KBC Groupe : reacts to media reports of phishing scams

Reaction

Brussels, 14 June 2021 - 8 a.m.

KBC reacts to media reports of phishing scams

Several media outlets today focus on phishing fraud and explicitly refer to two specific KBC-related cases. These files are currently the subject of legal proceedings. KBC does not wish to conduct the discussions through the press, but reserves its arguments for the court, which must be able to rule objectively and calmly. Therefore, KBC cannot comment in detail on these specific cases. KBC can only confirm that it has filed an appeal in both cases.

However, KBC wishes to clarify its policy on this matter.

Cybercrime is everywhere in society

Cybercrime is a widespread phenomenon and has grown into a societal problem. Fraudsters no longer focus solely on banking channels, but increasingly misuse the trusted brand names of companies and government services. This makes cybersecurity today a shared societal responsibility. Initiatives are already underway at sector level in collaboration with telecom operators, the public prosecutor's office, the police, government authorities and the law to tackle cybercrime in all its dimensions and manifestations jointly - which does not mean that customers do not have to remain alert and aware of the potential risks of fraud. KBC refers in this regard to the many warnings published in various (social) media and forums about this type of fraud so that customers cannot be unaware of it. KBC also publishes such messages on its website.

The legislation assumes that customers themselves must also respect a number of measures and show the necessary healthy suspicion and attention.In addition, the customer has the legal obligation to inform the Bank not only in the event of loss or theft of his card or other payment instrument (e.g. KBC Mobile), but also as soon as he knows or suspects that such instruments are being used unlawfully. For example, the court has already ruled that a payment service user can no longer claim not to be familiar with the phenomenon of "phishing", that he should be suspicious when contacted by strangers regarding his banking business, and that communicating codes is indeed gross negligence.

Pin codes, but also response codes created with a bank card and card reader are strictly personal. Under no circumstances may they be passed on to third parties- let alone strangers - in any way whatsoever.

KBC Cybersecurity: 24/7 monitoring and accessibility

KBC does everything it can to ensure that transactions run safely and to prevent cyber fraud as much as possible. However, criminals are becoming increasingly inventive and professional. KBC therefore does not disclose information on the detection and prevention mechanisms it uses, but points out that it constantly invests in people and resources for intensive monitoring around the clock. In this way KBC succeeds in protecting many customers from fraud, even though they may not be aware of it.

Page 1 of 2

Secure4u, KBC's cybersecurity service, actively monitors all transactions 24/7 to detect fraud and is available 24/7 to customerswho suspect that they are the victim of fraud (also at weekends and on public holidays). Thanks to this extensive monitoring, KBC succeeds in proactively stopping a large proportion of suspect transactions and alerting the customer. 75% of fraudulent transfers (Febelfin figures) could be stopped or recovered in 2020, a percentage that also applies to KBC.

What if the customer did fall victim to phishing?

In many cases where the customer is liable, the bank still manages to recover the funds and pay them back to the customer, but this is separate from any liability. These many cases are not reported in the media, or much less so, which sometimes creates the perception that banks only repay in exceptional cases. In practice, this is not the case.

KBC always looks at complaints about (digital) fraud on the basis of objectively established facts.How was the customer misled? What actions did the customer take or fail to take? Could the customer have noticed something was going on at certain points in the fraud process? Did the customer himself make payments to a fraudster or did a fraudster gain access to his bank application? These facts are analysed case by case before a decision is made.

For background and completeness, a few legal considerations

The legislation (Art. VII.38 WER) provides that the "payment service user" should take all reasonable measures to ensure the security of the payment instrument and its personal security data. In addition, the Customer has a duty to inform the Bank not only in the event of loss or theft of his card or other payment instrument (e.g. KBC Mobile) but also as soon as he knows or reasonably suspects that such instruments are being used unlawfully.

Failure to comply with these security provisions constitutes, where applicable and taking into account the specific circumstances of the case, gross negligence on the part of the customer within the meaning of Article VII.44 WER. The payer shall therefore bear all losses relating to unauthorised payment transactions if he/she has incurred them by acting fraudulently or - whether intentionally or through gross negligence - by failing to fulfil one or more of the obligations set out in Article VII. 38.

The court will therefore assess the facts of a phishing case concretely in the light of the law. In doing so, the court will also test the payment service user's behaviour against the criterion of the assumed behaviour of a normal, careful payer - and this in the same concrete circumstances.

KBC Group NV	Press Office	KBC press releases are available at
Havenlaan 2 - 1080 Brussels	Tel. +32	2 429 65 01 Stef Leunens	www.kbc.comor can be obtained by
Viviane Huybrecht	Tel. +32	2 429 29 15 Ilse De Muyer	sending an e-mail to pressofficekbc@kbc.be
General Manager	Tel. +32	2 429 32 88 Pieter Kussé
Corporate Communication /Spokesperson	Tel. +32	2 429 85 44 Sofie Spiessens	Follow us onwww.twitter.com/kbc_group
Tel. +32 2 429 85 45	E-mail:pressofficekbc@kbc.be	Stay up-to-date on all innovative solutions

Page 2 of 2