Breaking news

Banks Required To Refund Unauthorized Transactions Immediately, Confirms EU Prosecutor

by THEFUTURE.TEAM

Introduction

Advocate General Athanasios Rantos of the Court of Justice of the European Union stated that banks must refund customers without delay for unauthorized transactions, even when the client may have acted with gross negligence. The opinion clarifies how European legislation should be applied in cases involving payment fraud.

Case Overview

The case concerns a Polish bank customer who became the victim of a phishing attack. A fraudster posed as a buyer on an online auction platform and sent the customer a link that closely resembled the bank’s official website. After entering her login credentials, the customer unintentionally gave the attacker access to her account. The fraudster subsequently carried out unauthorized transactions.

The bank refused to reimburse the funds, arguing that the client had demonstrated gross negligence by entering her banking details on the fraudulent website. The dispute was later brought before the Polish courts.

Legal Implications

The Polish national court asked the Court of Justice of the European Union to clarify whether European law requires banks to refund unauthorized payments immediately, even when the customer may have acted negligently.

Advocate General Rantos stated that EU legislation requires banks to restore the funds without delay unless the institution has reasonable grounds to suspect fraud and has formally reported the matter to the competent authorities. The opinion also explains that an immediate refund does not prevent the bank from later seeking compensation if it can prove that the customer failed to comply with their obligations under payment services regulations.

Consumer Protection And Regulatory Outlook

European payment legislation places strong emphasis on protecting consumers from financial fraud. The regulatory framework aims to ensure that users of payment services receive prompt reimbursement when unauthorized transactions occur. Banks may still investigate individual cases and pursue legal action if they believe the customer breached their responsibilities under payment service rules.

Conclusion

The Court of Justice of the European Union will now consider the Advocate General’s opinion before issuing its final ruling. Such decisions are often influential in shaping the interpretation of EU law. A ruling in line with the opinion could have significant implications for banks across the European Union and for how financial institutions handle reimbursement claims in cases of payment fraud.

Passkeys Are The Gold Standard For Account Security. So Why Don’t More Major Apps Offer Them?

by THEFUTURE.TEAM

Passkeys are increasingly being promoted as one of the most effective ways to protect online accounts. By reducing reliance on passwords, they help prevent phishing attacks, simplify sign-ins and strengthen account security. Despite those advantages, however, many major digital platforms have yet to adopt the technology.

A Security Upgrade Still Missing At Scale

That gap is the focus of whynopasskeys.com, a new site created by security researcher Scott Helme to highlight companies that have not yet enabled passkeys for their users. The site tracks major consumer brands that continue to rely on older login methods even as passkeys become the industry standard.

Among the services still without passkey support are Instagram, Netflix and Spotify, according to the site’s data.

Why Passkeys Matter

Unlike traditional passwords, passkeys are generated on a user’s device and linked both to that device and to a specific website or application. Authentication can be completed through biometrics such as Face ID or Touch ID, a hardware security key or a password manager.

Because users do not need to create or remember passwords, opportunities for credential theft, phishing attacks and password reuse are significantly reduced. In most cases, gaining access to an account would require direct access to the user’s device.

Public Accountability As A Pressure Tactic

In a blog post explaining the project, Helme said the goal is to create pressure by making the absence of passkey support visible. “A list is a surprisingly effective motivator. Nobody wants to be on the list,” he wrote.

That approach has already worked elsewhere in cybersecurity: when businesses are publicly compared against peers on basic protections, they often move faster to close the gap. In this case, the list is intended to push platforms to give users a stronger and simpler login option.

The Companies Moving Faster

Many large technology companies have already adopted passkeys, including Apple, Google and Microsoft, reflecting the technology’s growing role in account security.

Implementation, however, remains uneven. Instagram users can currently access passkeys only when their account is linked to a Facebook account that already has passkey support enabled, highlighting differences in adoption even within the same company.

The Bigger Business Question

Meta has not publicly explained why passkeys are available on some of its platforms, including Facebook and WhatsApp, but not fully across Instagram.

Debate within the industry is no longer centred on whether passkeys work, but on how quickly companies are willing to deploy them. As phishing, credential theft and account fraud remain persistent cybersecurity challenges, passkeys are increasingly being viewed not as an optional feature but as an emerging security standard.

Uol
The Future Forbes Realty Global Properties
Aretilaw firm
eCredo

Become a Speaker

Become a Speaker

Become a Partner

Subscribe for our weekly newsletter