There are a growing number of organized crime groups specializing in cybercrime operating in Poland. This phenomenon is a consequence of the very low effectiveness of law enforcement agencies in detecting perpetrators of this type of crime and the failure of banks to exercise due diligence in ensuring the security of funds stored in bank accounts.
Current data from the National Bank of Poland show that:
- in the second quarter of 2024, the value of fraudulent transactions amounted to over PLN 133 million ,
- in the third quarter it amounted to as much as PLN 147 million.
A significant portion of these operations involved persuading the payer to make a transaction using social engineering , for example, by impersonating a bank employee, police officer, or investment advisor. A typical criminal tactic is to persuade the victim to log into their bank account or reveal confidential data. Currently, as much as 86% of the value of all bank frauds can be attributed to this type of activity .
Banks always demand repayment of debts incurred by criminals, assuming that the online transaction was authorized by the customer. The bank accuses the victim of gross negligence even when the victim provides third parties with information such as their debit card number and security code.
In 98% of cases, banks reject complaints, focusing on convincing customers that they either authorized the transaction themselves or showed gross negligence.
Banks have adopted a strategy of automatically rejecting complaints, assuming that most customers do not know that the responsibility for unauthorized transactions rests with the bank, will not cooperate with a lawyer specializing in such matters, and that claims will eventually be time-barred.
What to do if you're being scammed? There are three key steps you should take immediately:
- contact with the police,
- contacting the bank's hotline,
- contacting a law firm that specializes in bank theft cases.
If it proves impossible to block transfers, it is crucial to determine whether the stolen funds can be recovered from the bank due to inadequate account security.
Recovering lost funds requires filing a lawsuit against the bank. Many customers are unaware that in the event of fraud, they can seek reimbursement from the bank, even if the perpetrator is not identified.
If a transaction, transfer or loan was not authorized by us, and therefore was not made of our will, the bank must return the funds .
Only 1 in 30 defrauded customers pursues their rights in court , which means that approximately 3% of the injured parties actually decide to fight the bank .
Courts are increasingly siding with customers, ruling in their favor in cases involving bank fraud. While the law protects consumers, it also requires them to take the initiative—primarily filing a lawsuit against the bank.
Banks are obligated to refund the amount of an unauthorized transaction or restore the account balance to its pre-transaction state, no later than the end of the next business day after the incident is reported. Exceptions to this rule apply in two situations: when a consumer files a complaint more than 13 months after the transaction, or when there is reasonable suspicion that the customer was involved in fraud, and the bank has notified the relevant law enforcement agencies, such as the police or prosecutor's office.
The regulations shift much of the burden of proof onto the bank. The financial institution must demonstrate that the account holder consented to the transfer of funds from the account or that the customer acted with gross negligence.
In turn, the account holder is usually only required to indicate which transactions were unauthorized and to present to the court the circumstances in which the funds were stolen.
In summary, Poland is seeing an increase in cyberfraud, a result of the low effectiveness of law enforcement agencies and inadequate security measures implemented by banks. Despite the fact that most fraudulent transactions occur without customer knowledge, banks often reject complaints, accusing the victims of gross negligence. However, current regulations require banks to return funds from unauthorized transactions unless they can prove customer guilt.
This article is for informational purposes only and does not constitute legal advice.
The law is current as of July 29, 2025.
Author:
Series editor:
