Court rules: Bank does not have to pay in case of gross negligence

One wrong click and your account is empty - phishing fraud is one of the most common dangers in online banking. But victims are not automatically in the right. This is shown by a recent case before the Oldenburg Higher Regional Court: a married couple had lost almost 41,000 euros through a scam - but the bank did not have to refund a cent.

The reason given: grossly negligent behavior. The woman had passed on personal data and even a PushTAN re-registration link to the fraudsters. The judges ruled that she had clearly breached her duty of care.

Personal data disclosed - despite obvious warning signs

In this case, the deception was actually obvious: the phishing email that the couple had received was full of spelling mistakes and inconsistencies. According to the court, this should have aroused suspicion. But the wife ignored these clues - and passed on information to the perpetrators that made it possible to take over the account.

The court emphasized that the bank is generally liable for unauthorized debits. This is regulated by the German Civil Code. But: If customers act with gross negligence, this claim does not apply. And that was precisely the case here.

An expert was called in to assess the customer's behavior. The result: The disclosure of sensitive data was not excusable - especially because every bank regularly warns that no TANs or access links are requested by email.

What does "grossly negligent" mean?

In legal terms, behavior is considered grossly negligent if the necessary care is disregarded to a particularly serious degree - in other words, if even a layperson should have noticed that something was wrong. The ruling states that the plaintiff should have recognized the characteristics of the fake email and acted accordingly.

The message is clear: anyone who forwards security features such as TANs or links despite warnings is acting at their own risk.

No turning back: judgment is final

Particularly bitter: the verdict is final. A further appeal is not possible. This means that the couple are stuck with the loss of 41,000 euros. The OLG made it clear:

"Consequently, the plaintiffs will not receive their lost funds back from their bank."

A ruling that has caused a stir in the banking world and among consumer advocates - and a wake-up call for all those who don't take online banking very seriously.

Honestly? Anyone who still falls for an email with obvious errors in 2025 and then forwards a TAN link urgently needs a basic course in digital self-defense. Yes, phishing is becoming more and more professional - but banks have been beating the drum for years: Never pass on TANs or passwords. Period.

Anyone who acts with gross negligence cannot expect the bank to take responsibility for the damage. Online banking is not a playground - if you are not careful, you will quickly pay a high price. In the truest sense of the word.