(영문) 서울중앙지방법원 2015.4.21.선고 2014가단5097656 판결

1. The defendant shall pay to the plaintiff 18, 169, 029 won with 5% interest per annum from April 26, 2014 to April 21, 2015, and 20% interest per annum from the next day to the day of complete payment.

2. The plaintiff's remaining claims are dismissed.

3. 3/10 of the costs of lawsuit shall be borne by the Plaintiff, and the remainder by the Defendant, respectively.

4. Paragraph 1 can be provisionally executed.

Purport of claim

The defendant shall deliver to the plaintiff KRW 60,563,431 as well as a copy of the complaint of this case from the next day.

It shall pay 20% interest per annum from the date of full payment.

Reasons

1. Basic facts

A. On June 20, 2008, the Plaintiff entered into a comprehensive passbook loan contract (Account Number********************; hereinafter referred to as the “instant account”) with the Defendant to conduct financial transactions using Internet banking.

B. In the event that the Plaintiff wants to connect the site address searched on the portal site to the Defendant’s Internet banking website on the computers used by the Plaintiff, the person in whose name the Plaintiff was infected with the malicious code that allows the Defendant to access the Defendant’s website managed by him to the most false site.

C. On August 28, 2013, without knowledge of such fact, the Plaintiff accessed the above fraudulent Internet banking site that was searched on the portal site on August 28, 2013, and at the above false site, the Plaintiff determined that the pop-up shop with words such as the “sop-up shop” was an ordinary security strengthening procedure, and entered the Plaintiff’s name, resident registration number, user ID, password, the instant account number, account password, transfer password, and 35 security card number in the subsequent pop-up shop.

D. On August 28, 2013, using the financial transaction information entered by the Plaintiff: around 00: 21:04 of the following day after the Plaintiff’s authorized certificate was reissued, and around 01:23 of the following day: 60,68,091 won (e.g., 45 million won and deposits 15,68,091 won and 15,668,091 won) from the instant account to six accounts, including Kim Young-young (hereinafter “the instant financial incident”).

D. On September 26, 2013, the Plaintiff repaid the loan amounting to KRW 45 million to the instant account. The Plaintiff received refund of KRW 104,60,000, the payment of which was suspended.

[Ground of recognition] Unsatisfy, Gap 1-5 evidence, Eul 40 evidence, the purport of the whole pleadings

2. Determination

A. (1) The occurrence of liability for damages under Article 9(1) of the Electronic Financial Transactions Act

According to the above facts of recognition, the financial accident of this case occurred due to the plaintiff's forgery of the plaintiff's authorized certificate or the use of the means of access, such as the plaintiff's account number, obtained by unlawful means by intrusion on the plaintiff's computer. Thus, the defendant is liable to compensate the plaintiff for damages of KRW 60,563,431, which deducts KRW 104,660 from the amount of damage suffered by the plaintiff pursuant to Article 9 (1) of the Electronic Financial Transactions Act, barring any special circumstance. (2) The defendant's assertion that the scope of responsibility borne by the plaintiff (A) is a summary of the defendant.

Since the instant financial accident occurred due to the Plaintiff’s gross negligence, the Plaintiff, a user, shall bear all the liability pursuant to Article 9(2) of the Electronic Financial Transactions Act and the Framework Agreement on Electronic Financial Transactions.

(B) the existence of gross negligence

Article 9 of the Electronic Financial Transactions Act, Article 8 of the Enforcement Decree of the Electronic Financial Transactions Act, etc. provides that an act of intentional or gross negligence shall be determined by taking into account the following circumstances: (i) the occurrence of financial accidents, such as fabrication of means of access; (ii) the degree of public awareness of such accidents, such as forgery; (iii) the occupation of financial transaction users and the experience of using financial transactions; and (iv) the overall purport of oral arguments in the evidence No. 2013Da86489, Jan. 29, 2014; (iii) the occurrence of serious damage by the Defendant’s e-mail transfer from the date of the occurrence of the instant financial accidents to the 3rd website; and (iv) the occurrence of the instant financial accidents by the Defendant’s fraud from the date of the occurrence of the instant financial accidents to the 2nd page; and (iv) the Plaintiff was negligent in taking account of the frequent damage to the user’s bank’s bank account or the details of the instant e-mail transfer to the Defendant’s website.

However, in full view of the following circumstances acknowledged as a whole in Gap evidence 4 and 5, 70% of the losses incurred by the financial accident of this case was implemented as follows: (i) where the amount of money deposited is at least 300,000 won from June 26, 2012 to be borne by the plaintiff; and (ii) where the withdrawal using the automated device (ROM, ATM, etc.) is delayed for 10 minutes, the average number of transfers was 2.1; and (iii) the rate of transfer of money deposited in excess of 3 million won is 84% of the total number of transfers; and (iv) within five minutes from the transfer of 50% of the total amount of damages incurred by the financial accident of this case was confirmed to have been withdrawn within 10 minutes from the date of the victim’s report or bank’s self-verification account was implemented to detect the suspected account through the victim’s self-verification.

② In the meantime, prior to the implementation of the delay withdrawal system, the media reported that the frauds could avoid the delay withdrawal system by transferring the amount of less than three million won to several or multiple accounts. On the other hand, the relevant agencies expressed their position that the bank monitoring the distributed transfer of less than three million won inside the bank.

③ Since the late withdrawal system came into effect, most financial incidents, such as singing and singinging, occur in the form of distributed transfer from the accounts of victims to multiple relative accounts.

④ The instant financial incident also occurred on August 28, 2013 from around 04 to around 21:17 the same day on August 28, 2013 with the account of Kim Young-young, with a single transfer limit of KRW 1,2 million ( KRW 1.6 million per time to KRW 1.6 million or KRW 2.4 million per time) and from around 21:19 to 22:32,00 won each of the instant accounts, with a total of KRW 60,68,091 ( KRW 1.8,000 or KRW 2.2 million per time) transferred over six times from around 19:19 to March 2, 200, with a single transfer limit of KRW 1,668,09 per time to KRW 1/5 of the withdrawal limit on KRW 1,50 per time within a short time, in the form of two separate accounts over which the withdrawal system does not apply.

⑤ Since the aforementioned media report and delayed withdrawal system came into effect, the Defendant, a financial institution, had been well aware of the methods of decentralization transfer, etc. in order to avoid the delayed withdrawal system, in light of the fact that crimes such as singing, singinging, etc. have continuously occurred during about one year and two months prior to the occurrence of the instant financial accident.

(6) In light of the method of financial transactions, such as general account transfer, and the method of committing crimes, such as singing, etc., which have been continuously occurring after the implementation of the delayed withdrawal system, it is clear that the transaction of less than three million won, which is considerably low compared to the one-time transfer limit, that is, the delayed withdrawal system, is an abnormal transaction to avoid the delayed withdrawal system.

7) Even if it is impossible to prevent the occurrence of losses by the instant financial accidents, at least in the event that such abnormal transfer transactions are repeated, it would have been able to reduce the amount of damage by automatically suspending transfer transactions after a certain number of times or undergoing additional certification procedures (in such cases, it does not seem that the accumulation of database, etc. on connection information, details of transactions, etc. by Internet banking users, unlike the financial transaction detection system). (3) Sub-resolution theory

Therefore, the Defendant is obligated to pay to the Plaintiff the damages amounting to KRW 60,563,431, KRW 18,169,029, which is 30% of the damages amounting to 60,563, and KRW 431, and the damages for delay calculated by each rate of 20% per annum under the Civil Act from April 26, 2014, which is the date of delivery of the copy of the complaint of this case, until April 21, 2015, which is the date of the decision of this case, to the date of full payment.

B. As to the claim for damages caused by breach of contract (1) summary of the Plaintiff’s assertion

In addition to the Plaintiff’s leakage of financial information, the Defendant did not have a system for detecting the same financial transaction as the instant financial accident. The Plaintiff was allowed to engage in smartphone banking operations even though the Plaintiff did not use smartphone banking operations. The IP address used by the Plaintiff at the time of the instant financial accident was designated as a black list from this point of time, and the Internet banking connection was not obstructed even in China, and there was no warning that the security card number was all allowed to be all included in the security card.

Therefore, since the financial accident of this case occurred by the defendant who violated the duty of due care and reasonable care as a good manager based on the financial transaction contract with the plaintiff, the defendant is liable for compensation for the plaintiff's damage caused by the financial accident of this case. (2)

On June, 2012 and October of the same year, each plaintiff's name, resident registration number, e-mail address, credit card number, settlement information, etc. was leaked by the defendant. The fact that the plaintiff's deposit, etc. was transferred to a third party's account after the non-party access from China to the defendant's Internet banking website using smartphone in China does not conflict between the parties, and the financial accident in this case occurred due to abnormal transfer transactions for the purpose of avoiding the delayed withdrawal system.

However, considering the following circumstances acknowledged as a whole in light of the purport of the entire arguments, i.e., ① the instant financial accident occurred around August 28, 2013 after around 10 months from the date of the Defendant’s final disclosure of information, and the information disclosed by the Plaintiff was also included in the information leaked by the Defendant at the time of the instant financial accident, it is difficult to view that the Plaintiff’s information leaked by the Defendant was used at the time of the financial accident, and ② the case where the Internet banking users using existing computers due to the rapid distribution of smartphone are likely to rapidly increase using smartphones, and thus, it is difficult to view that the Plaintiff’s Internet banking connection using smartphones should be prevented solely on the ground that the Plaintiff did not have been listed in the instant financial accident prior to the instant financial accident, and ③ the Defendant’s disclosure of information from around 7th of the financial accident to the point of view that it was difficult for the Plaintiff to find out that there was no legal reasons to prevent the Plaintiff’s use of the electronic financial accident, including the instant financial accident.

3. Conclusion

Therefore, the plaintiff's claim is justified within the above scope of recognition, and the remaining claims are dismissed as it is without merit. It is so decided as per Disposition.