The 2024 Black Friday became a fertile ground for financial scams, with fraud increasing by 66% and losses exceeding R$ 1.2 billion, according to Febraban. Among the most common are phishing, which is a scam where criminals impersonate companies or banks to obtain personal data and passwords, card cloning, fake payment slips, and fraudulent online stores that exploit the high volume of purchases to deceive consumers and bypass banking security systems. The central challenge of the period is determining when the bank should reimburse the consumer and when the responsibility falls solely on the victim.
The Judiciary faces the challenge of differentiating failures in banking systems from the exclusive fault of the consumer. Recent decisions by the Superior Court of Justice and regional courts reinforce that banks are only held liable when there is proven failure in their security mechanisms or a direct link to the fraud, as provided for in the Consumer Defense Code and Precedent 479. Cases such as those investigated in Operation "Engodo" in Ribeirão Preto demonstrate the sophistication of the scams: the operation dismantled a gang that used "mule" accounts and PIX transfers to carry out fraud during Black Friday, highlighting the complexity of assigning responsibility.
Danilo Limoeiro, CEO of Turivius, a platform specialized in jurimetrics, explains that the analysis of millions of court decisions allows for the identification of patterns in bank liability. “Courts usually order reimbursement only when there is a proven failure in the bank's systems. This means that, in most cases involving phishing or other external scams, the responsibility ultimately falls on the consumer. It is a delicate balance between protecting the customer and recognizing when the bank acted correctly,” he states.
According to Limoeiro, dates like Black Friday increase the complexity of fraud, making it more difficult for the Judiciary to define the boundaries between customer fault and financial institution responsibility. “The major challenge during these periods is balancing consumer protection with the effective responsibility of banks. Not every fraud generates an obligation to reimburse, but customers expect maximum security in their transactions,” he states. He emphasizes that, although common sense pressures banks to reimburse all losses, the legal reality requires proof of a failure in security systems or a direct link to the fraud.
The expert reinforces that the scenario requires redoubled attention from both consumers and financial institutions. “Banks need to continuously invest in prevention technologies and strengthen communication with customers to warn them about potential risks. At the same time, consumers should adopt simple but effective measures, such as two-factor authentication and carefully checking websites and links before completing any payment,” he concludes.
