Press Trust of indiaMumbai: A customer has zero liability when an unauthorized transaction occurs due to a third party breach where the deficiency lies not with the bank or customer but somewhere in the system, the Bombay High Court said on Thursday while directing the Bank of Baroda to refund Rs 76 lakh debited from a company’s bank account fraudulently.
A division bench of Justices Girish Kulkarni and Firdosh Pooniwalla was hearing a petition filed by one Jaiprakash Kulkarni and Pharma Search Ayurveda Private Limited challenging an order passed by the Banking Ombudsman refusing to direct the Bank of Baroda to refund an amount of Rs 76 lakh allegedly transferred from their account through cyber fraud.
The HC bench, which cited a July 2017 circular issued by the Reserve Bank of India, also said Bank Bank of Baroda has a policy called the Consumer Protection Policy (Unauthorized Electronic Banking Transactions) that reiterates the same.
Asserting this was an example of how increasingly innocent persons are becoming victims of cyber fraud, the HC said, “Both as per the RBI circular and the policy of the bank, a customer has zero liability when the unauthorized transactions occur due to a third party breach where the deficiency lies neither with the bank nor with the customer but elsewhere in the system and the customer notifies the bank regarding the unauthorized transactions within a certain time frame.”
Hence, the liability of the petitioners in respect to the unauthorized transactions would be zero as the transactions have taken place due to a third party breach where the deficiency lies neither with the bank nor with the petitioners, the court said.
As per the plea, on October 1, 2022, certain entities/individuals were added as beneficiaries to the petitioner company’s bank account without any OTP sent to the petitioner on the registered mobile number. A day later, on October 2, a sum of Rs 76 lakh was transferred from the petitioner’s bank account to various unknown individuals by way of online transactions.
The petitioners immediately lodged a complaint with the Cyber Cell of the city police and informed the bank manager of the alleged fraud.
The petitioners also sought to know from the bank the steps taken by it to refund the amount as per the directives issued by the Reserve Bank of India in its ‘Customer Protection – Limiting Liability of Customers in Unauthorized Electronic Banking Transactions’ circular of July 2017.
When the petitioners did not receive the refund, they filed a complaint with the bank ombudsman, who in January 2023 rejected their complaint noting that the transactions were done post addition of beneficiaries and input of valid credentials known only to the bank account holders and, therefore, there was no deficiency/ lapse on the part of the bank.
The bench referred to three reports submitted by the cyber cell police which said the beneficiaries were added to the bank account without any message or OTP received on the registered mobile number and email to the registered email account.
“Thus, there was no intimation to the petitioners about adding of beneficiaries and the petitioners only received messages on the registered mobile number when the amount from the bank account was actually debited,” HC said.
The bank told HC that beneficiaries could be added to a bank account only by those who have access to the bank account holders’ confidential credentials. The bank argued that the petitioners’ credentials were compromised from the petitioners’ end itself and, hence, it could not be held liable or at fault.
The court said it was satisfied with the reports submitted by the cyber cell that the petitioners have not been negligent and that there is no collusion of the petitioners with the alleged fraudsters.
The court said it is clear both the bank and the petitioners have been victims of fraud by third party fraudsters.
The court said, as per the RBI circular, the petitioner was entitled to a refund of the amount from the bank and directed Bank of Baroda to refund the Rs 76 lakh amount to the petitioner’s bank account within six weeks.
The bench also noted that the bank ombudsman did not make any proper inquiry and had merely stated the transactions were done post addition of beneficiaries.
