{"id":100228,"date":"2026-07-15T13:44:36","date_gmt":"2026-07-15T11:44:36","guid":{"rendered":"https:\/\/ru.law\/?p=100228"},"modified":"2026-07-15T13:44:38","modified_gmt":"2026-07-15T11:44:38","slug":"phishing-online-banking-haftung-bank","status":"publish","type":"post","link":"https:\/\/ru.law\/en\/phishing-online-banking-haftung-bank\/","title":{"rendered":"Phishing in online banking: When the bank is liable"},"content":{"rendered":"<p>An SMS from your bank, followed shortly by a call from someone claiming to be your security team, and just minutes later, several thousand euros are missing from your account. Online banking fraud is now one of the most common crimes on the internet. For victims, a crucial question immediately arises: Is the bank obligated to reimburse the amount, or are they left with the loss? The answer isn&#039;t based on the bank&#039;s gut feeling, but rather on the German Civil Code&#039;s (BGB) regulations governing payment services.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-phishing-beim-online-banking-diese-maschen-nutzen-tater-aktuell\"><strong>Phishing in online banking: These are the tricks currently being used by perpetrators<\/strong><\/h2>\n\n\n\n<p>The 2026 Cybersecurity Monitor, published by the Federal Office for Information Security (BSI) and the police crime prevention units of the German states and the federal government, paints a clear picture. Eleven percent of internet users in Germany have fallen victim to cybercrime within the past twelve months. Among those affected, 13 percent reported online banking fraud or misuse of account data, 12 percent reported phishing, and 14 percent reported unauthorized access to online accounts. Almost nine out of ten victims suffered damages, with a third reporting direct financial losses.<\/p>\n\n\n\n<p>The attack vectors have shifted. Poorly translated mass emails hardly play a role anymore. Instead, perpetrators rely on smishing via fake SMS messages in the message history of the real bank, quishing with manipulated QR codes, and vishing, i.e., a call from a supposed bank employee with a spoofed phone number. The Cybersecurity Monitor explicitly identifies online fraud and artificial intelligence as a focus topic because generative systems produce forgeries that are virtually flawless in terms of language and design. Phishing is therefore just one manifestation of this. <a href=\"https:\/\/ru.law\/en\/online-betrug-b2c\/\">Online fraud<\/a>, which now reaches consumers through virtually every digital channel.<\/p>\n\n\n\n<p>A crucial technical point for the legal assessment is that login credentials alone are no longer sufficient for perpetrators. Since the introduction of mandatory strong customer authentication, every transfer requires a second authorization, such as via pushTAN or chipTAN. Therefore, attacks no longer target the password, but rather the person using it. In so-called real-time phishing, the perpetrator is simultaneously present in the genuine banking environment and immediately forwards the TAN entered by the victim. A particularly damaging variant involves authorizing device registration: those who confirm this grant the perpetrator permanent, fully functional access to their own device. Typical procedures and damage patterns are described on our page [link to relevant page]. <a href=\"https:\/\/ru.law\/en\/online-banking-betrug\/\">online banking fraud<\/a> Explained in detail.<\/p>\n\n\n\n<p>If you notice such an incident, every hour counts. Have the legal situation reviewed before making any statements to the bank that could later be used against you.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-nicht-autorisierte-zahlung-wann-die-bank-nach-675u-bgb-erstatten-muss\"><strong>Unauthorized payment: When the bank must refund according to \u00a7 675u of the German Civil Code (BGB).<\/strong><\/h2>\n\n\n\n<p>The legal starting point is simpler than many affected parties assume. According to Section 675j Paragraph 1 of the German Civil Code (BGB), a payment transaction is only valid if the payer has consented to it. Without this consent, it is an unauthorized payment transaction. The consequences are governed by Section 675u of the BGB: In this case, the bank is not entitled to reimbursement of its expenses. It must immediately refund the payer the payment amount and restore the account to the balance it would have had without the debit.<\/p>\n\n\n\n<p>The legislator has set a clear deadline for this. Reimbursement must be made immediately, at the latest by the end of the business day following the day on which the bank became aware of the unauthorized payment or received a corresponding notification. The claim is therefore not contingent upon the bank having completed its internal investigations. In practice, however, this is regularly claimed. The same principles apply to other payment instruments, for example, if you <a href=\"https:\/\/ru.law\/en\/bankrecht-b2c\/opfer-von-kreditkartenbetrug\/\">Victims of credit card fraud<\/a> have become.<\/p>\n\n\n\n<p>The most difficult distinction concerns cases where the victim has entered a TAN themselves. The bank often concludes from this that the payment is authorized and the matter is closed. This conclusion is too simplistic. Consent under Section 675j of the German Civil Code (BGB) always refers to a specific payment transaction with a particular amount and recipient. Anyone who enters a TAN on a fraudulent website because they are led to believe a security check or a chargeback is taking place is not consenting to the transfer actually being executed to an unknown third party. Legally, the transaction therefore remains unauthorized. Whether the bank can nevertheless reclaim any funds is a separate question and is governed by Section 675v of the German Civil Code (BGB).<\/p>\n\n\n\n<p>Furthermore, the notification obligation under Section 676b of the German Civil Code (BGB) is important. Affected individuals must report the unauthorized debit immediately upon discovery. Claims are excluded after a maximum of 13 months following the debit entry. Therefore, anyone who fails to check their bank statements risks losing all their rights.<\/p>\n\n\n\n<p>Immediately check whether your case qualifies as an unauthorized payment transaction. This decision will determine who has the burden of proof in the further proceedings.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-grobe-fahrlassigkeit-nach-675v-bgb-wann-ihr-erstattungsanspruch-entfallt\"><strong>Gross negligence according to \u00a7 675v BGB: When your right to reimbursement lapses<\/strong><\/h2>\n\n\n\n<p>The right to reimbursement under Section 675u of the German Civil Code (BGB) is not unconditional. Pursuant to Section 675v Paragraph 3 of the BGB, the bank can demand full compensation for damages if the payer caused the loss fraudulently or intentionally or with gross negligence violated their obligations under Section 675l Paragraph 1 of the BGB or the agreed terms and conditions for using the payment instrument. In practice, this counterclaim means that the customer receives no financial compensation. This is precisely where banks almost always resort in phishing cases, as our experience from numerous cases has shown. <a href=\"https:\/\/ru.law\/en\/bankrecht-b2c\/betrugsfaelle-bei-der-commerzbank\/\">Fraud cases at Commerzbank<\/a> and at other institutions.<\/p>\n\n\n\n<p>Gross negligence means that the care required in traffic was violated to a particularly serious degree, and even the simplest, most obvious considerations were not taken into account. This is an assessment of the individual case and not a blanket category. A general statement by the bank that the victim simply provided a TAN is not sufficient.<\/p>\n\n\n\n<p>The circumstances of the attack often argue against the charge of gross negligence. Was the bank&#039;s phone number technically spoofed? Was the fake page visually identical to the original? Did the perpetrator provide accurate personal data? Or did the attack run in real time, parallel to the genuine banking session? The design of the authorization message itself is also relevant. If the recipient and the amount are not clearly identifiable in the pushTAN text, the customer can hardly be blamed for not noticing the discrepancy.<\/p>\n\n\n\n<p>Two further provisions are regularly overlooked. According to Section 675v Paragraph 4 of the German Civil Code (BGB), the payer is not liable if the bank has not required strong customer authentication as defined in Section 55 of the German Payment Services Supervision Act (ZAG) or if it has not provided a suitable means of reporting the loss. And according to Section 675v Paragraph 5 of the BGB, liability is waived for all damages incurred after the loss has been reported. A single unclear point in the bank&#039;s systems can therefore completely reverse the outcome.<\/p>\n\n\n\n<p>If your bank has refused the refund on the grounds of gross negligence, you should have this justification reviewed by a lawyer instead of accepting it.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-beweislast-nach-675w-bgb-und-sofortmassnahmen-nach-einem-phishing-angriff\"><strong>Burden of proof according to \u00a7 675w BGB and immediate measures after a phishing attack<\/strong><\/h2>\n\n\n\n<p>In a dispute over a phishing transfer, the burden of proof often outweighs the substantive legal situation. Section 675w of the German Civil Code (BGB) clearly places the burden of proof on the bank. If the authorization of a payment transaction is disputed, the bank must prove that the transaction was authenticated, properly recorded, booked, and not affected by any malfunction.<\/p>\n\n\n\n<p>The most practically important part of the standard is at the end. The mere recording of the use of a payment instrument, including authentication tools, is not sufficient in itself to prove that the payer authorized the payment transaction or intentionally or grossly negligently breached their obligations. Therefore, if a bank presents nothing more than a system log documenting a correctly entered TAN, it has not yet fulfilled its burden of proof. Such logs do not automatically create a prima facie case against the customer.<\/p>\n\n\n\n<p>For those affected, this means: Securing your evidence from the very beginning. The following steps are paramount after a phishing incident:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Block account: Immediately block access and cards via the blocking hotline, note the time and contact person.<\/li>\n\n\n\n<li>Demand a refund: Report the charge in writing and in a verifiable manner as unauthorized and demand a refund in accordance with \u00a7 675u of the German Civil Code (BGB).<\/li>\n\n\n\n<li>Secure evidence: Document screenshots of the fake website, SMS messages, emails, phone numbers, timestamps and the wording of the release message.<\/li>\n\n\n\n<li>File a criminal complaint: Reporting the incident to the police secures evidence and supports the account given to the bank.<\/li>\n\n\n\n<li>Check devices: Check registered devices, sharing settings and stored phone numbers in online banking and change access data.<\/li>\n\n\n\n<li>Observe deadlines: Keep an eye on the notification period of \u00a7 676b BGB and the exclusion period of 13 months.<\/li>\n<\/ul>\n\n\n\n<p>If the money has already been transferred, tracing the payment paths is often necessary. When converting to cryptocurrencies, we use the same tools for this purpose that we also use in the area of... <a href=\"https:\/\/ru.law\/en\/kryptobetrug\/\">Crypto fraud<\/a> Use tools such as blockchain analysis and the involvement of participating payment service providers. Avoid any hasty wording that might admit fault, and have your correspondence with the bank reviewed before sending it.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-wann-lohnt-sich-anwaltliche-beratung-bei-phishing-im-online-banking\"><strong><strong>When is legal advice worthwhile in cases of phishing in online banking?<\/strong><\/strong><\/h3>\n\n\n\n<p>Legal support is always advisable if the bank refuses a refund, reviews the case for weeks, or makes a blanket statement alleging gross negligence. Responding to a letter from the bank claiming damages under Section 675v Paragraph 3 of the German Civil Code (BGB) should also not be done without legal assessment. The same applies to large sums of money, multiple transactions over several days, and cases involving international transactions.<\/p>\n\n\n\n<p>The legal review addresses several points: Was there actually effective authorization for the specific payment transaction? Did the bank implement strong customer authentication in accordance with Section 55 of the German Payment Services Supervision Act (ZAG), and was its design suitable for clearly identifying the payment transaction? Does the bank substantiate the requirements of Section 675v Paragraph 3 of the German Civil Code (BGB), or does it rely solely on logs that are insufficient under Section 675w of the BGB? And were there any unusual transaction patterns that might have triggered a duty of warning on the part of the bank? You can obtain an initial assessment through our <a href=\"https:\/\/ru.law\/en\/rechtsanwalt-erstberatung\/\">initial consultation<\/a>.<\/p>\n\n\n\n<p>Rogert &amp; Ulbrich represents clients nationwide in <a href=\"https:\/\/ru.law\/en\/bankrecht-b2c\/\">banking law<\/a> and at <a href=\"https:\/\/ru.law\/en\/anwalt-betrugsfaelle\/\">fraud cases<\/a> of all kinds. The law firm around <a href=\"https:\/\/ru.law\/en\/rechtsanwalt\/dr-marco-rogert\/\">Dr. Marco Rogert<\/a> and <a href=\"https:\/\/ru.law\/en\/rechtsanwalt\/tobias-ulbrich\/\">Tobias Ulbrich<\/a> The firm has taken on over 40,000 cases and filed over 25,000 lawsuits, a significant portion of which are against banks and financial service providers. Cases are handled out of court with the bank and, if necessary, through litigation. Separate offices exist for the Rhineland and Ruhr region, for example, for... <a href=\"https:\/\/ru.law\/en\/anwaelte-im-bankrecht-bei-phishing-fuer-duesseldorf\/\">D\u00fcsseldorf<\/a>, <a href=\"https:\/\/ru.law\/en\/anwaelte-im-bankrecht-bei-phishing-fuer-koeln\/\">Cologne<\/a> and <a href=\"https:\/\/ru.law\/en\/anwaelte-im-bankrecht-bei-phishing-fuer-essen\/\">Eat<\/a>.<\/p>\n\n\n\n<p>If your bank refuses the chargeback, <a href=\"https:\/\/ru.law\/en\/kontakt\/\">Get in touch<\/a>, as long as documents, records and time information are still fully available.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-fazit-phishing-beim-online-banking-und-die-haftung-der-bank\"><strong>Conclusion: Phishing in online banking and the bank&#039;s liability<\/strong><\/h3>\n\n\n\n<p>Phishing in online banking is no longer a fringe phenomenon, but according to the Cybersecurity Monitor 2026, it affects a significant portion of the population. The legal situation is better than the initial reaction of many banks would suggest. In the case of an unauthorized payment transaction, there is a right to reimbursement under Section 675u of the German Civil Code (BGB), immediately and without reservation of internal investigations. The bank can only be exempt from this obligation if it demonstrates and proves the conditions of Section 675v Paragraph 3 of the German Civil Code (BGB).<\/p>\n\n\n\n<p>The accusation of gross negligence is not automatic, but rather a case-by-case assessment that depends on the quality of the forgery, the design of the release notification, and the specific sequence of events. Furthermore, according to Section 675w of the German Civil Code (BGB), the burden of proof lies with the bank, which cannot simply rely on a system log. Anyone who reports the matter promptly, secures evidence, adheres to the deadline stipulated in Section 676b of the BGB, and does not accept the bank&#039;s rejection as final, significantly improves their position.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-faqs-haufig-gestellte-fragen-zu-phishing-beim-online-banking\"><strong>FAQs \u2013 Frequently Asked Questions about Phishing in Online Banking<\/strong><\/h2>\n\n\n<div class=\"wp-block-uagb-faq uagb-faq__outer-wrap uagb-block-ed0fa9cc uagb-faq-icon-row uagb-faq-layout-accordion uagb-faq-expand-first-true uagb-faq-inactive-other-true uagb-faq__wrap uagb-buttons-layout-wrap uagb-faq-equal-height\" data-faqtoggle=\"true\" role=\"tablist\"><div class=\"wp-block-uagb-faq-child uagb-faq-child__outer-wrap uagb-faq-item uagb-block-f9785a0e\" role=\"tab\" tabindex=\"0\"><div class=\"uagb-faq-questions-button uagb-faq-questions\">\t\t\t<span class=\"uagb-icon uagb-faq-icon-wrap\">\n\t\t\t\t\t\t\t\t<svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewbox= \"0 0 448 512\"><path d=\"M432 256c0 17.69-14.33 32.01-32 32.01H256v144c0 17.69-14.33 31.99-32 31.99s-32-14.3-32-31.99v-144H48c-17.67 0-32-14.32-32-32.01s14.33-31.99 32-31.99H192v-144c0-17.69 14.33-32.01 32-32.01s32 14.32 32 32.01v144h144C417.7 224 432 238.3 432 256z\"><\/path><\/svg>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t<span class=\"uagb-icon-active uagb-faq-icon-wrap\">\n\t\t\t\t\t\t\t\t<svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewbox= \"0 0 448 512\"><path d=\"M400 288h-352c-17.69 0-32-14.32-32-32.01s14.31-31.99 32-31.99h352c17.69 0 32 14.3 32 31.99S417.7 288 400 288z\"><\/path><\/svg>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t<span class=\"uagb-question\">What is phishing in online banking?<\/span><\/div><div class=\"uagb-faq-content\"><p>Phishing refers to attempts to obtain login credentials and authorizations for a bank account through fake messages, websites, or calls. The perpetrators impersonate banks, payment service providers, or government agencies and create a sense of urgency. Typical methods include fake text messages, manipulated QR codes, and calls with spoofed numbers. Today, the goal is usually not just to steal a password, but to authorize a specific transfer or register someone else&#039;s device.<\/p><\/div><\/div><div class=\"wp-block-uagb-faq-child uagb-faq-child__outer-wrap uagb-faq-item uagb-block-eef02c53\" role=\"tab\" tabindex=\"0\"><div class=\"uagb-faq-questions-button uagb-faq-questions\">\t\t\t<span class=\"uagb-icon uagb-faq-icon-wrap\">\n\t\t\t\t\t\t\t\t<svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewbox= \"0 0 448 512\"><path d=\"M432 256c0 17.69-14.33 32.01-32 32.01H256v144c0 17.69-14.33 31.99-32 31.99s-32-14.3-32-31.99v-144H48c-17.67 0-32-14.32-32-32.01s14.33-31.99 32-31.99H192v-144c0-17.69 14.33-32.01 32-32.01s32 14.32 32 32.01v144h144C417.7 224 432 238.3 432 256z\"><\/path><\/svg>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t<span class=\"uagb-icon-active uagb-faq-icon-wrap\">\n\t\t\t\t\t\t\t\t<svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewbox= \"0 0 448 512\"><path d=\"M400 288h-352c-17.69 0-32-14.32-32-32.01s14.31-31.99 32-31.99h352c17.69 0 32 14.3 32 31.99S417.7 288 400 288z\"><\/path><\/svg>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t<span class=\"uagb-question\">Is the bank obligated to reimburse me after a phishing attack?<\/span><\/div><div class=\"uagb-faq-content\"><p>In the case of an unauthorized payment transaction, a claim for reimbursement exists under Section 675u of the German Civil Code (BGB). The bank is then not entitled to reimbursement of its expenses and must restore the account to the balance it would have had without the debit. It can only be released from this obligation if it enforces a counterclaim under Section 675v of the German Civil Code (BGB), particularly due to gross negligence. Whether this is successful depends on the specific circumstances of the incident.<\/p><\/div><\/div><div class=\"wp-block-uagb-faq-child uagb-faq-child__outer-wrap uagb-faq-item uagb-block-a5f0bb69\" role=\"tab\" tabindex=\"0\"><div class=\"uagb-faq-questions-button uagb-faq-questions\">\t\t\t<span class=\"uagb-icon uagb-faq-icon-wrap\">\n\t\t\t\t\t\t\t\t<svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewbox= \"0 0 448 512\"><path d=\"M432 256c0 17.69-14.33 32.01-32 32.01H256v144c0 17.69-14.33 31.99-32 31.99s-32-14.3-32-31.99v-144H48c-17.67 0-32-14.32-32-32.01s14.33-31.99 32-31.99H192v-144c0-17.69 14.33-32.01 32-32.01s32 14.32 32 32.01v144h144C417.7 224 432 238.3 432 256z\"><\/path><\/svg>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t<span class=\"uagb-icon-active uagb-faq-icon-wrap\">\n\t\t\t\t\t\t\t\t<svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewbox= \"0 0 448 512\"><path d=\"M400 288h-352c-17.69 0-32-14.32-32-32.01s14.31-31.99 32-31.99h352c17.69 0 32 14.3 32 31.99S417.7 288 400 288z\"><\/path><\/svg>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t<span class=\"uagb-question\">By when must the bank reverse the payment?<\/span><\/div><div class=\"uagb-faq-content\"><p>Section 675u of the German Civil Code (BGB) requires immediate reimbursement, at the latest by the end of the business day following the day on which the bank becomes aware of the unauthorized payment or receives the notification. Reimbursement is not contingent upon the completion of an internal investigation. In practice, however, payment is frequently delayed by citing ongoing investigations.<\/p><\/div><\/div><div class=\"wp-block-uagb-faq-child uagb-faq-child__outer-wrap uagb-faq-item uagb-block-28b6f38a\" role=\"tab\" tabindex=\"0\"><div class=\"uagb-faq-questions-button uagb-faq-questions\">\t\t\t<span class=\"uagb-icon uagb-faq-icon-wrap\">\n\t\t\t\t\t\t\t\t<svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewbox= \"0 0 448 512\"><path d=\"M432 256c0 17.69-14.33 32.01-32 32.01H256v144c0 17.69-14.33 31.99-32 31.99s-32-14.3-32-31.99v-144H48c-17.67 0-32-14.32-32-32.01s14.33-31.99 32-31.99H192v-144c0-17.69 14.33-32.01 32-32.01s32 14.32 32 32.01v144h144C417.7 224 432 238.3 432 256z\"><\/path><\/svg>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t<span class=\"uagb-icon-active uagb-faq-icon-wrap\">\n\t\t\t\t\t\t\t\t<svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewbox= \"0 0 448 512\"><path d=\"M400 288h-352c-17.69 0-32-14.32-32-32.01s14.31-31.99 32-31.99h352c17.69 0 32 14.3 32 31.99S417.7 288 400 288z\"><\/path><\/svg>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t<span class=\"uagb-question\">What constitutes gross negligence in phishing cases?<\/span><\/div><div class=\"uagb-faq-content\"><p>Gross negligence exists when the required care is violated to a particularly serious degree and even the simplest, most obvious considerations are disregarded. Examples include forwarding multiple TANs without issuing a separate payment order or confirming an authorization whose discrepancy was clearly identifiable. Each case is assessed individually. Professional forgery, a real-time attack, or an unclear authorization message would negate the accusation.<\/p><\/div><\/div><div class=\"wp-block-uagb-faq-child uagb-faq-child__outer-wrap uagb-faq-item uagb-block-922e0bf1\" role=\"tab\" tabindex=\"0\"><div class=\"uagb-faq-questions-button uagb-faq-questions\">\t\t\t<span class=\"uagb-icon uagb-faq-icon-wrap\">\n\t\t\t\t\t\t\t\t<svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewbox= \"0 0 448 512\"><path d=\"M432 256c0 17.69-14.33 32.01-32 32.01H256v144c0 17.69-14.33 31.99-32 31.99s-32-14.3-32-31.99v-144H48c-17.67 0-32-14.32-32-32.01s14.33-31.99 32-31.99H192v-144c0-17.69 14.33-32.01 32-32.01s32 14.32 32 32.01v144h144C417.7 224 432 238.3 432 256z\"><\/path><\/svg>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t<span class=\"uagb-icon-active uagb-faq-icon-wrap\">\n\t\t\t\t\t\t\t\t<svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewbox= \"0 0 448 512\"><path d=\"M400 288h-352c-17.69 0-32-14.32-32-32.01s14.31-31.99 32-31.99h352c17.69 0 32 14.3 32 31.99S417.7 288 400 288z\"><\/path><\/svg>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t<span class=\"uagb-question\">Am I liable if I entered the TAN myself?<\/span><\/div><div class=\"uagb-faq-content\"><p>Not necessarily. The consent under Section 675j of the German Civil Code (BGB) refers to a specific payment transaction with a defined amount and recipient. Anyone who enters a TAN in a fraudulent environment and is thereby deceived about the actual nature of the payment does not authorize that payment. Whether the bank also has a claim for damages under Section 675v Paragraph 3 of the German Civil Code (BGB) is a separate question.<\/p><\/div><\/div><div class=\"wp-block-uagb-faq-child uagb-faq-child__outer-wrap uagb-faq-item uagb-block-910f255b\" role=\"tab\" tabindex=\"0\"><div class=\"uagb-faq-questions-button uagb-faq-questions\">\t\t\t<span class=\"uagb-icon uagb-faq-icon-wrap\">\n\t\t\t\t\t\t\t\t<svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewbox= \"0 0 448 512\"><path d=\"M432 256c0 17.69-14.33 32.01-32 32.01H256v144c0 17.69-14.33 31.99-32 31.99s-32-14.3-32-31.99v-144H48c-17.67 0-32-14.32-32-32.01s14.33-31.99 32-31.99H192v-144c0-17.69 14.33-32.01 32-32.01s32 14.32 32 32.01v144h144C417.7 224 432 238.3 432 256z\"><\/path><\/svg>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t<span class=\"uagb-icon-active uagb-faq-icon-wrap\">\n\t\t\t\t\t\t\t\t<svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewbox= \"0 0 448 512\"><path d=\"M400 288h-352c-17.69 0-32-14.32-32-32.01s14.31-31.99 32-31.99h352c17.69 0 32 14.3 32 31.99S417.7 288 400 288z\"><\/path><\/svg>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t<span class=\"uagb-question\">How long do I have to dispute an unauthorized payment?<\/span><\/div><div class=\"uagb-faq-content\"><p>According to Section 676b of the German Civil Code (BGB), unauthorized debits must be reported immediately upon discovery. Regardless, claims are excluded no later than 13 months after the debit date. Therefore, bank statements should be checked regularly. If this deadline is missed, even legitimate claims are completely forfeited.<\/p><\/div><\/div><div class=\"wp-block-uagb-faq-child uagb-faq-child__outer-wrap uagb-faq-item uagb-block-44975cc3\" role=\"tab\" tabindex=\"0\"><div class=\"uagb-faq-questions-button uagb-faq-questions\">\t\t\t<span class=\"uagb-icon uagb-faq-icon-wrap\">\n\t\t\t\t\t\t\t\t<svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewbox= \"0 0 448 512\"><path d=\"M432 256c0 17.69-14.33 32.01-32 32.01H256v144c0 17.69-14.33 31.99-32 31.99s-32-14.3-32-31.99v-144H48c-17.67 0-32-14.32-32-32.01s14.33-31.99 32-31.99H192v-144c0-17.69 14.33-32.01 32-32.01s32 14.32 32 32.01v144h144C417.7 224 432 238.3 432 256z\"><\/path><\/svg>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t<span class=\"uagb-icon-active uagb-faq-icon-wrap\">\n\t\t\t\t\t\t\t\t<svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewbox= \"0 0 448 512\"><path d=\"M400 288h-352c-17.69 0-32-14.32-32-32.01s14.31-31.99 32-31.99h352c17.69 0 32 14.3 32 31.99S417.7 288 400 288z\"><\/path><\/svg>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t<span class=\"uagb-question\">Who has to prove that I acted with gross negligence?<\/span><\/div><div class=\"uagb-faq-content\"><p>The burden of proof lies with the bank. According to Section 675w of the German Civil Code (BGB), it must prove that the payment transaction was authenticated and properly recorded and booked. The mere recording of the use of a payment instrument is expressly insufficient to prove authorization or a deliberate or grossly negligent breach of duty by the customer. A system log alone is therefore insufficient to support such an allegation.<\/p><\/div><\/div><div class=\"wp-block-uagb-faq-child uagb-faq-child__outer-wrap uagb-faq-item uagb-block-7ab03cea\" role=\"tab\" tabindex=\"0\"><div class=\"uagb-faq-questions-button uagb-faq-questions\">\t\t\t<span class=\"uagb-icon uagb-faq-icon-wrap\">\n\t\t\t\t\t\t\t\t<svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewbox= \"0 0 448 512\"><path d=\"M432 256c0 17.69-14.33 32.01-32 32.01H256v144c0 17.69-14.33 31.99-32 31.99s-32-14.3-32-31.99v-144H48c-17.67 0-32-14.32-32-32.01s14.33-31.99 32-31.99H192v-144c0-17.69 14.33-32.01 32-32.01s32 14.32 32 32.01v144h144C417.7 224 432 238.3 432 256z\"><\/path><\/svg>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t<span class=\"uagb-icon-active uagb-faq-icon-wrap\">\n\t\t\t\t\t\t\t\t<svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewbox= \"0 0 448 512\"><path d=\"M400 288h-352c-17.69 0-32-14.32-32-32.01s14.31-31.99 32-31.99h352c17.69 0 32 14.3 32 31.99S417.7 288 400 288z\"><\/path><\/svg>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t<span class=\"uagb-question\">What applies if the bank did not require strong customer authentication?<\/span><\/div><div class=\"uagb-faq-content\"><p>According to Section 675v Paragraph 4 of the German Civil Code (BGB), the payer is not liable if the bank has not required strong customer authentication as defined in Section 55 of the German Payment Services Supervision Act (ZAG) or has not provided a suitable means of reporting the loss. An exception applies only in cases of fraudulent intent on the part of the payer. This point is frequently overlooked in practice, but it can be decisive in the entire case.<\/p><\/div><\/div><div class=\"wp-block-uagb-faq-child uagb-faq-child__outer-wrap uagb-faq-item uagb-block-ab813d0e\" role=\"tab\" tabindex=\"0\"><div class=\"uagb-faq-questions-button uagb-faq-questions\">\t\t\t<span class=\"uagb-icon uagb-faq-icon-wrap\">\n\t\t\t\t\t\t\t\t<svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewbox= \"0 0 448 512\"><path d=\"M432 256c0 17.69-14.33 32.01-32 32.01H256v144c0 17.69-14.33 31.99-32 31.99s-32-14.3-32-31.99v-144H48c-17.67 0-32-14.32-32-32.01s14.33-31.99 32-31.99H192v-144c0-17.69 14.33-32.01 32-32.01s32 14.32 32 32.01v144h144C417.7 224 432 238.3 432 256z\"><\/path><\/svg>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t<span class=\"uagb-icon-active uagb-faq-icon-wrap\">\n\t\t\t\t\t\t\t\t<svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewbox= \"0 0 448 512\"><path d=\"M400 288h-352c-17.69 0-32-14.32-32-32.01s14.31-31.99 32-31.99h352c17.69 0 32 14.3 32 31.99S417.7 288 400 288z\"><\/path><\/svg>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t<span class=\"uagb-question\">What should I do immediately after a phishing incident?<\/span><\/div><div class=\"uagb-faq-content\"><p>Block access and cards immediately via the blocking hotline and note the time and the person you spoke to. Report the charge as unauthorized in writing and with verifiable proof, and request a refund. Save screenshots, text messages, phone numbers, and the wording of the authorization message, file a police report, and check registered devices in your online banking. Avoid any statements that might suggest you are at fault.<\/p><\/div><\/div><div class=\"wp-block-uagb-faq-child uagb-faq-child__outer-wrap uagb-faq-item uagb-block-7b6999cf\" role=\"tab\" tabindex=\"0\"><div class=\"uagb-faq-questions-button uagb-faq-questions\">\t\t\t<span class=\"uagb-icon uagb-faq-icon-wrap\">\n\t\t\t\t\t\t\t\t<svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewbox= \"0 0 448 512\"><path d=\"M432 256c0 17.69-14.33 32.01-32 32.01H256v144c0 17.69-14.33 31.99-32 31.99s-32-14.3-32-31.99v-144H48c-17.67 0-32-14.32-32-32.01s14.33-31.99 32-31.99H192v-144c0-17.69 14.33-32.01 32-32.01s32 14.32 32 32.01v144h144C417.7 224 432 238.3 432 256z\"><\/path><\/svg>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t<span class=\"uagb-icon-active uagb-faq-icon-wrap\">\n\t\t\t\t\t\t\t\t<svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewbox= \"0 0 448 512\"><path d=\"M400 288h-352c-17.69 0-32-14.32-32-32.01s14.31-31.99 32-31.99h352c17.69 0 32 14.3 32 31.99S417.7 288 400 288z\"><\/path><\/svg>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t<span class=\"uagb-question\">When is it worth hiring a lawyer in a phishing case involving online banking?<\/span><\/div><div class=\"uagb-faq-content\"><p>Legal advice is advisable as soon as the bank rejects a refund, reviews the transaction for an extended period, or makes a blanket claim of gross negligence. The same applies to large sums of money, multiple transactions, or international elements. The review will examine the authorization of the specific payment transaction, the implementation of strong customer authentication, and whether the bank has met its burden of proof under Section 675w of the German Civil Code (BGB). The earlier the review takes place, the more complete the available evidence will be.<\/p><\/div><\/div><\/div>\n\n\n<p><\/p>","protected":false},"excerpt":{"rendered":"<p>Eine SMS der Hausbank, kurz darauf ein Anruf des angeblichen Sicherheitsteams, wenige Minuten sp\u00e4ter fehlen mehrere tausend Euro auf dem Konto. Betrug beim Online-Banking geh\u00f6rt [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":100229,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":"","_members_access_role":[],"_members_access_error":""},"categories":[1220],"tags":[1573,1572,1224,1571],"class_list":["post-100228","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bank-und-kapitalmarktrecht","tag-grobe-fahrlaessigkeit","tag-nicht-autorisierte-zahlung","tag-online-banking","tag-phishing"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.9 (Yoast SEO v27.9) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Phishing Online-Banking: Wann die Bank haftet - R&amp;U<\/title>\n<meta name=\"description\" content=\"Nach einem Phishing-Angriff lehnen Banken die Erstattung oft ab. Warum \u00a7 675u BGB auf Ihrer Seite steht und wie die Beweislast tats\u00e4chlich verteilt ist.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/ru.law\/en\/phishing-online-banking-haftung-bank\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Phishing beim Online-Banking: Wann die Bank haften muss\" \/>\n<meta property=\"og:description\" content=\"Nach einem Phishing-Angriff lehnen Banken die Erstattung oft ab. Warum \u00a7 675u BGB auf Ihrer Seite steht und wie die Beweislast tats\u00e4chlich verteilt ist.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/ru.law\/en\/phishing-online-banking-haftung-bank\/\" \/>\n<meta property=\"og:site_name\" content=\"R&amp;U\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/RogertUlbrich\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-15T11:44:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-07-15T11:44:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ru.law\/wp-content\/uploads\/2026\/07\/AdobeStock_2027894965-scaled.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1707\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Marco Rogert\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@RogertUlbrich\" \/>\n<meta name=\"twitter:site\" content=\"@RogertUlbrich\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/ru.law\\\/phishing-online-banking-haftung-bank\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/ru.law\\\/phishing-online-banking-haftung-bank\\\/\"},\"author\":{\"name\":\"Marco Rogert\",\"@id\":\"https:\\\/\\\/ru.law\\\/#\\\/schema\\\/person\\\/b020d506e6bbc471b4565d3a98173b87\"},\"headline\":\"Phishing beim Online-Banking: Wann die Bank haften muss\",\"datePublished\":\"2026-07-15T11:44:36+00:00\",\"dateModified\":\"2026-07-15T11:44:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/ru.law\\\/phishing-online-banking-haftung-bank\\\/\"},\"wordCount\":1893,\"publisher\":{\"@id\":\"https:\\\/\\\/ru.law\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/ru.law\\\/phishing-online-banking-haftung-bank\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ru.law\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/AdobeStock_2027894965-scaled.jpeg\",\"keywords\":[\"grobe Fahrl\u00e4ssigkeit\",\"nicht autorisierte Zahlung\",\"Online-Banking\",\"Phishing\"],\"articleSection\":[\"Bank- und Kapitalmarktrecht\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/ru.law\\\/phishing-online-banking-haftung-bank\\\/\",\"url\":\"https:\\\/\\\/ru.law\\\/phishing-online-banking-haftung-bank\\\/\",\"name\":\"Phishing Online-Banking: Wann die Bank haftet - R&amp;U\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/ru.law\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/ru.law\\\/phishing-online-banking-haftung-bank\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/ru.law\\\/phishing-online-banking-haftung-bank\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ru.law\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/AdobeStock_2027894965-scaled.jpeg\",\"datePublished\":\"2026-07-15T11:44:36+00:00\",\"dateModified\":\"2026-07-15T11:44:38+00:00\",\"description\":\"Nach einem Phishing-Angriff lehnen Banken die Erstattung oft ab. Warum \u00a7 675u BGB auf Ihrer Seite steht und wie die Beweislast tats\u00e4chlich verteilt ist.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/ru.law\\\/phishing-online-banking-haftung-bank\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/ru.law\\\/phishing-online-banking-haftung-bank\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/ru.law\\\/phishing-online-banking-haftung-bank\\\/#primaryimage\",\"url\":\"https:\\\/\\\/ru.law\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/AdobeStock_2027894965-scaled.jpeg\",\"contentUrl\":\"https:\\\/\\\/ru.law\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/AdobeStock_2027894965-scaled.jpeg\",\"width\":2560,\"height\":1707,\"caption\":\"Cybersecurity risk and phishing scam concept with data breach alert on screen\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/ru.law\\\/phishing-online-banking-haftung-bank\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/ru.law\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Phishing beim Online-Banking: Wann die Bank haften muss\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/ru.law\\\/#website\",\"url\":\"https:\\\/\\\/ru.law\\\/\",\"name\":\"R&U\",\"description\":\"Verbraucheranw\u00e4lte\",\"publisher\":{\"@id\":\"https:\\\/\\\/ru.law\\\/#organization\"},\"alternateName\":\"Rogert & Ulbrich\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/ru.law\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/ru.law\\\/#organization\",\"name\":\"Kanzlei Rogert & Ulbrich\",\"url\":\"https:\\\/\\\/ru.law\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/ru.law\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/ru.law\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/logo-ru-law.svg\",\"contentUrl\":\"https:\\\/\\\/ru.law\\\/wp-content\\\/uploads\\\/2020\\\/12\\\/logo-ru-law.svg\",\"width\":992,\"height\":259,\"caption\":\"Kanzlei Rogert & Ulbrich\"},\"image\":{\"@id\":\"https:\\\/\\\/ru.law\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/RogertUlbrich\\\/\",\"https:\\\/\\\/x.com\\\/RogertUlbrich\",\"https:\\\/\\\/www.instagram.com\\\/rogertulbrich\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/rogert-ulbrich\\\/\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCganCgpvwpPFqMFf1vVmG2A\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/ru.law\\\/#\\\/schema\\\/person\\\/b020d506e6bbc471b4565d3a98173b87\",\"name\":\"Marco Rogert\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/ru.law\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/ru-law-rogert.png\",\"url\":\"https:\\\/\\\/ru.law\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/ru-law-rogert.png\",\"contentUrl\":\"https:\\\/\\\/ru.law\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/ru-law-rogert.png\",\"caption\":\"Marco Rogert\"},\"description\":\"Dr. Marco Rogert ist Rechtsanwalt und zweifacher Fachanwalt mit Sitz in D\u00fcsseldorf. Er ber\u00e4t und vertritt Mandanten bundesweit im Bank- und Kapitalanlagerecht, bei Kryptobetrug und KI-rechtlichen Fragen sowie im Transport- und Speditionsrecht. Bekannt wurde er als einer der f\u00fchrenden Anw\u00e4lte in der Aufarbeitung des Abgasskandals und als Mitbegr\u00fcnder der ersten Musterfeststellungsklage gegen die Volkswagen AG.\",\"sameAs\":[\"https:\\\/\\\/ru.law\\\/rechtsanwalt\\\/dr-marco-rogert\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/marco-prof-dr-rogert-248037407\\\/\"],\"honorificPrefix\":\"Dr\",\"knowsAbout\":[\"Bank- und Kapitalmarktrecht\",\"Transport- und Speditionsrecht\",\"KI-Recht\",\"Kryptobetrug\",\"Abgasskandal\"],\"url\":\"https:\\\/\\\/ru.law\\\/rechtsanwalt\\\/dr-marco-rogert\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Phishing Online-Banking: Wann die Bank haftet - R&amp;U","description":"Nach einem Phishing-Angriff lehnen Banken die Erstattung oft ab. Warum \u00a7 675u BGB auf Ihrer Seite steht und wie die Beweislast tats\u00e4chlich verteilt ist.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/ru.law\/en\/phishing-online-banking-haftung-bank\/","og_locale":"en_GB","og_type":"article","og_title":"Phishing beim Online-Banking: Wann die Bank haften muss","og_description":"Nach einem Phishing-Angriff lehnen Banken die Erstattung oft ab. Warum \u00a7 675u BGB auf Ihrer Seite steht und wie die Beweislast tats\u00e4chlich verteilt ist.","og_url":"https:\/\/ru.law\/en\/phishing-online-banking-haftung-bank\/","og_site_name":"R&amp;U","article_publisher":"https:\/\/www.facebook.com\/RogertUlbrich\/","article_published_time":"2026-07-15T11:44:36+00:00","article_modified_time":"2026-07-15T11:44:38+00:00","og_image":[{"width":2560,"height":1707,"url":"https:\/\/ru.law\/wp-content\/uploads\/2026\/07\/AdobeStock_2027894965-scaled.jpeg","type":"image\/jpeg"}],"author":"Marco Rogert","twitter_card":"summary_large_image","twitter_creator":"@RogertUlbrich","twitter_site":"@RogertUlbrich","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/ru.law\/phishing-online-banking-haftung-bank\/#article","isPartOf":{"@id":"https:\/\/ru.law\/phishing-online-banking-haftung-bank\/"},"author":{"name":"Marco Rogert","@id":"https:\/\/ru.law\/#\/schema\/person\/b020d506e6bbc471b4565d3a98173b87"},"headline":"Phishing beim Online-Banking: Wann die Bank haften muss","datePublished":"2026-07-15T11:44:36+00:00","dateModified":"2026-07-15T11:44:38+00:00","mainEntityOfPage":{"@id":"https:\/\/ru.law\/phishing-online-banking-haftung-bank\/"},"wordCount":1893,"publisher":{"@id":"https:\/\/ru.law\/#organization"},"image":{"@id":"https:\/\/ru.law\/phishing-online-banking-haftung-bank\/#primaryimage"},"thumbnailUrl":"https:\/\/ru.law\/wp-content\/uploads\/2026\/07\/AdobeStock_2027894965-scaled.jpeg","keywords":["grobe Fahrl\u00e4ssigkeit","nicht autorisierte Zahlung","Online-Banking","Phishing"],"articleSection":["Bank- und Kapitalmarktrecht"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/ru.law\/phishing-online-banking-haftung-bank\/","url":"https:\/\/ru.law\/phishing-online-banking-haftung-bank\/","name":"Phishing Online-Banking: Wann die Bank haftet - R&amp;U","isPartOf":{"@id":"https:\/\/ru.law\/#website"},"primaryImageOfPage":{"@id":"https:\/\/ru.law\/phishing-online-banking-haftung-bank\/#primaryimage"},"image":{"@id":"https:\/\/ru.law\/phishing-online-banking-haftung-bank\/#primaryimage"},"thumbnailUrl":"https:\/\/ru.law\/wp-content\/uploads\/2026\/07\/AdobeStock_2027894965-scaled.jpeg","datePublished":"2026-07-15T11:44:36+00:00","dateModified":"2026-07-15T11:44:38+00:00","description":"Nach einem Phishing-Angriff lehnen Banken die Erstattung oft ab. Warum \u00a7 675u BGB auf Ihrer Seite steht und wie die Beweislast tats\u00e4chlich verteilt ist.","breadcrumb":{"@id":"https:\/\/ru.law\/phishing-online-banking-haftung-bank\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/ru.law\/phishing-online-banking-haftung-bank\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/ru.law\/phishing-online-banking-haftung-bank\/#primaryimage","url":"https:\/\/ru.law\/wp-content\/uploads\/2026\/07\/AdobeStock_2027894965-scaled.jpeg","contentUrl":"https:\/\/ru.law\/wp-content\/uploads\/2026\/07\/AdobeStock_2027894965-scaled.jpeg","width":2560,"height":1707,"caption":"Cybersecurity risk and phishing scam concept with data breach alert on screen"},{"@type":"BreadcrumbList","@id":"https:\/\/ru.law\/phishing-online-banking-haftung-bank\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/ru.law\/"},{"@type":"ListItem","position":2,"name":"Phishing beim Online-Banking: Wann die Bank haften muss"}]},{"@type":"WebSite","@id":"https:\/\/ru.law\/#website","url":"https:\/\/ru.law\/","name":"R&amp;U","description":"Consumer lawyers","publisher":{"@id":"https:\/\/ru.law\/#organization"},"alternateName":"Rogert & Ulbrich","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/ru.law\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/ru.law\/#organization","name":"Rogert &amp; Ulbrich Law Firm","url":"https:\/\/ru.law\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/ru.law\/#\/schema\/logo\/image\/","url":"https:\/\/ru.law\/wp-content\/uploads\/2020\/12\/logo-ru-law.svg","contentUrl":"https:\/\/ru.law\/wp-content\/uploads\/2020\/12\/logo-ru-law.svg","width":992,"height":259,"caption":"Kanzlei Rogert & Ulbrich"},"image":{"@id":"https:\/\/ru.law\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/RogertUlbrich\/","https:\/\/x.com\/RogertUlbrich","https:\/\/www.instagram.com\/rogertulbrich\/","https:\/\/www.linkedin.com\/company\/rogert-ulbrich\/","https:\/\/www.youtube.com\/channel\/UCganCgpvwpPFqMFf1vVmG2A"]},{"@type":"Person","@id":"https:\/\/ru.law\/#\/schema\/person\/b020d506e6bbc471b4565d3a98173b87","name":"Marco Rogert","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/ru.law\/wp-content\/uploads\/2025\/09\/ru-law-rogert.png","url":"https:\/\/ru.law\/wp-content\/uploads\/2025\/09\/ru-law-rogert.png","contentUrl":"https:\/\/ru.law\/wp-content\/uploads\/2025\/09\/ru-law-rogert.png","caption":"Marco Rogert"},"description":"Dr. Marco Rogert is a lawyer and certified specialist in two areas of law, based in D\u00fcsseldorf. He advises and represents clients nationwide in banking and investment law, cryptocurrency fraud and AI-related legal issues, as well as in transport and freight forwarding law. He became known as one of the leading lawyers in the handling of the emissions scandal and as a co-founder of the first model declaratory action against Volkswagen AG.","sameAs":["https:\/\/ru.law\/rechtsanwalt\/dr-marco-rogert\/","https:\/\/www.linkedin.com\/in\/marco-prof-dr-rogert-248037407\/"],"honorificPrefix":"Dr","knowsAbout":["Bank- und Kapitalmarktrecht","Transport- und Speditionsrecht","KI-Recht","Kryptobetrug","Abgasskandal"],"url":"https:\/\/ru.law\/rechtsanwalt\/dr-marco-rogert\/"}]}},"uagb_featured_image_src":{"full":["https:\/\/ru.law\/wp-content\/uploads\/2026\/07\/AdobeStock_2027894965-scaled.jpeg",2560,1707,false],"thumbnail":["https:\/\/ru.law\/wp-content\/uploads\/2026\/07\/AdobeStock_2027894965-scaled.jpeg",128,85,false],"medium":["https:\/\/ru.law\/wp-content\/uploads\/2026\/07\/AdobeStock_2027894965-scaled.jpeg",2560,1707,false],"medium_large":["https:\/\/ru.law\/wp-content\/uploads\/2026\/07\/AdobeStock_2027894965-768x512.jpeg",768,512,true],"large":["https:\/\/ru.law\/wp-content\/uploads\/2026\/07\/AdobeStock_2027894965-scaled.jpeg",2560,1707,false],"1536x1536":["https:\/\/ru.law\/wp-content\/uploads\/2026\/07\/AdobeStock_2027894965-1536x1024.jpeg",1536,1024,true],"2048x2048":["https:\/\/ru.law\/wp-content\/uploads\/2026\/07\/AdobeStock_2027894965-2048x1365.jpeg",2048,1365,true],"trp-custom-language-flag":["https:\/\/ru.law\/wp-content\/uploads\/2026\/07\/AdobeStock_2027894965-18x12.jpeg",18,12,true]},"uagb_author_info":{"display_name":"Marco Rogert","author_link":"https:\/\/ru.law\/rechtsanwalt\/dr-marco-rogert\/"},"uagb_comment_info":0,"uagb_excerpt":"Eine SMS der Hausbank, kurz darauf ein Anruf des angeblichen Sicherheitsteams, wenige Minuten sp\u00e4ter fehlen mehrere tausend Euro auf dem Konto. Betrug beim Online-Banking geh\u00f6rt [&hellip;]","_links":{"self":[{"href":"https:\/\/ru.law\/en\/wp-json\/wp\/v2\/posts\/100228","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ru.law\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ru.law\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ru.law\/en\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/ru.law\/en\/wp-json\/wp\/v2\/comments?post=100228"}],"version-history":[{"count":1,"href":"https:\/\/ru.law\/en\/wp-json\/wp\/v2\/posts\/100228\/revisions"}],"predecessor-version":[{"id":100230,"href":"https:\/\/ru.law\/en\/wp-json\/wp\/v2\/posts\/100228\/revisions\/100230"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ru.law\/en\/wp-json\/wp\/v2\/media\/100229"}],"wp:attachment":[{"href":"https:\/\/ru.law\/en\/wp-json\/wp\/v2\/media?parent=100228"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ru.law\/en\/wp-json\/wp\/v2\/categories?post=100228"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ru.law\/en\/wp-json\/wp\/v2\/tags?post=100228"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}