Wednesday, June 24, 2026

Valyrian News Network

Understanding, Automated

Legal Finance

Belgian Court: Banks Must Compensate Phishing Victims Now

Valyrian News Network 5 min read

Belgian Court: Banks Must Compensate Phishing Victims Now

A Belgian commercial court has issued a landmark interim ruling ordering a bank to immediately repay nearly €50,000 to an elderly couple who lost their savings in a phishing scam, establishing a precedent that shifts the burden of proof onto financial institutions. The Antwerp Commercial Court ruled on May 26 that banks must refund fraud victims first and can only later seek to reclaim the money if they can prove gross negligence by the customer, according to VRT NWS.

The Case

On January 23, 2026, a couple aged 90 and 93 from the Antwerp province received a phone call from someone posing as a bank employee. The scammers tricked them into authorizing two transfers totaling €49,958 to an unknown account in Portugal. The couple’s son intervened promptly, contacting the bank’s fraud line, blocking the accounts through Card Stop, and filing a police complaint — but the money was already gone.

When the couple demanded reimbursement, the bank refused, arguing that the customers had been grossly negligent because they had used their original debit card, Digipass device, personal PIN, response codes, and unique SMS codes to authorize the transfers. The bank’s position was that since the victims had actively executed the transactions, they bore responsibility for the loss.

The Court’s Reasoning

The court rejected the bank’s arguments entirely. Under EU and Belgian law, as Het Laatste Nieuws reported, banks are obliged to immediately reimburse victims of unauthorized payment transactions unless they can prove the customer acted with gross negligence. Crucially, the burden of proof lies with the bank, not the victim.

The judge established that even if a bank suspects gross negligence, this does not relieve it of the obligation to repay immediately. The bank must pay first, then go to court to challenge if it believes gross negligence occurred. The court ordered the bank to repay the full €49,958 plus legal interest from January 23, 2026, and to cover court costs.

Geert Lenssens, a banking lawyer and phishing specialist not involved in the case, described the ruling as “baanbrekend” (groundbreaking). “The principle is simple,” Lenssens told VRT NWS. “The bank is obliged to reimburse a customer who is a victim of phishing, unless the bank proves that the customer made a gross error.”

Lenssens explained that the decision reverses the practical power dynamic between banks and consumers. “This is an important decision from the judge because the roles are reversed. It is the bank that must pay first and can then go to court to challenge it. It’s a bit like taxes: pay first and then dispute.”

He noted that proving gross negligence is extremely difficult, estimating that it applies to barely 1% of all phishing cases. “A gross error is the big exception,” he said. The ruling is expected to be cited “thousands of times in the coming months and years” in summary proceedings across Belgium, as reported by TechPulse.

Political Reaction

Belgian Minister of Consumer Protection Rob Beenders (Vooruit) welcomed the decision. “The interim relief judge rightly states that the banks apply the rules in a way that is not only contrary to both national and EU legislation, but also results in victims being systematically placed in a position that makes it more difficult to assert their rights,” Beenders said.

Beenders, who has been pressuring banks on phishing since early 2026, was scheduled to meet with banking representatives on June 4 to discuss their action plan against fraud.

Industry Response

Febelfin, the Belgian banking federation, responded cautiously. Spokesperson Isabelle Marchand stated that each case must be assessed individually, adding that it is ultimately up to the courts to assess the facts and rule on them.

Broader Implications

The ruling comes amid growing scrutiny of Belgian banks’ handling of phishing cases. In November 2025, Financial Ombudsman Jean Cattaruzza publicly stated that banks “follow the law too little” and that only 30% of complaints to his office were resolved in favor of consumers, as VRT NWS reported.

The decision also raises questions about products like KBC’s phishing insurance, launched in February 2026 at €7 per month with a maximum payout of €25,000 — less than half the amount lost by the elderly couple in this case. Critics have argued that such insurance turns bank negligence into a profit center.

What’s Next

While the ruling is an interim decision (kortgeding), meaning a full trial court could theoretically reach a different conclusion, legal experts note that banks rarely win such cases because proving gross negligence is exceptionally difficult. The decision is expected to accelerate calls for clearer legislative definitions of “gross negligence” and may force Belgian banks to improve their fraud detection systems. For the thousands of phishing victims in Belgium — where only about 8% currently receive compensation — this ruling offers a powerful new legal tool to recover their losses.