The Gauhati High Court ruled that a bank must compensate a customer in cases involving fraudulent online transactions if the bank cannot prove that the customer shared a password, OTP, MPIN, or other information with the cybercriminal (s).
As a result, the court ordered the State Bank of India (SBI) to deposit Rs 94,204.80 in the petitioner’s bank account within 30 days.
Also Read: Assam: President Droupadi Murmu will inaugurate 3000 model Anganwadi Center
The bench of Justice Suman Shyam was hearing a petition challenging an order issued by the Ombudsman, Reserve Bank of India, Guwahati, rejecting the petitioner’s complaint regarding a claim for refund of Rs. 94,204/- made from his bank account on October 18, 2021.
Banking law update : learning lessons from case law.
Bank is liable to compensate customer if It fails to establish that customer negligently shared password, OTP, MPIN, card number resulting into fraudulent transaction.
Hon’ble Gauhati High Court judg…https://t.co/hwOlSRLCeU
— JAYDEEP MEHTA (@mehta_jaydeep) October 13, 2022
The petitioner in this case has a Savings Bank (SB) Account with the State Bank of India (SBI), Guwahati Branch. The petitioner had purchased some garments from the “Louis Philippe” store online and wanted to return them and get his money back.
The petitioner had received a call from a fraudster, who was later identified as respondent no. 4 from the state of Uttar Pradesh, Papendra Kumar.
Posing as the customer care manager of the famous brand “Louis Philippe,” i.e. respondent no. 3, the fraudster asked the petitioner to download a “mobile app” in order to receive a Rs 4000/- refund in lieu of returning a garment previously purchased by him.
The petitioner had installed the’mobile app.’ Soon after, three separate online transactions syphoned off Rs. 94,204/- from the petitioner’s bank account.
The High Court examined Clauses 7 to 10 of the RBI circular, which lays down certain guidelines for customer protection- limiting customers’ liability in case of un-authorized electronic banking transactions- and found that Clause 8 deals with third-party breaches where the deficiency is not with the bank or the customer but elsewhere in the system. According to Clause 6(ii), the customer’s liability in such cases is zero if the customer notifies the bank within three working days of receiving communication from the bank regarding an un-authorized transaction.