What should I do if my bank details have been stolen? Complete guide

¿What should I do if my bank details have been stolen? Being a victim of bank account theft is one of the most stressful and delicate experiences you can experience in today's digital age. Advances in technology and the proliferation of online banking have brought with them new vulnerabilities that cybercriminals exploit to carry out scams and misappropriate other people's funds. The good news is that there are clear steps and legal rights you can exercise to recover your money and minimize damages.

In this article, we'll explain in detail and in an accessible way how you should act if your bank details have been stolen, what rights you have, what procedures exist for filing a claim, how the bank's liability works, and what measures you can take to protect yourself in the future. We also cover the differences between card types, advice from organizations such as the Bank of Spain and the Spanish Data Protection Agency, and answer frequently asked questions based on the most up-to-date and relevant information on the Spanish market.

What bank data theft entails and how it usually occurs

Bank account theft can occur in many ways, although the most common are phishing (fraudulent emails or SMS), phone spoofing, and information leaks due to security breaches. Criminals use increasingly sophisticated techniques to impersonate banks, government agencies, or companies to obtain your passwords, verification codes, or simply manipulate them to gain access to your accounts.

Sometimes, scams occur by redirecting victims to fake websites that simulate official online banking or by making phone calls pretending to be bank employees. Access is also common through computer viruses or fraudulent use of ID data, with the aim of carrying out transactions in the client's name.

In all cases, the result is the same: Scammers can make charges, transfers, request credit, and even empty accounts or make unauthorized purchases without the owner's consent.

Cybercriminals are increasingly taking advantage of the immediacy and trust generated by digital and mobile communications, making it vital to exercise extreme caution and know how to identify suspicious behavior.

Bank liability: what the law and jurisprudence say

In Spain, both the Payment Services Law and Royal Decree 19/2018 establish that banks are responsible for returning money stolen in unauthorized transactions, unless they can prove gross negligence on the part of the customer. In other words, the regulations are designed to protect the consumer, and the burden of proof falls on the banking institution.

This means that, unless the bank can prove that the user shared their passwords or acted obviously carelessly, it will have to reimburse the stolen amount, plus the corresponding legal interest. This is supported by case law, including rulings from the Supreme Court, which hold that being a victim of criminal fraud does not, per se, imply gross negligence on the part of the client.

The obligation to repay the money is considered objective, which means that Even if the bank argues that there was some negligence, it must prove that this was truly significant and decisive for the fraud.

Furthermore, banks have a duty to maintain advanced security systems, such as two-factor authentication, and must monitor the proper functioning of their online banking. When a security breach or malfunction occurs, the risk falls on the bank, not the customer.

First steps after detecting the theft of your bank details

If you realize your banking information has been stolen or suspicious charges have been made to your accounts, it's critical to act quickly and accurately. This will help minimize damage and increase your chances of recovering your money.

• Immediate report to the police: Go to a National Police station or Civil Guard barracks as soon as possible to file a report about the incident. This report will be essential to support your claim with the bank and other agencies.
• Urgent communication with your bank: Inform your bank of the incident as soon as possible, detailing the unauthorized transactions and providing a copy of the report. Request that the affected cards and accounts be blocked or canceled, and ask for immediate reimbursement of the stolen amounts.
• Changing passwords and strengthening security: Change all your online account passwords and enable two-factor authentication if you haven't already. This is essential to cut off access to scammers and prevent further fraud.

At the same time, you can notify the Spanish Data Protection Agency (AEPD) if your personal information has been compromised, so they can investigate the misuse of your data and provide guidance on your rights.

How to complain to the bank: detailed steps and practical tips

A formal complaint to the bank should be initiated as soon as possible, and all communication should always be in writing or recorded. Below we explain the most effective steps:

1. Official submission of the claim: Send a letter to your bank's Customer Service Department, explaining the facts, attaching the police report, and requesting reimbursement of the stolen funds. Demand a written response.
2. Documentación complementaria: It's a good idea to provide bank statements, suspicious emails received, screenshots, or any evidence that supports your version and demonstrates that there was no consent in the transactions.
3. Claim to the Bank of Spain: If you don't receive a response within two months or the bank rejects your request, you can file your complaint with the Bank of Spain. Their report is not binding, but it can be very useful as evidence in subsequent proceedings.

Don't forget to keep all documentation and insist on your rights, as the law and the courts generally favor those affected by bank fraud, especially if they acted diligently and reported the fraud promptly.

Gross negligence: when the bank can refuse to return the money

The only case in which the entity can avoid its obligation to reimburse is when it proves that the customer was grossly negligent. Some examples could be:

• Providing bank details and passwords to third parties in a reckless and obvious manner.
• Failure to report theft or fraud for an excessively long period of time, causing further damage.
• Using infected devices without protection or sharing passwords publicly.

Falling for phishing scams or being the victim of a fake website pretending to be the bank's own is not considered gross negligence or the customer's fault. Case law has repeatedly established this. Therefore, if you acted in good faith and reported the incident quickly, the bank should not refuse to compensate you.

Differences between credit cards and debit cards in case of fraud

In the event of card data theft, there are legal differences depending on the type of card affected:

• Credit card: The Fair Credit Billing Act (FCBA) limits cardholder liability to a maximum of $50 (in the European Union, the amount may vary, but most banks offer “zero liability” in practice), provided you report the fraud promptly.
• Debit card: The Electronic Funds Transfer Act (EFTA) protects you, but if you don't report the theft or fraud within two business days, you could be liable for up to $500 (or the equivalent in euros) in fraudulent charges.

In any case, it's safer to use a credit card for online payments and never store financial data on shared or unsecured devices.

The importance of safeguarding personal and banking data

The use of ID, electronic signature, and other personal data is frequently required in many online transactions, and leaking it can lead to bank identity theft or fraudulent contracting of loans and services. It is essential that you strictly safeguard all personal documents and, if you suspect unauthorized access, contact both your bank and the Spanish Data Protection Agency.

• In case of theft of identity documents: File a complaint immediately and notify the financial institution so they can take additional precautions.
• Consult the Risk Information Center: If you suspect credit has been opened in your name, check your credit situation and promptly report any irregularities.

Don't underestimate the importance of personal data: criminals can use it to operate in your name and cause serious financial and legal harm.

Organizations and resources to help those affected

In these types of situations, there are various organizations and entities that can guide you and help you solve the problem:

• The police and the Civil Guard: They act in the prosecution of cybercrimes and are responsible for the investigation following the complaint.
• Spanish Data Protection Agency (AEPD): They can guide you through your rights, investigate misuse of your information, and help you file a complaint.
• Customer service and banking customer protection: Banks must have a specific service to handle these cases.
• Consumer protection organizations: Associations such as FACUA or specialized law firms can provide advice and assistance with claims.
• Credit bureaus and identity monitoring: Specialized companies can help you monitor your financial history and detect irregular transactions.

Additional recommendations to prevent and react to future fraud

In addition to legal and administrative steps, it's important to take a proactive approach to strengthening your security and reducing risks:

• Do not provide passwords or bank details through suspicious emails or links.
• Be wary of calls or messages pretending to be from your bank and asking for sensitive information.
• Keep your devices up to date and use quality antivirus and firewalls.
• Change your passwords periodically and make them unique for each service.
• Make sure the websites where you enter your data are official and use secure encryption (https).
• Check your bank accounts frequently and report any unusual activity.
• Consider signing up for identity and credit monitoring services if you have recurring suspicions of fraud.
• How do I block my bank app if my phone is lost or stolen?

Finally, remember that banks never request confidential personal information via email or phone, and if you have any questions, it's always best to contact your branch or customer service directly.

Dealing with a bank account theft can be overwhelming, but by knowing your rights, acting quickly, and following the proper procedures, you can limit the damage and recover your money in most cases. The law supports consumers and requires banks to be up to the task when it comes to security; if you act in good faith and report fraud promptly, you'll have a good chance of receiving a response from the bank. Staying informed, being cautious with your data, and strengthening your digital education are the best tools to prevent these crimes and protect your assets from cybercriminals. We hope you now know What should I do if my bank details have been stolen?