Reports are piling up on social media: someone’s cell phone is stolen or stolen, and thieves are able to access their bank accounts, making voluminous financial transactions.
But what is the responsibility of banks in this situation? And what about the customers?
“Smartphones came to help us be more productive and have mechanisms that store dozens of passwords that we need to know on a daily basis. The mistake starts here”, says Felipe do Nascimento, Director of Solutions Engineering at Tanium, a cybersecurity company .
According to Nascimento, with the device unlocked, thieves gain full access to all installed applications and passwords saved on the cell phone. However, even those who do not use this functionality are at risk after a theft.
“Let’s imagine a scenario where you don’t have your passwords saved. The crooks can select the option to recover password. Almost always a new password will be sent by email, which is configured on the cell phone, or by SMS. have full access to their applications”, he explains.
Can banks avoid scams?
For Nascimento, both financial institutions and customers need to take measures to prevent damage from being great in these cases.
Banks could implement mechanisms that identify an operation that deviates from that individual’s standards, so that it is not authorized.
Felipe do Nascimento
How can customers mitigate risk?
In turn, smartphone owners should follow four tips to prevent unauthorized access to their bank accounts and, in case of theft, minimize damage:
Always use complex and different passwordsUse a secondary email for password recovery that is not connected to your cellphoneUse a second authentication fact through PIN or biometricsKeep written down, in a safe place, the number of cards and bank phone numbers to contact and block ASAP
“We know that it is difficult to memorize all passwords, so today there are applications that are ‘password vaults’ that can store them in an encrypted way and protected by a master password. That is, instead of memorizing dozens of difficult passwords, you would only need to know one”, declares Nascimento.
What does the law say?
According to attorney Breno Stefanini, a specialist in consumer law and a postgraduate in constitutional law, customer-bank relationships are considered within the sphere of consumption by the Supreme Court of Justice (STJ).
Therefore, in these cases, the rules established by the Consumer Protection Code (CDC) must be observed. Mainly in article 14, which establishes the civil liability of service providers:
The article establishes the following: “The service provider is liable, irrespective of the existence of fault, for the repair of damages caused to consumers by defects related to the provision of services, as well as for insufficient or inadequate information about their enjoyment and risks.”
“If this rule is analyzed in isolation, it would be easy to point out that the bank should reimburse all losses suffered by bank customers who have their accounts invaded after the theft of the cell phone”, explains Stefanini.
“It so happens that the CDC also lists some cases in which the supplier will not be held liable. There are two: when there is no defect or when it is the exclusive fault of the consumer or a third party.”
In general, banks are resistant to returning the amounts because they understand that there was customer carelessness and there is no security breach in the applications.
However, the TJ-SP (São Paulo Court of Justice) has adopted the position that financial institutions are responsible for damages suffered by customers when the transactions carried out are incompatible with the profile and consumption pattern.
“The incompatibility must be observed by the bank’s security system and, if found, the movements must be immediately blocked”, says Stefanini.
According to the lawyer, this incompatibility occurs when a client only makes transfers of low values and, suddenly, a Pix with a value of R$ 10 thousand appears.
On the other hand, there is also the understanding in Justice that banks can only be held responsible after the customer reports the theft or theft of the cell phone.
“This positioning is minority, but it exists. All transactions carried out between the moment the smartphone is stolen until the moment when the customer communicates the bank would be, then, the responsibility of the customer”, he explains.
Therefore, to ensure the least possible inconvenience, Stefanini recommends that banks be notified immediately after the cell phone is stolen.
What to do in case of theft?
Febraban (Brazilian Federation of Banks) advises that, in case of theft or theft of the cell phone, the customer should act quickly to minimize losses. First, you should try to remotely erase your smartphone data (see below) and then contact your bank’s customer service channel to block your accounts and cards.
After blocking bank accounts, lawyer Breno Stefanini says that customers should block their cell phone with telephone operators and then file a report.
How to erase cell phone data remotely
To erase cellular data remotely, you will need another phone or computer as soon as possible.
For Android models, go to android.com/find. Enter login, password and click “Erase Device”.
For iOS phones, visit icloud.com. Enter login, password and locate your iPhone. Click “Erase Device”.
For Xiaomi phones, go to i.mi.com and login with Mi account. Click “Find Device” and finally Wipe Device” to erase your information.