Particle.news
Download on the App Store
6 ARTICLES
·
4d ago

Dresden Court Deems PushTAN Authentication Insufficient, Orders Sparkasse to Reimburse

The decision overturns a previous Chemnitz judgment by applying EU PSD2 requirements to pushTAN, exposing systemic login weaknesses under German law.

Erneut erhalten Kunden der Sparkasse betrügerische E-Mails.
Image
Mit einer perfiden Masche wollen Betrüger Kunden der Sparkasse unter Druck setzen.
Image

Overview

  • The 8th Civil Senate held that the S-pushTAN login fails to satisfy ZAG and PSD2 criteria for strong customer authentication.
  • Sparkasse was assigned 20 percent contributory negligence and must refund €9,884.29 plus interest and €1,119.79 in pre-litigation legal fees.
  • Judges found the customer grossly negligent under § 675l BGB for approving undefined “orders” in the pushTAN app after a phishing attack.
  • By quashing the October 2024 Chemnitz Regional Court ruling, the OLG Dresden establishes a new precedent on banks’ authentication duties.
  • The verdict intensifies calls for banks to adopt robust methods like photoTAN or enhanced app-based multi-factor verification to counter AI-driven phishing threats.