The Dutch bank Rabobank hosts Internet banking for its customers. On 8 June 2010 Montage B.V. and others (“Montage”) fell victim to fraud. Someone presented himself via the telephone as an employee of Rabobank and asked for Montage’s login data to access Montage’s Internet banking account (an act, which can also be done via email and other communications, known as “phishing”’). Montage, being under the impression that they were dealing with an employee of Rabobank, communicated its internet banking login data to the impersonator, enabling him to execute several transactions and wire money to his own account. Montage sought damages from Rabobank for the stolen money on grounds that Rabobank would not have fulfilled its duty of care by not explicitly warning Montage about persons who would masquerade themselves via the telephone as Rabobank employees and ask Rabobank customers for their internet banking login data. After the first instance and the first interlocutory judgment, the final question in the second interlocutory hearing was whether the bank failed to warn its customers about this specific type of fraud. Montage and others claim that they only saw Rabobank’s warnings on phishing after 8 June 2010. Even though Montage and others did declare they all saw the warning after 8 June 2010, they all stated that they saw different warnings. In response, Rabobank stated that the bank did issue the warning via their “message center” on the Rabobank website. On the basis of the statements from Montage and the Rabobank, the Court accepted Rabobank’s defense and ruled that the warning via Rabobank’s “message center” about phone phishing was specific and clear enough (and was issued before 8 June 2010), so Rabobank did warn its customers and, with that, fulfilled its duty of care. The bank had therefore no obligation to pay damages to the claimants.
[Source: Court of Appeal ‘s-Hertogenbosch, 18 February 2014, ECLI:NL:GHSE:2014:39.]