In the case of hackers and viruses attacking online banking, if the bank can prove that its system has taken due precautions, it can be regarded as force majeure, but it is very difficult for banks to prove this now, because there is no legal provision on the security standards and technical standards of online banking in China.
The emergence of online banking has broadened the traditional banking business, and the legal relationship between commercial banks and customers has changed compared with traditional business. According to the current civil laws and regulations, commercial banks may bear the following civil liabilities to customers when conducting online banking business.
technical risk
The biggest advantage of online banking lies in its virtuality. It does not need to consider the physical structure of the bank, but only needs to establish a virtual Internet site. The whole transaction process is almost completed online, breaking through the time and geographical restrictions. However, the realization of this virtuality depends on highly automated technology and equipment. And these complex technologies and equipment can't be absolutely without problems. Therefore, compared with traditional banks, technical risk has become the biggest and most special risk faced by online banks. In the specific online banking business, it often turns into legal risk, which makes commercial banks bear corresponding civil liabilities.
The first is the civil liability for losses caused to customers due to the hardware system problems of online banking.
Hardware system is the material basis of online banking. If the bank has caused losses to the interests of customers due to the technical failure of the hardware system, then the commercial bank will be responsible for the losses of customers. This requires commercial banks to pay full attention to the quality of hardware systems when purchasing hardware systems. If the hardware equipment provided by the hardware system supplier does have quality problems, the commercial bank can exercise the right of recourse from the supplier, but this does not affect the commercial bank's full responsibility for the losses of customers.
The second is the civil liability for losses caused to customers by online banking technology software.
When choosing a software system, commercial banks should make an in-depth investigation on the overall technical capability of technical software to ensure the quality of service to customers. If the network technology ability is not enough to support the operation of online banking, resulting in errors in payment, settlement and other services, causing losses to customers or affecting service quality, commercial banks are obliged to compensate customers for their losses, and customers have the right to ask commercial banks to fulfill their compensation responsibilities. Even if the software is not developed and designed by commercial banks themselves, it should be presumed that commercial banks are at fault in the choice of software and software technology.
Third, commercial banks should bear civil liability for losses caused by customers' operational mistakes.
All hardware systems and software systems are provided by commercial banks, so commercial banks should explain the operation methods of software and hardware to customers in detail. Otherwise, if customers make mistakes and cause losses, commercial banks should bear certain compensation responsibilities for customers' losses according to the size of the mistakes, which will also affect the reputation of online banks and customers' confidence.
Operational risk of safety system
The customer losses caused by the online banking security system here include two aspects: First, the losses caused to customers due to the failure of the security authentication system. Because of the virtual nature of the network, neither party can guarantee the authenticity of the other party's identity, especially when the two parties only communicate through the network. In this case, it is difficult for both parties to establish a sense of trust and security. Therefore, people have developed a practical and effective method to solve this problem in practice, and electronic authentication came into being. In short, electronic authentication is a legally significant service to verify the authenticity of electronic signatures and their signers by a specific institution. In the process of electronic authentication, there is a management organization that associates the electronic signature with a specific person or entity, that is, the Certification Authority (CA). If the safety certification system fails, commercial banks will jointly bear civil legal liability with the party providing certification services. Because banks have the obligation to maintain network security, if they violate this obligation, they will bear civil legal liability within a certain range;
The second is the loss caused by hackers and viruses to customers. In China, almost all online banking service agreements stipulate that in case of force majeure or other circumstances not attributable to the bank, the bank may not bear any responsibility for failing to carry out the customer's instructions. According to the provisions of the Contract Law, if the contract cannot be performed due to force majeure, the liability shall be exempted in part or in whole according to the influence of force majeure. It can be seen that in the event of force majeure, the party who cannot perform the contract cannot be completely exempted from liability.
In addition, the force majeure stipulated in the service agreement is not clear under what circumstances it can be regarded as force majeure. In the new service mode of online banking, many new situations have emerged. For example, a bank's computer system is attacked by hackers and viruses, which makes it impossible for the bank to complete customer instructions. Can it be regarded as force majeure?
In the case of hackers and viruses attacking online banking, if the bank can prove that its system has taken due precautions, it can be regarded as force majeure, but it is very difficult for banks to prove this now, because there is no legal provision on the security standards and technical standards of online banking in China. Even if the bank is not at fault, according to the imputation principle of no-fault liability in civil law, the bank should be responsible to the customer and share some losses of the customer, so as to fully protect the interests of the customer as a relatively weak party. In addition, in case of force majeure, the bank should inform the customer in time to reduce the loss of the customer, otherwise it will bear the civil liability for delaying the notice.
Managing risk
The online banking in China is the product of the combination of traditional banking and high-tech electronic technology. Can the management of online banking adapt to complex network technology? There are risks in the management of complex technologies and systems. If a commercial bank fails to fulfill its serious and prudent obligations in the daily maintenance and management of computer systems and the confidentiality of customers' commercial data, thus causing losses to customers, the commercial bank shall bear civil liability. In addition, managers and operators of online banks also have moral hazard.
To sum up, in order to avoid or reduce the possible civil liability of online banking, commercial banks should strengthen the risk management of online banking. First of all, commercial banks should abide by the national laws, regulations and rules on computer information system security, commercial password management and consumer rights protection when conducting online banking business. Appropriate encryption technology and measures should be adopted to confirm the identity and authorization of online banking users to ensure the confidentiality and authenticity of online transaction data transmission; Active and effective measures should be taken to prevent the online banking trading system from being invaded by computer viruses and hackers, and the system security technology and equipment should be updated in time according to the needs of banking business development.
Secondly, commercial banks should explain and disclose the trading rules of various online banking services to customers in an appropriate way, and explain the trading risks of products and their rights and obligations in specific transactions when customers apply for online banking services.
Finally, commercial banks should formulate and implement comprehensive, comprehensive and systematic business management rules in accordance with relevant laws and regulations, strengthen the training of business and legal knowledge for managers and business operators, establish a professional supervision force for online banking, and equip it with a special online banking audit force to audit online banking regularly.