In Turkey, banks carry significant responsibilities towards their customers under the principle of trust that governs their operations. According to the Turkish Banking Law No. 5411 and related regulations, banks must meticulously manage their internal control systems, administration, and security measures. Consequently, they are required to implement high-level security protocols to safeguard their customers' personal information and prevent risks such as fraud.
Security and Monitoring Processes in Electronic Banking
Following access to electronic banking systems in Turkey, banks are required to monitor and detect unusual, fraudulent, or potentially fraudulent transactions conducted by their customers. This obligation is explicitly stated in Article 36 of the Regulation on Information Systems and Electronic Banking Services of Banks. The use of passwords sent via SMS or transactions carried out through devices that have completed the mobile activation process does not exempt banks from the responsibility of monitoring these transactions for any signs of suspicion. In this context, banks must implement stricter security measures to ensure the safety of their customers.
Card Payment Systems and the Risk of Fraud
Remote transactions (e.g., mail order, telephone order, e-commerce), where card numbers, expiry dates, and security codes are used, are particularly vulnerable to fraud. Under the Turkish Bank Cards and Credit Cards Law No. 5464, cardholders cannot be held liable for any damages incurred from such transactions. Therefore, Turkish banks are obligated, both by Card Payment Systems rules and relevant legislation, to adopt additional security measures and protect their customers during these transactions.
The Duty of Care and Responsibility of Banks
Under the Turkish Commercial Code No. 6102, banks in Turkey are required to act with the diligence of a prudent merchant in their commercial activities. As institutions that inspire public trust, banks must exercise a higher degree of care in their operations than ordinary traders. The principle of trust implies that banks must act in a manner that preserves the confidence they have established with the public and take all necessary precautions to prevent any potential losses. It is crucial for banks to establish effective security mechanisms and continuously monitor their effectiveness to prevent any such damages.
Fraud and the Responsibility of Banks
In cases of fraud, criminals may use malicious software disguised as official banking applications to steal customers' information and SMS passwords. These types of software can remotely control the infected device, allowing fraudsters to gain unauthorised access to the customer's account. Turkish banks are required to implement effective security measures to protect their customers against such malicious software. Failure to do so would make the banks liable for any damages arising from the unauthorised access to the customer’s information by third parties.
In Turkey, banks are bound by the principle of trust and are therefore obligated to exercise the utmost care in protecting against risks such as fraud. If banks fail to fulfil these responsibilities, they may be held liable for any resulting damages under the Turkish Code of Obligations and other relevant legislation. It is essential that banks continuously review their security processes in electronic banking services and take the necessary steps to ensure the safety of their customers.
At CCS Law, we are here to assist you with our expertise in banking and finance law. If you require legal support or advice regarding your electronic banking transactions, please do not hesitate to contact us.
Disclaimer: This article is intended for informational purposes only and does not constitute legal advice.
#TurkeyBankingLaw #BankingRegulationsTurkey #TurkeyFinancialLaw #ElectronicBankingTurkey #CyberSecurityTurkey #TurkeyConsumerProtection #FraudPreventionTurkey #TurkeyBankingSector