Electronic banking and how courts approach the burden of proof: a comparative discussion Stephen Mason, Barrister Electronic Evidence in Fraud Cases European Criminal Law Association and the Institute of Advanced Legal Studies 5 November 2013 Copyright Stephen Mason, 2013 The challenge There are three aspects that are important that in turn illustrate that some judges and lawyers have struggled with the concept of electronic evidence and continue to do so: (i) The burden of proof. (ii) Attitudes to the evidence: that is, the nature of the evidence of the customer, and the assertions (usually without evidence) made by the bank. (iii) The disclosure of relevant documents, or more accurately, the difficulty (or failure) to get appropriate disclosure. Copyright Stephen Mason, 2013 The burden of proof He who asserts must prove (and now we have the Payment Services Regulations 2009) The bank must prove that it acted within the terms of the mandate Where it relies on the signature of the customer, the bank must prove the transaction was authenticated by the customer’s signature The PIN is the electronic signature of the customer Copyright Stephen Mason, 2013 Judicial assumptions Judges often assume that banks carry on their business competently Comments of Assistant Judge Leif O. Østerbø in Bernt Petter Jørgensen v DnB NOR Bank ASA (2004) (Translated into English: Digital Evidence and Electronic Signature Law Review 9 (2012), 117 – 123) Copyright Stephen Mason, 2013 Examples German case of 5 October 2004 before the Bundesgerichtshof (Federal Court of Justice), XI ZR 210/03, published BGHZ 160, 308-321 (Translated into English: Digital Evidence and Electronic Signature Law Review 6 (2009), 248 – 254) Norwegian case of case of Pål-Gunnar Øiestad (Discussed in Maryke Silalahi Nuth, ‘Unauthorized use of bank cards with or without the PIN: a lost case for the customer?’, Digital Evidence and Electronic Signature Law Review 9 (2012), 95 – 101) Copyright Stephen Mason, 2013 Computers and ‘reliability’ Implicit willingness to assume that banks carry on their business competently Failure to grasp that failures in complex networks of software systems can produce subtle mistakes quite unlike the obvious errors likely to result when a cog falls off a spindle in a cash register The central problem (implicit and explicit): ‘In the absence of evidence to the contrary, the courts will presume that mechanical instruments were in order at the material time’ (Law Commission) Copyright Stephen Mason, 2013 The evidence must be tested Judges have made mistakes by refraining from ensuring that the nature and quality of the evidence is properly tested making erroneous assumptions about the evidence before them that is not warranted Note the unrealistic comments by Stanley Burnton LJ in O’Shea v R [2010] EWCA Crim 2879 at [56]: ‘It is also surprising in the extreme that if the supposed fraudulent webmaster was able to debit the appellant’s credit card account, he did so for such limited amounts and on relatively few occasions. This, is however, a minor point.’ Currently on-going (next stop – Court of Appeal): Shojibur Rahman v Barclays Bank PLC (Clerkenwell & Shoreditch County Court, case number 1YE00364), a transcript of the judgment and the first appeal is published in full with a commentary in Digital Evidence and Electronic Signature Law Review, 10 (2013) 169 – 187 Copyright Stephen Mason, 2013 The correct approach ŽŠ v Lietuvos taupomasis bankas No. 3K-3390/2002 before the Lietuvos Aukšciausiasis Teismas (Supreme Court of Lithuania) (Translated into English by Sergejs Trofimovs, see Digital Evidence and Electronic Signature Law Review 6 (2009), 255 – 262) Copyright Stephen Mason, 2013 Some further reading Noriko Kawawa, ‘The Japanese law on unauthorized on-line credit card and banking transactions: are current legal principles with respect to unauthorized transactions adequate to protect consumers against information technology crimes in contemporary society?’, Digital Evidence and Electronic Signature Law Review, 10 (2013) 71 – 80 Ken Lindup, ‘Technology and banking: lessons from the past’, Digital Evidence and Electronic Signature Law Review, 9 (2012) 91 – 94 Stephen Mason, ‘Debit cards, ATMs and negligence of the bank and customer’, Butterworths Journal of International Banking and Financial Law, Volume 27, Number 3, (March 2012), 163 – 173 Stephen Mason, ‘Electronic banking and how courts approach the evidence’ Computer Law and Security Review, Volume 29, Issue 2, (April 2013), 144 – 251 Wendy Moncur and Dr Grégory Leplâtre, ‘PINs, passwords and human memory’, Digital Evidence and Electronic Signature Law Review, 6 (2009) 116 – 122 Steven J. Murdoch, ‘Reliability of Chip & PIN evidence in banking disputes‘, Digital Evidence and Electronic Signature Law Review, 6 (2009) 98 – 115 Copyright Stephen Mason, 2013 Thank you www.stephenmason.eu