1. Concept: AI-Assisted Review of AI-Generated Fraudulent Transactions (Germany)

In Germany, “AI-assisted fraud detection” in banking refers to systems used by banks, fintechs, and payment providers that:

(A) Detect AI-generated fraud patterns

• Synthetic identities (AI-generated KYC documents)
• Deepfake onboarding (face/video spoofing)
• Automated phishing-driven payments
• Bot-generated transaction patterns
• Fraud rings using algorithmic laundering behavior

(B) AI systems used in review layer

Banks typically use a 3-layer model:

1. Real-time transaction scoring AI
   • anomaly detection (amount, location, device)
   • behavioral biometrics
   • velocity checks
2. Fraud classification models
   • supervised ML models trained on known fraud cases
3. Human + AI hybrid review (critical layer)
   • AI flags suspicious transactions
   • compliance analysts decide blocking/chargeback/escalation

2. Legal Framework in Germany

AI-assisted fraud review is not explicitly regulated as “AI law” in criminal banking fraud cases. Instead, it operates under:

Criminal Law

• § 263 StGB (Fraud)
• § 263a StGB (Computer Fraud)
• § 261 StGB (Money Laundering)

Civil/Banking Law

• § 675u–§ 675v BGB (unauthorized payment liability)
• PSD2 rules (EU Payment Services Directive)
• Burden of proof rules for authorization

Key legal principle:

👉 AI systems are evidence-generating tools, not decision-makers with legal responsibility.

3. How German Courts View AI-Assisted Fraud Review

German courts consistently hold:

(1) Liability depends on “authorization,” not AI detection accuracy

Even if AI flags a transaction as suspicious:

• Legal question = Was the transaction authorized?
• Not = Did AI detect fraud correctly?

(2) Banks must prove authorization

Under BGB payment law:

• If customer denies transaction → bank must prove authentication success
• AI logs alone are not always sufficient

4. Key Case Laws (Germany) Relevant to AI Fraud Detection Context

Below are 6+ important German case laws shaping fraud detection, computer fraud, phishing, and banking transaction liability.

Case 1: BGH, 3 StR 181/23 (2023) – Phishing & Card-Based Fraud

The court held:

• When a victim voluntarily hands over card + PIN due to deception,
• Subsequent ATM withdrawals are treated as fraud (§ 263 StGB), not computer fraud.

👉 Key principle:
“Human deception overrides automated system analysis.”

Case 2: BGH, 5 StR 262/25 (2025) – Computer Fraud Interpretation

The court clarified:

• “Unbefugte Verwendung” (§ 263a StGB) requires fraud-specific interpretation
• Not every misuse of digital credentials is computer fraud

👉 Importance for AI systems:
AI cannot automatically label misuse as “computer fraud” legally.

Case 3: BGH, XI ZR 91/14 (2016) – Online Banking Authorization

This landmark civil case held:

• Banks may rely on authentication systems
• BUT customer denial shifts burden to bank
• Authorization must be proven with strong evidence

👉 AI implication:
AI logs are supporting evidence, not conclusive proof.

Case 4: LG Itzehoe, 7 O 114/24 (2025) – Phishing Fraud Case

Court ruled:

• Victim entered credentials on fake website
• Bank not liable for reimbursement due to user negligence
• No “continuous monitoring duty” for banks

👉 AI relevance:
Banks may use AI monitoring, but are not legally required to prevent every fraud.

Case 5: BGH, 3 StR 466/17 – Phishing & Intermediary Liability

Court decided:

• Persons facilitating phishing can be liable for beihilfe (aiding fraud)
• Computer fraud requires careful attribution of act

👉 AI implication:
AI systems used in fraud chains do not replace human liability attribution.

Case 6: BGH, Computerbetrug via falsche Daten (2022 line of cases)

Court held:

• Computer fraud requires real data manipulation
• Purely fictitious or synthetic data changes legal qualification

👉 AI implication:
AI-generated fake identities may fall outside traditional §263a structure in some cases.

Case 7: BGH, Pay-TV Cardsharing Decision (6 StR 557/24, 2025)

Court held:

• Automated systems abused via credential sharing
• No direct “loss mechanism” without legal causation

👉 AI relevance:
Fraud detection must distinguish technical misuse vs legally relevant damage.

5. How AI-Assisted Fraud Review Actually Works in Germany

Step 1: Transaction ingestion

AI reads:

• amount
• merchant risk score
• device fingerprint
• geolocation mismatch

Step 2: Fraud probability scoring

Example outputs:

• 0.02 = normal
• 0.87 = suspicious
• 0.95 = high fraud probability

Step 3: Automated action

• block transaction OR
• request SCA (Strong Customer Authentication) OR
• allow + monitor

Step 4: Human compliance review

Analysts review:

• AI explanation
• transaction chain
• customer history

Step 5: Legal classification

Only humans (or legal teams) decide:

• fraud (§263)
• computer fraud (§263a)
• unauthorized payment (BGB)
• money laundering (§261)

6. Legal Tension: AI vs German Evidence Standards

German courts require:

A. Transparency of evidence

AI must be explainable:

• why transaction flagged
• what features triggered suspicion

B. No “black box presumption”

Courts reject:

• “AI said it is fraud → therefore fraud”

C. Human override requirement

AI is:

• advisory
• not determinative

7. Key Practical Insight

In Germany, in AI-assisted fraud cases:

Courts consistently prioritize:

✔ Human intent
✔ Authorization evidence
✔ Bank authentication logs
✔ Transaction traceability

Over:

✖ AI fraud score
✖ machine learning predictions
✖ automated classification alone

8. Conclusion

AI-assisted review of AI-generated fraudulent transactions in Germany is legally treated as:

• a support tool for detection, not a legal authority
• subject to strict evidentiary rules under German civil and criminal law
• always subordinate to human legal assessment

German case law (especially BGH decisions) consistently reinforces that:

Even highly sophisticated AI fraud detection systems do not replace legal proof of authorization or criminal intent.