Installing a Fraudulent App Blocks Compensation in Bank Fraud Case

A customer of Caixa Econômica Federal (CEF) had her claim for material and moral damages denied after falling victim to a banking scam. The decision was issued by the 9th Panel of the Federal Special Court of the 3rd Region, in São Paulo, which upheld the lower court ruling.

The plaintiff alleged she suffered unauthorized transactions in her bank account after installing an app on her phone, following instructions from a scammer posing as a CEF employee. She argued that the financial institution was negligent in allowing a third party to access her data and carry out transactions that deviated from her usual banking behavior.

However, the court found no service failure on the part of CEF. The ruling highlighted that the transactions were carried out from a device registered to the plaintiff's CPF (tax ID), using a password and electronic signature. Furthermore, no repeated or visibly suspicious transactions were identified that could have prompted the bank to suspect fraud.

The court classified the case as a "third-party act," which excludes the financial institution's liability. The panel emphasized that the plaintiff herself actively contributed to the harm by installing the app that enabled the fraudulent transactions.

Regarding aspects related to Brazil's General Data Protection Law (LGPD), the ruling acknowledged that, while the law requires security and prevention measures in the processing of personal data, there is no right to civil compensation when the consumer is the exclusive cause of the harm — whether through their own fault or through the influence of third parties. The court found that the event cannot be considered an "internal fortuitous event" related to banking operations, but rather a case of the victim's exclusive fault, as she was the one who enabled the electronic device used by the scammers.

The ruling also cited Precedent 479 of the Superior Court of Justice (STJ), which establishes that financial institutions are only liable for damages caused by "internal fortuitous events" in banking operations — a standard that did not apply in this case.

TRF3 - RI n. 5000757-81.2024.4.03.6325

This post was summarized from the original ruling using ChatGPT version 4o, with human review.