Lawyer Abdulrahman Al-Houti

Rather, the bank remains bound by specific legal obligations, and any failure to fulfill these obligations may render the bank fully or partially liable for the financial loss suffered by the customer, even if the customer disclosed his banking details as a result of deception. Within the framework of cybersecurity requirements, banks are obligated to provide effective protection systems for the banking services offered through electronic platforms and mobile applications.

In this regard, banks must prevent unauthorized access, detect suspicious transfers, and protect customers’ confidential data to prevent fraud, hacking, or theft of funds. Accordingly, banks are required to monitor transactions that deviate from a customer’s usual transaction behavior, and they bear the responsibility of preventing suspicious transfers until proper verification is conducted. If a bank executes an abnormal withdrawal or transfer from a customer’s account without adequate verification, this may constitute evidence of negligence on the part of the bank.

For example, if a customer has a history of regular withdrawals and transfers, and a sudden large withdrawal or transfer to an unknown account occurs, this should trigger an internal alert within the bank. In such cases, the bank’s failure to act on this warning constitutes supervisory negligence.

The bank may also be held liable if it delays responding to the customer’s report or fails to take immediate action upon receiving such a report. If it is established that the fraud occurred due to weak verification mechanisms, deficiencies in the bank’s electronic security system, or technical faults in the bank’s mobile application or website, the bank shall bear full liability, as such matters fall within the scope of its obligations to secure customer accounts.

Among the bank’s obligations in this context is the implementation of clear awareness campaigns against fraud, aimed at educating customers and warning them about fraudulent calls and fake links, as well as continuously reminding them not to disclose confidential banking information. If a bank neglects its awareness responsibilities, such neglect constitutes professional misconduct and may partially attribute liability to the bank for the fraudulent incident.

As for the legal procedures required of a person who has been subjected to banking fraud, the first step is to immediately notify the bank by contacting customer service or visiting the nearest branch. Legally, the customer has the right to request the temporary freezing of his account, suspension of external transfers, or deactivation of the card or electronic service that was compromised.

To preserve his legal rights, the customer must submit an official complaint to the Cybercrime Department at the Ministry of Interior, either in person or through the Ministry of Interior’s electronic platform. The customer should provide fraudulent messages, links, or visual or audio recordings received from the fraudsters as supporting evidence. In addition to the above, the fraud victim should file a complaint with the Public Prosecution to formally establish the occurrence of the fraud, particularly in cases where the perpetrator is apprehended.

In conclusion, even if a customer disclosed his banking information as a result of fraud, this does not absolve the bank of its professional and supervisory responsibilities, nor does it negate the customer’s right to compensation if it is proven that the bank could have prevented the transaction, detected it, or mitigated its effects. In all cases, bank account holders are advised to exercise extreme caution when conducting any banking transactions and to strictly adhere to bank instructions regarding the protection of their financial data.