- Tuesday, November 19, 2024
The Delhi High Court remarked that the response of State Bank of India was “lukewarm” when the fraud was brought to its notice by the victim
By: Shajil Kumar
THE DELHI high court has directed a public sector bank to restore an amount of ₹260,000 (£2432.90) illegally siphoned from the account of a 55-year-old victim of cyber fraud.
Justice Dharmesh Sharma observed that the State Bank of India (SBI) was guilty of “glaring service deficiency” as its response was “lukewarm, defective, and not prompt” when the fraud was reported to it.
The court also asked the bank to pay an interest of nine per cent per annum on the amount along with ₹25,000 as costs to the petitioner.
The petitioner became a victim of ‘phishing’ and ‘vishing’ in 2021 after he clicked on an unknown link sent to his mobile number, under the threat that his SMS services would be closed.
The petitioner claimed that while he never shared any OTPs received on his mobile number with the offenders, ₹100,000 and ₹160,000 were deducted from his account.
The court observed that customer care services play a crucial role in supporting bank customers with various concerns, including suspicious account activity, but in the present case the response of the bank was “lukewarm” and “not prompt”.
It emphasised that a bank acts as an agent for its customer and upon detecting fraud, the bank has an implied duty to exercise reasonable care and take prompt action.
“In the instant case, respondents No. 2 and 3 (SBI) demonstrated a glaring service deficiency. Despite prompt intimation from the petitioner about the account breach, they showed no urgency.
“Respondents No. 2 and 3 failed to exercise due care, neglecting their duty to act swiftly upon notification of the fraudulent withdrawal. Consequently, they took no steps towards chargeback, retrieval, or freezing the suspicious accounts maintained with IDFC Bank and One97 Communication,” said Justice Sharma in the judgement passed on November 18.
In its judgement, the court said that in terms of RBI’s 2017 circular on “Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions”, the burden of proving the customer’s liability in case of unauthorised electronic banking lay upon the bank, and in the instant case, the record showed that the petitioner had never shared any payment credentials.
The court held that the petitioner was not negligent but a victim of cyber fraud, and the security protocols had been breached by “malware” deployed by the cyber fraudsters.
The court also set aside an order passed by the Banking Ombudsman closing the petitioner’s complaint with payment of one-third of the disputed amount to him and said the bank was liable to compensate the petitioner for his loss. (PTI)
