Dutch court rules that asking clients to share their personal banking security credentials is unlawful
On 30 July 2014, the District Court of Midden-Nederland ruled in preliminary relief proceedings (kort geding) that AFAS Software BV (AFAS) is acting unlawfully and must desist from asking customers of ING Bank NV (ING) to enter their personal internet banking credentials on the website of AFAS in order to log on automatically to the secure online banking environment of ING.
One of AFAS’ products is an online application that provides AFAS customers with an overview of their personal finances. In the latest version of this product, AFAS automatically sets up a link between its personal finance application and the personal online banking environment of ING customers by asking ING customers to enter their personal ING internet banking credentials. After obtaining these credentials, AFAS was able to log on to the secure online banking environment of an ING customer (Mijn ING) and, as a result, was in a position to download the customer’s transaction data. AFAS alleged that this feature made the application more user-friendly as compared with a previous version which did not have the automatic link.
ING instituted summary proceedings against AFAS taking the position that the breach of ING’s secure online banking environment is unlawful for the following reasons. First, ING’s general terms and conditions and the uniform safety standards of the Dutch Banking Association prohibit customers to disclose their personal internet banking credentials to third parties. AFAS in fact urged customers to act in breach of their obligations, while at the same time (or at least in the future) benefiting from it. Second, AFAS created an immediate online banking security risk by asking ING customers to supply their internet banking credentials. Third, AFAS unlawfully used ING’s logo and/or trademark in order to create the impression that (i) its software is safe, and that (ii) ING is in agreement with AFAS’ practices…
Click on the link below to read the rest of the DLA Piper briefing.
Sign in or Register to continue reading this article
It's quick, easy and free!
It takes just 5 minutes to register. Answer a few simple questions and once completed you’ll have instant access.Register now
Why register to The Lawyer
In-depth, expert analysis into the stories behind the headlines from our leading team of journalists.
Identify the major players and business opportunities within a particular region through our series of free, special reports.
Receive your pick of The Lawyer's daily and weekly email newsletters, tailored by practice area, region and job function.
More relevant to you
To continue providing the best analysis, insight and news across the legal market we are collecting some information about who you are, what you do and where you work to improve The Lawyer and make it more relevant to you.
News from DLA Piper
News from The Lawyer
Briefings from DLA Piper
Health Alert — Julia Clare v Australian Community Pharmacy Authority; Dr Reid v Medical Council of NSW; and more
DLA Piper has released the 22 December 2014 issue of its Health Alert, which focuses on judgments, legislation and reports in the health sector.
The European Court of Justice (CJEU) has handed down a landmark judgment concerning the patentability of stem cells in Europe.
Analysis from The Lawyer
Regulators are ramping up the pressure in the aftermath of recession, leaving firms to compete for compliance and restructuring work
Shearman & Sterling is making its presence felt in the City, squaring up to magic circle firms and looking to muscle in on key relationships. Private equity house Bridgepoint is one outfit that has had its head turned by the US firm.