In a recent case involving a Polish bank, a woman fell victim to an online scam where a fraudster impersonated a buyer on a marketplace and sent her a fake link mimicking her bank's website. Believing that the link was legitimate, she entered her login details, which allowed the scammer to carry out an unauthorized payment transaction from her bank account. Upon discovering the fraudulent transaction, the woman promptly reported it to her bank, expecting a refund for the unauthorized debit.

However, the bank refused to refund the amount, arguing that the customer had committed gross negligence by disclosing her banking credentials. This refusal raised a significant legal question that was taken to court, where the judges sought clarification from the European Court of Justice (TSUE). They inquired whether, under EU law, a bank is obligated to promptly refund the amount of unauthorized transactions, even if it believes that the customer acted with gross negligence in handling their account information, or if it has the right to refuse such refunds under these circumstances.

This case exemplifies the complexities of consumer protection in digital banking and the responsibilities of financial institutions in safeguarding customers against online fraud. The implications of the TSUE's ruling could set essential precedents regarding the obligations of banks in similar situations and redefine the balance of responsibility between banks and consumers when it comes to online security and fraud prevention.