Unauthorized and fraudulent transactions – differences and legal consequences for bank customers
Imagine a situation in which a bank customer notices that funds have disappeared from their account. They don't recognize the transaction and don't remember ever ordering it. They file a complaint, hoping for a quick refund. However, the bank's response can be brief and disappointing: "The transaction was authorized – the bank is not responsible .
For the customer, this is often the end of the conversation. From a legal perspective, it's only the beginning of the proper analysis. The key is whether a given transaction was an unauthorized transaction or merely authorized but fraudulent. Although the two terms are sometimes used interchangeably in everyday language, in payment law, they lead to completely different consequences.
What is an unauthorized transaction?
An unauthorized transaction is a payment transaction for which the account holder has not consented. The customer's consent – granted using the authorization instruments provided by the bank – is a prerequisite for the legality of each transaction.
If funds are withdrawn from an account without such consent, the law grants the customer extensive protection. Generally, the bank is liable for the consequences of the transaction, as it is responsible for the security of payment systems and the proper execution of the transaction. In such cases, the bank should immediately restore the account to its pre-transaction state, unless it can demonstrate exceptional circumstances that exclude its liability.
Fraudulent transaction – why do banks often refuse refunds?
Situations in which the customer authorizes themselves, but does so under the influence of manipulation, misrepresentation, or impersonation of another person or institution, are assessed differently. These may include fraudulent phone calls, text messages, emails, or fake websites.
While from the customer's perspective, this is classic fraud, the legal situation is more complex. Since authorization was granted—even through fraud—the transaction does not meet the definition of unauthorized. In practice, banks often argue in such cases that they acted in accordance with the customer's instructions and are therefore not liable for the refund.
Why is this distinction of such great practical importance?
The difference between an unauthorized and a fraudulent transaction is not purely theoretical. It determines who bears the financial burden of the event—the bank or the customer.
In simple terms:
- in the case of an unauthorized transaction, the starting point is favorable to the customer,
- In the case of an authorized transaction, the dispute focuses on the assessment of the account user's behavior and diligence.
In practice, this means that similar events can lead to completely different decisions – even in cases involving significant amounts.
Where does the line of client responsibility lie?
The law does not require bank customers to be absolutely vigilant or possess specialized cybersecurity knowledge. However, it does require them to use payment instruments sensibly and in accordance with basic prudential principles.
The line between ordinary error and gross negligence is not clear-cut, however, and requires a case-by-case analysis of the circumstances of each specific case. Among other factors, the following are crucial:
- how scammers operate,
- content of messages addressed to the customer,
- bank's behavior before and after the transaction,
- warning mechanisms and technical security measures used by the bank.
What should a client do when a disputed event occurs?
From the account user's perspective, quick response and proper communication with the bank are crucial. Reporting a transaction that the customer doesn't recognize or that was authorized fraudulently triggers complaints procedures and allows for a formal assessment of the matter.
In practice, many disputes begin when a bank rejects a complaint, citing the authorization of a transaction or accusing the customer of lacking due diligence. In such situations, further legal remedies—both extrajudicial and judicial—may be pursued, taking into account the circumstances of the specific case.
Summary
While from a customer's perspective, any loss of funds due to third-party actions may seem the same, the law draws an important distinction between unauthorized transactions and fraudulent transactions. It is this distinction that determines the bank's liability and the realistic chances of recovering the funds.
Being aware of these differences allows you not only to better understand the position of financial institutions, but also to more accurately assess your own legal situation in the event of a dispute.
This article is for informational purposes only and does not constitute legal advice.
Legal status as of February 11, 2026.
Author:
Series editor:
