Espírito Santo State Court of Appeals upholds bank conviction for fake payment slip scam

The Espírito Santo State Court of Appeals (TJES) (Espírito Santo State Court of Appeals), by majority decision, denied an appeal filed by Banco Votorantim S/A, upholding the first-instance ruling that ordered the bank to compensate a client who was a victim of the "fake payment slip" scam. The decision recognized the financial institution's liability for the security failure that allowed the consumer's data to be leaked.

The case involved a client who had a vehicle financing contract with the bank and, being behind on payments, was contacted via WhatsApp by a fraudster posing as a representative of the institution. The scammer offered a discount to settle the overdue installments and sent a fake payment slip (boleto), which the victim paid. The slip contained accurate details of the contract and the client's personal data, as well as the bank's logo, giving the fraud an appearance of legitimacy.

The majority of judges found that the fraudster's possession of confidential information — such as the contract number, the exact or near-exact amount of the debt, and the client's personal data — evidenced a service failure on the part of the bank, constituting an "internal fortuitous event." This position is grounded in Precedent 479 of the Superior Court of Justice (STJ), which establishes the strict liability of financial institutions for damages caused by fraud committed by third parties in the context of banking operations, as well as the provisions of the Consumer Protection Code (CDC) and the General Data Protection Law (LGPD) regarding the duty of security.

The dissenting opinion, which was overruled, argued for the exclusive fault of the victim or a third party, absolving the bank of liability. That position held that the client had failed to exercise due caution by negotiating through an unofficial channel (WhatsApp) and by not noticing inconsistencies in the payment slip, such as the recipient bank being different from her lender. However, the prevailing view was that the bank's security failure in allowing access to confidential data was decisive in enabling the scam. The ruling upheld the declaration that the installments paid via the fake slip were settled, and maintained the bank's condemnation to pay R$ 6,000.00 in moral damages.

This post was summarized from the original ruling using AI, with human review.

TJES/AC n. 5000140-66.2024.8.08.0047