Publications

STJ rules that a bank’s security failure precludes allegation of contributory negligence by the consumer in fraud cases

STJ rules that a bank’s security failure precludes allegation of contributory negligence by the consumer in fraud cases

01/05/2026

In a recent judgment, the Third Panel of the Superior Court of Justice (“STJ”) unanimously held that when a consumer falls victim to a scam resulting from a security failure in the bank’s system, it is not possible to attribute contributory negligence to the consumer.

In the case at hand (REsp No. 2.220.333/DF), a bank account holder (consumer) was induced by a fraudster to install an application on her mobile phone under the pretense that it would restore the security of her bank account. Once installed, an unauthorized loan in the amount of BRL 45,000.00 was contracted, and several subsequent transactions were carried out using those funds. This type of fraud is commonly known as the “phantom hand scam” or “remote access scam”.

After regular procedural developments, the judge upheld the consumer’s claims, recognized the invalidity of the transactions – which clearly deviated from her usual account profile – and ordered the bank to pay BRL 2,000.00 in moral damages, in addition to full restitution of the misappropriated amount (material damages).

The bank appealed, and the appellate court partially modified the judgment, reducing material damages to 50% of the financial loss and overturning the award for moral damages, on the grounds that contributory negligence by the consumer had been established.

The consumer then appealed to the STJ, which issued the decision referenced above, authored by Justice Ricardo Villas Bôas Cueva. The Court held that, for contributory negligence to be recognized, the consumer must have knowingly assumed the risk of suffering harm.

The Justice emphasized that, pursuant to Statement No. 46 of the First Civil Law Conference of the Federal Justice Council (“CJF”), as amended by Statement No. 380/CJF, any reduction of damages based on contributory negligence must be interpreted restrictively, and it requires that the victim consciously assume and increase the risk of loss.

He further noted that banking services are intended to provide greater protection to the consumer’s assets – except in cases involving higher-risk investments. Thus, banks are responsible not only for implementing fraud prevention and mitigation mechanisms but also for continuously improving them. The validation of suspicious transactions outside of the consumer’s usual profile constitutes a defect in service and triggers the financial institution’s strict liability.

Accordingly, the Court concluded that it would be unreasonable to find that the victim, by installing an application based on instructions from someone posing as a bank representative, had consciously assumed the risk of suffering losses. The unauthorized access to the banking application did not result from any negligence on the consumer’s part, but rather from the fraud committed.

In light of these considerations, STJ granted the Special Appeal filed by the consumer, recognizing the bank’s full liability for the material damages incurred. The prior reversal of moral damages was upheld, due to the absence of specific challenge on that point.

Our Dispute Resolution team is fully available to clarify any questions regarding the subject.

Authored by: Olivia Rodrigues Parisi 

Related Posts
Tags