Dutch court rules that asking clients to share their personal banking security credentials is unlawful

On 30 July 2014, the District Court of Midden-Nederland ruled in preliminary relief proceedings (kort geding) that AFAS Software BV (AFAS) is acting unlawfully and must desist from asking customers of ING Bank NV (ING) to enter their personal internet banking credentials on the website of AFAS in order to log on automatically to the secure online banking environment of ING.

One of AFAS’ products is an online application that provides AFAS customers with an overview of their personal finances. In the latest version of this product, AFAS automatically sets up a link between its personal finance application and the personal online banking environment of ING customers by asking ING customers to enter their personal ING internet banking credentials. After obtaining these credentials, AFAS was able to log on to the secure online banking environment of an ING customer (Mijn ING) and, as a result, was in a position to download the customer’s transaction data. AFAS alleged that this feature made the application more user-friendly as compared with a previous version which did not have the automatic link.

ING instituted summary proceedings against AFAS taking the position that the breach of ING’s secure online banking environment is unlawful for the following reasons. First, ING’s general terms and conditions and the uniform safety standards of the Dutch Banking Association prohibit customers to disclose their personal internet banking credentials to third parties. AFAS in fact urged customers to act in breach of their obligations, while at the same time (or at least in the future) benefiting from it. Second, AFAS created an immediate online banking security risk by asking ING customers to supply their internet banking credentials. Third, AFAS unlawfully used ING’s logo and/or trademark in order to create the impression that (i) its software is safe, and that (ii) ING is in agreement with AFAS’ practices…

Click on the link below to read the rest of the DLA Piper briefing.

Briefings from DLA Piper

View more briefings from DLA Piper

Analysis from The Lawyer

View more analysis from The Lawyer


3 Noble Street

Turnover (£m): 1,539.00
No. of lawyers: 4,374(UK 200)
Jurisdiction: Global
No. of offices: Over 75
No. of qualified lawyers: 625 (International 50)