Can the online depositor hold the online bank liable?

Yes. The online depositor can hold Union Bank liable in this case for
failure to follow the strict implementation of security features of online
banking in preventing fraudulent transactions in digital banking.
Republic Act No. 84841 provides under Section 9 (i) the prohibited act
of disclosing any information imprinted on the access device, such as, but
not limited to, the account number or name or address of the device holder,
without the latter's authority or permission and paragraph (n) effecting
transaction, with one or more access devices issued to another person or
persons, to receive payment or any other thing of value.
It could be gleaned from the facts of the case that our client received
emails from the bank asking important information about his account
which later on resulted to his successful fund transfer. The initial email
only aims to update the account. In actual practice, bank don’t actually ask
for this information through online or phone call. It is usually done inside
the bank.
Section 99 of Republic Act 73942 provides that:

The service supplier is liable for redress, independently of fault,

for damages caused to consumers by defects relating to the
rendering of the services, as well as for insufficient or
inadequate information on the fruition and hazards thereof.

The service is defective when it does not provide the safety the
consumer may rightfully expect of it, taking the relevant
circumstances into consideration, including but not limited to:

a) the manner in which it is provided;

b) the result of hazards which may reasonably be

expected of it;

c) the time when it was provided.

1
Access Devices Regulation Act of 1998
2
Consumer Act of the Philippines
 A service is not considered defective because of the use or
introduction of new techniques.

The supplier of the services shall not be held liable when it is

proven:

a) that there is no defect in the service rendered;

b) that the consumer or third party is solely at fault.

In relation with the aforementioned laws, the bank has failed to

provide the due diligence required by law in providing strong safety
features in securing bank transactions and preventing fraud in online
banking.
As provided under Section 33 of RA 8792 3 (c) Violations of the
Consumer Act of Republic Act No. 7394 and other relevant to pertinent
laws through transaction covered by or using electronic data messages or
electronic documents, shall be penalized with the same penalties as
provided in those laws. Therefore, the bank cannot escape liability in a case
where the safety of their clients is at risk. They must always make sure that
all online transactions are safe and secured especially now that with the
advent of technology and the risk of the pandemic, many are already
shifting to online transactions than ever before. It is only imperative that
security concerns must be one of their top priorities.

3
E-Commerce Act of 2000