Portuguese 
English 
Spanish 
4 min of reading 
1 comment 
The Decision Consolidates That Mobile Operators Are Responsible for Security Failures That Allow SIM Swap and the Takeover of WhatsApp by Criminals, Based on the Consumer Defense Code and Objective Liability, Paving the Way for Compensation for Moral and Material Damages and Raising the Standard of User Protection
The Superior Court of Justice has consolidated the understanding that the mobile operator can be held liable when a security failure allows the cloning of the customer’s chip and, from that, the takeover of WhatsApp for fraud applications. This is a defective service that exposes the consumer to concrete risk and produces measurable losses, affecting both moral and financial domains.
In practice, the court recognizes that the unauthorized transfer of the phone line to a new chip by third parties constitutes a serious violation of security duties in the provision of the service. When the failure is proven, the victim is entitled to compensation for moral damages and to full restitution of financial losses associated with the fraud.
What the STJ Decided
The STJ has been stating that operators must ensure robust identification and validation controls before allowing chip swaps.
-
The Senate approves a bill that criminalizes misogyny, hatred, or aversion towards women, and includes the crime in the Racism Law with a penalty of up to 5 years.
-
Chamber Approves Bill That Allows Pepper Spray for Women Over 16 and Imposes Strict Rules for Purchase, Possession, and Use as Self-Defense
-
Chamber Approves Law to Combat Leucaena, Fast-Growing Plant That Dominates Land and Threatens Native Species in Various Regions of the Country
-
Asset Division: Know What Cannot Be Divided in Case of Divorce
If these controls fail and the criminal assumes the line, the service is considered defective under consumer legislation.
The liability is objective, requiring only proof of the nexus between the failure and the damage.
This understanding supports the consumer in scenarios where, after the SIM swap, the fraudster gains access to WhatsApp and impersonates the victim to ask for money from contacts.
In these cases, the operator can be ordered to compensate for moral damages due to distress and reimburse the amounts actually lost.
Security Failure and Defective Service
The cloning of the chip constitutes a serious security failure.
The problem does not lie with the application itself, but with the credentialing process of the operator, which should prevent third parties from obtaining the line.
If the authentication barrier fails, the provision of the service does not meet the expected security standard.
The Consumer Defense Code establishes that suppliers are liable for damages resulting from defects in service provision, regardless of fault.
Thus, it’s not necessary to prove specific negligence of the operator, but rather the existence of the failure that made the fraud and the damage to the consumer possible.
Moral and Material Damages: When They Apply
Moral damages arise from significant distress, the exposure of private life, and the feeling of vulnerability, elements that exceed mere annoyance.
The violation of data security and the phone line affects the dignity of the consumer.
Material damages require evidence of economic loss.
Proofs of transfers, statements, and chat logs are essential for quantifying reimbursement.
If there is proof of disbursement caused by the scam, the mobile operator may be ordered to pay the full difference.
Cloned WhatsApp Is Not Always the Same Thing
It is crucial to distinguish between two scenarios.
In the WhatsApp scam without chip swap, the criminal obtains the verification code through social engineering directly from the victim.
In this case, the liability tends not to fall on the operator, as there was no failure in the telephone service.
In the SIM Swap, the fraudster transfers the line to another chip exploiting a security gap in the operator.
This is the context in which the STJ has held the provider liable, as the fraud is only feasible due to the lack of validation in customer service and internal systems.
What Changes for the Consumer
The STJ’s understanding raises the security standard required.
Operators now have a concrete incentive to reinforce authentication and audit trails, reducing unauthorized portabilities and chip swaps.
For the user, the chance of compensation increases.
Once the service failure is confirmed and the losses demonstrated, the judicial path can ensure compensation for moral damages and reimbursement for financial losses, in addition to pressuring the market to invest in prevention.
How to Protect Yourself in Practice
Activate two-step verification on WhatsApp. It is an additional barrier that blocks attempts to revalidate the app, even if someone takes over the line through SIM Swap.
Maintain active vigilance: distrust requests for money via message, validate through another channel before transferring resources, and do not share verification codes sent via SMS or authentication apps.
What to Do if You Are a Victim
Gather evidence of the incident. File a Police Report, keep service protocols from the operator, screenshots of conversations, and proofs of transfers.
These documents support the request for compensation and the recovery of losses.
Contact the operator immediately and demand the blocking and restoration of the line.
Then, seek legal advice to evaluate the appropriate action, including the demand for moral and material damages, based on the objective liability provided in the Consumer Defense Code.
Great article, thank you for sharing these insights! I’ve tested many methods for building backlinks, and what really worked for me was using AI-powered automation. With us, we can scale link building in a safe and efficient way. It’s amazing to see how much time this saves compared to manual outreach.