of these cases, experts do not see any gross misconduct of customers, which could initiate the discussion about reforming liability in online banking.

The European Commission plans to make adjustments to the liability regulations of the PSD2 payment service guideline in order to strengthen consumer protection. In particular, compensation should be guaranteed in the case of unauthorized payments, provided that the incidents have been reported to the police and the bank immediately.

These developments indicate that both banks and customers are responsible for minimizing the dangers in digital payment transactions. With a growing trend towards cyber crime it becomes clear that continuous improvements in the security area are indispensable in order to preserve the trust of consumers.