Will CaixaBank Refund Scammed Money?

CaixaBank can refund money lost to fraud, but only in limited circumstances. The outcome depends on the transaction type, whether the client authorised the payment, and the speed of notification. For unauthorised transactions, CaixaBank investigates and can refund under PSD2 and Spanish law. For authorised transfers made under the influence of fraudsters, the bank may attempt a recall but does not guarantee reimbursement. Spanish court rulings have ordered CaixaBank to refund phishing losses where the bank’s security was found deficient, making civil litigation a viable path even after a bank refusal. Immediate contact with CaixaBank’s 24/7 fraud hotline is the critical first step.

When CaixaBank Is Obligated to Refund

The determining factor is whether the transaction was authorised by the client. Under PSD2 and Spanish payment legislation, CaixaBank is obligated to investigate unauthorised payment transactions and refund where the client did not consent to the operation. The refund request can be submitted through the CaixaBankNow app or at a branch, with a window of up to 13 months from the date of the disputed transaction. For authorised payments – even those made under the influence of fraud – the bank’s obligation is significantly weaker. CaixaBank also distinguishes between card fraud, online banking compromise, and voluntarily confirmed transfers, each carrying different recovery prospects.

Unauthorised Transactions

Where a transaction was executed without the client’s consent – including card fraud, online banking compromise, or operations the client did not confirm – the client’s position is strongest. Under PSD2, the payment service provider must refund the full amount of an unauthorised transaction unless it can demonstrate gross negligence or fraud on the part of the client. CaixaBank instructs clients to immediately contact support and block the card upon any suspicion of fraud. A victim of account takeover or card theft who could not have prevented the unauthorised access through reasonable care is not considered to have acted with gross negligence. The burden of proving gross negligence lies with the bank.

Authorised Transfers Made Under the Influence of Fraudsters

Where the client confirmed the transfer themselves – through 2FA, SMS code, or app approval – even if they were deceived through investment scams, spoofing, or social engineering, the transaction is classified as authorised. CaixaBank is not obligated to compensate the loss automatically. The bank may initiate a recall request and contact the recipient bank, but the recipient bank is not obligated to freeze or return funds without a court order. CaixaBank explicitly warns that fraudsters use spoofed calls, SMS messages, and fake websites to convince clients to authorise payments. Where the client entered credentials or confirmed codes in response to such schemes, the bank’s position on refund may be more restrictive.

Card Fraud

For card fraud – unauthorised card transactions including stolen card data and cloned cards – the probability of recovery is highest. CaixaBank provides immediate card blocking through the CaixaBankNow app, branches, and the 24/7 fraud hotline. After blocking, the bank initiates an investigation of the disputed transaction. The chargeback mechanism through Visa or Mastercard applies to fraudulent card transactions under payment scheme rules.

When CaixaBank Refuses a Refund

CaixaBank may refuse a refund in several situations. First – the client entered credentials or payment data themselves on a phishing or smishing site, and the bank classifies the subsequent transaction as authorised or the result of gross negligence. Second – the client confirmed a transfer to a fraudster through 2FA, SMS, or app approval. Third – the client disclosed PIN, SMS codes, or app approval credentials to third parties. Fourth – the fraud was reported too late, reducing the bank’s ability to block or recall the payment. A refusal by CaixaBank is not final – the client is entitled to escalate through the bank’s formal complaints procedure and, critically, through Spanish civil courts where judicial precedent supports fraud victims.

Spanish Court Rulings – Civil Litigation as a Recovery Path

Spanish courts have ordered CaixaBank to refund fraud losses in documented cases. In one ruling, a court required CaixaBank to return €1,500 stolen through a phishing attack, finding that deficiencies in the bank’s security system contributed to the loss. This precedent is significant because it demonstrates that even where the bank refuses a refund through its internal procedures, civil litigation in Spanish courts can result in a court-ordered reimbursement. The court assessed whether the bank met its security obligations under PSD2 and Spanish payment law, including adequate authentication procedures and transaction monitoring. Where the bank’s systems are found deficient, the court may hold the bank liable regardless of the client’s role in the fraud.

Immediate Steps After Discovering Fraud

Step 1 – Contact CaixaBank Immediately

CaixaBank’s fraud hotline operates 24/7: +34 93 887 25 25 and 900 40 40 90. The client should also use the CaixaBankNow app to block cards and banking access. Branch visits and contact with a personal manager are additional channels. CaixaBank explicitly recommends acting immediately upon any suspicion of fraud – the speed of notification directly affects recovery prospects.

Step 2 – Block Cards and Banking Access

All compromised cards and online banking access must be blocked immediately through the CaixaBankNow app, by phone, or at a branch. This prevents further unauthorised transactions and is the first action CaixaBank instructs clients to take. The refund request or dispute should be submitted through the app or at the branch after blocking.

Step 3 – File a Police Report

In parallel with notifying CaixaBank, a criminal complaint (denuncia) should be filed with the Spanish National Police (Policía Nacional), Civil Guard (Guardia Civil), or through the online reporting platform. The police report is an essential evidentiary document for both the bank’s internal investigation and any subsequent legal proceedings. For cybercrime, reports can be directed to the relevant cybercrime unit (Grupo de Delitos Telemáticos).

Step 4 – Preserve All Evidence

All correspondence with the fraudster, phishing emails, SMS messages, screenshots of fake websites, transaction confirmations, recipient IBANs, and any other supporting materials must be preserved without alteration. Digital evidence forms the foundation for CaixaBank’s internal review and any subsequent regulatory or judicial proceedings.

Step 5 – Submit a Formal Complaint and Consider Litigation

Where CaixaBank refuses the refund, the client should submit a formal complaint via email to servicio.cliente@caixabank.com or by post to Calle Pintor Sorolla 2–4, 46002 Valencia, Spain. If the complaint is not resolved satisfactorily, the dispute can be escalated to the Banco de España complaints service. Given Spanish court precedent ordering CaixaBank to refund phishing losses, civil litigation is a viable and documented recovery path.

Alternative Recovery Mechanisms

Banco de España Complaints Service

Where CaixaBank’s internal complaint does not resolve the dispute, the client can file a complaint with the Banco de España complaints service (Servicio de Reclamaciones). The Banco de España reviews whether the bank complied with its obligations under payment legislation. While the complaints service does not order refunds directly, its findings carry weight in subsequent legal proceedings and create regulatory pressure on the bank.

Complaint to the CNMV

For investment-related fraud, a complaint to the Comisión Nacional del Mercado de Valores (CNMV) is available. The CNMV supervises investment services and can investigate whether regulated entities or unauthorised firms were involved in the fraud. This channel is particularly relevant for investment scam cases where the client was induced to transfer funds to fraudulent investment platforms.

Civil Litigation

Civil proceedings against CaixaBank are available under Spanish and EU law where a breach of PSD2 obligations is proven, Strong Customer Authentication was not applied, suspicious transaction patterns were ignored, or fraud notifications received an inadequate response. Spanish court rulings ordering CaixaBank to refund phishing losses demonstrate that judicial recovery is an established and successful path. Civil proceedings against the fraudster are available in parallel where the fraudster is identified. The European Account Preservation Order (EAPO) enables the freezing of the fraudster’s assets across all EU member states simultaneously.

Criminal Proceedings

A criminal complaint filed with the Spanish National Police, Guardia Civil, or the cybercrime unit (Grupo de Delitos Telemáticos) initiates an investigation in which law enforcement authorities gain access to bank records, IP logs, payment system data, and telecommunications operator records. Criminal investigation is the primary tool for identifying anonymous fraudsters and tracing the movement of stolen funds across jurisdictions.

CaixaBank Contact Details for Fraud Enquiries

CaixaBank operates a full-service banking infrastructure with branches, phone support, online banking, mobile app, and personal managers across Spain. Head office: CaixaBank S.A., Calle Pintor Sorolla 2–4, 46002 Valencia, Spain. Fraud hotline (24/7): +34 93 887 25 25 / 900 40 40 90. Main channels: CaixaBankNow app, branch network, personal manager. Formal complaints email: servicio.cliente@caixabank.com. Postal complaints: Calle Pintor Sorolla 2–4, 46002 Valencia, Spain. Escalation: Banco de España complaints service. Investment fraud: CNMV.