In a context of increasing litigation related to Computer crime and use of home banking platformsIn the case where constant operational availability contrasts with customer service channels with limited operations, Chamber A of the National Chamber of Commerce confirmed the responsibility of a banking company for failing to provide effective and timely service to a customer while a digital fraud was unfolding, culminating in the emptying of their accounts and the taking out of a loan in their name.
The case: cell phone theft, online fraud and lack of reaction from the bank
In the case “A., C. c/ Banco GGAL SA s/ ordinary“, published in Microjuris.com.ar, the actress reported that she was the victim of the theft of her mobile phone on a Sunday evening. Although they tried to maintain the confidentiality of her data by remotely wiping the device, the criminals managed to access her bank accounts and carry out several operations: withdrawals in pesos and dollars, as well as taking out a personal loan.
The woman warned in real time about the draining of his accountsas I received automated emails informing me of every movement. Against this background, he repeatedly tried to communicate with the defendant bank through all available channels – email, telephone, social networks and direct contact with his advisor – without receiving an effective response for almost three days.
The critical period also coincided with the Carnival holidays, which left the user without personal attention while operations could continue to be carried out without time restrictions.
The verdict of the first instance: responsibility for not responding in a timely manner
The judge partially upheld Carolina Ausias’ lawsuit against HSBC Bank Argentina SA – currently Banco GGAL SA – and ordered the company to pay damages for direct damage, moral damage and psychological damage.
In making the decision, the judge considered it proven that the illegal banking transactions were not a consequence of the customer’s negligent behavior, but were made possible by two simultaneous factors: the breach of the stolen cell phone and, in particular, the Lack of timely response from the bank given the plaintiff’s repeated attempts to contact her.
The judge emphasized that, as the computer report showed, the client attempted to communicate with the company almost immediately after the theft and in the hours that followed, while the fraudulent movements continued to be carried out. However, the bank did not take effective action until the next working day after the Carnival holidays, so the fraud continued for a longer period of time.
In this context, the judgment found that the banking company in its capacity as professional provider and collector of public fundscouldn’t fulfill his Duty of care and securitya duty that, as made clear, is not limited to the physical realm but also extends to digital platforms.
Regarding the compensation items, the judge acknowledged the direct damage related to the interest not received and recognized an amount for it moral damage because of the psychological impairment suffered by the plaintiff and compensation awarded psychological damagebased on the expert opinion that diagnosed post-traumatic stress disorder. However, it rejected the application for punitive damages on the grounds that neither intent nor gross negligence had been proven.
The appeal of the parties
Since the plaintiff was dissatisfied with the verdict, he appealed primarily against the amount of compensation awarded and the rejection of punitive damages.
Regarding the moral damageclaimed that the amount assessed did not adequately reflect the extent of the suffering suffered, stressing that he remained without response for several days while he watched his accounts being emptied and a loan taken out in his name. He explained that this situation created a persistent state of anxiety that went beyond the inconvenience associated with a breach of contract.
Regarding the psychological damagequestioned that the judge did not take into account the cost of therapeutic treatment and claimed that comprehensive repair should take into account not only the diagnosed disability but also the costs required to correct it.
Finally he insisted on the origin of the Punitive damageson the grounds that the bank’s conduct constituted serious disregard for the consumer and that, in the event of an individual lawsuit, direct evidence of fraud should not be required in order to bring a lawsuit.
The banking institution, for its part, appealed against the judgment, claiming that there was no causal connection between its conduct and the damages claimed. He stated that the damage suffered by the plaintiff was entirely a result of the theft of the mobile phone and the criminal acts of third parties.
The bank claimed that its security systems were working properly and that the operations could only be carried out because the criminals accessed the customer’s credentials. He also noted that after receiving the police report, he activated his anti-fraud protocols, blocked the accounts and restored the funds, which he said was evidence of diligent action.
He also questioned the origin of the moral and psychological damage, arguing that an independent spiritual impairment attributable to the character had not been established and that the psychological suffering diagnosed was due to the violence of the robbery and not to the banking operations.
The central issue: not the security of the system, but the late reaction
When analyzing the case, the chamber made the distinction Subject of non-compliance attributed to the bank. Neither a structural flaw in the computer security system nor the robustness of the authentication mechanisms (tokens, biometrics, keys) were assessed, but the delay and ineffectiveness of customer service channels facing an emergency situation.
The court emphasized that digital banking enables transactions and the receipt of loans 24 hours a day, seven days a week, while effective human attention is limited to working days and certain hours. This asymmetry was considered relevant to the analysis of responsibility.
A business decision to limit customer service hours may be legal in the abstract, but it does not relieve liability if that decision causes concrete harm. The Chamber understood and recalled that illegality can be defined not only by the violation of an express rule, but also by the violation of the legal system as a whole.
From this perspective, he emphasized that the bank, as a professional provider, has a stricter security obligationsbased on both the Consumer Protection Act and the principles of the Civil and Commercial Code. He added that computer fraud is an inherent risk in modern banking and is not an unforeseeable or inevitable event.
The causal relationship: the importance of time and omission
One of the central focuses of the judgment was the assessment of the Causal relationship. The Chamber emphasized that the fraud did not occur in a single act, but rather spanned several hours during which the plaintiff attempted to communicate with the bank at least twenty times.
In this context, he concluded that the lack of an effective communication channel contributed to the criminals continuing their activity. The court held that the bank’s omission had a causal influence on the occurrence of the damage and excluded the application of the defense of a fortuitous event or a fortuitous act of the injured party.
Moral damage confirmed and psychological damage revoked
As for them moral damagethe chamber confirmed its origin. He considered the change in the plaintiff’s peace and mental calm to be proven, both by the content of the messages sent to the bank – many of them at night – and by the medical records, which reported gastritis and referred to rest.
However, it revoked the compensation for psychological damageunderstanding that the causal connection between the bank failure and the diagnosed condition has not been adequately proven. He pointed out that the symptoms described by the expert appeared to be more related to the traumatic event of the robbery than to the lack of follow-up care.
Punitive damages: restrictive interpretation of Article 52bis
Finally, the chamber confirmed the rejection of punitive damages. He reiterated that Article 52bis of the Consumer Protection Law must be interpreted restrictively and that its application requires the verification of fraud, gross negligence or willful disregard of consumer rights.
Although he acknowledged the bank’s non-compliance, he was clear that its conduct did not reach the level of seriousness necessary to justify the imposition of a civil penalty.
About The Author
