Fintech: Cyber security and fraud issues – The BCRA and the courts begin to allocate responsibilities.
Fintech Department Report | Cyber security and fraud issues – The BCRA and the courts begin to allocate responsibilities
As the use of electronic payments increases (pursuant to the latest Financial Inclusion Report published by the BCRA towards the end of April this year), the number of cases of fraud in payments also increases, for which both the BCRA and the courts have begun to pay more attention to this matter.
For now, the BCRA, which had already established some preventive measures in the past through Communication “A” 7328 for the enrollment of accounts and cards in wallets, has now once again reinforced the security measures and consents of users that must be adopted in those cases, as well as began to distribute in greater detail the responsibility of the participants of the instant transfer schemes in the face of user claims.
Thus, through Communication “A” 7463, issued at the end of February, the BCRA emphasized the need to have the client’s consent both for the enrollment of accounts, and at the time of making each payment, as well as to grant the client the possibility of establishing limits of use and the possibility of unlinking said accounts in a simple and immediate way in case of suspicion of fraud.
Likewise, through the same Communication, the BCRA urged that the administrators of instant transfer schemes establish the responsibilities of each scheme participant in cases of fraud management so that claims are managed in a coordinated manner and traceability, confidentiality, and integrity of the transactions carried out is guaranteed. In particular, it is established that customer attention for fraud claims must fall on the provider of the affected account (financial institution or PSPCP).
Finally, a period of 180 days was established for the implementation of the measures.
On the judicial side, there are more and more fraud cases coming before the courts, whether due to phishing, spoofing, identity theft or credential theft, among others, where judges are usually inclined to attribute responsibility to the entity of the account or card with respect to which the fraud is operated, even when it cannot be established with total clarity the way in which the perpetrators accessed the respective passwords.