In its decision, the Commission held SBI liable for the damage suffered by the complainants and at the same time allowed the bank to recover the amount lost from the salaries of the responsible employees.

A six-year-old couple won a lawsuit against the State Bank of India (SBI) in the Gondia District Consumer Disputes Redressal Commission, setting a precedent for victims of unauthorized banking to get civil remedies even if the police investigation has not yet been completed. The Consumer Commission, in its resolution dated August 10, 2021, instructed SBI’s Gondia branch to reverse the contested transaction of Rs 18.36 lakh on the couple’s account.

Online fraud and ATM fraud form a big part of cybercrime as digital banking is quickly finding its way into our lives. That is what Parliament said in February of this year Above 2.9 lakh Online Safety Incidents related to digital banking were reported in 2020. Many of these cases are unsuspecting consumers who, by the way, are unfamiliar with technology and are tricked by criminals into revealing their confidential information such as OTP and bank account details. The redress mechanism available to victims has not kept pace with the sophisticated nature of these crimes, leaving them with very few options to remedy and regain their losses.

What was the complaint about?

The fact-finding order (a copy of which has been viewed by MediaNama) stated that the problem began when Dr. Suresh Katre, 65, received a text message on his phone that said, “Your SBI account will be today 20/19/11. due to an incorrect date of birth verified on your bank account. For a reactive upgrade to Fully KYC (Know Your Customer), click on the link below immediately by visiting the online shop “

  • Dr. Katre believed the link was genuine because he submitted his KYC documents for review earlier in the day and thought the bank had sent the text.
  • He clicked the link, updated his date of birth and shared the details of the savings accounts of his wife, Minakshi Katre, who was 61 at the time.
  • Then she received a message about the successful account activation and an SMS with an OTP from an unknown number
  • They were then informed that their netbanking passwords were changed that afternoon.
  • Minakshi received three text messages at 11:35 p.m. 11:36 p.m., 11:37 p.m. at night and three messages at 12:02 p.m., 12:04 p.m. and 12:07 p.m. This news informed them of withdrawals of Rs.199,800 on each of these six transactions.
  • On November 22, 2019, she learned of withdrawals of Rs 88,000, Rs. 1.99.800, Rs. 1.99.800 and Rs. 1.50,000 from another account within minutes. The total amount withdrawn now was 18, 36, 400 rupees.
  • The couple realized something was wrong and reported the matter to the branch to request a freeze on the beneficiary’s account.
  • They submitted an FIR (initial information report) to the Gondia police station, stating that the bank did not provide any information about the beneficiary and that this lack of cooperation amounted to a “lack of service”.
  • They said the bank failed to recognize the suspicious transactions that occurred at odd times of the day at “uncharacteristic speed”.
  • They claimed at the time that confidential information about Dr. Katre’s efforts to update KYC documents have been compromised by the bank.
  • They concluded that the bank failed to provide dynamic fraud detection and prevention mechanisms that caused the loss.

“These omission and inspection acts of the SBI, which is one of the leading banks in India which has all the technological innovations, not to respond to the complainant’s request for detailed transaction information of the complainant’s accounts and not to initiate any proactive measures solely upon receipt of the report of alleged activities on the complainant’s account represent the most serious lack of service according to the guidelines and norms of the banking industry ”- said the complaint.

Commission orders

The quorum of the commission consisted of Bhaskar B. Yogi (President) and Sarita B. Raipure (Member).

  • The court held SBI liable for the damage suffered by the applicants.
  • Accordingly, she directed the bank to reverse Rs’ controversial transaction. 18.36.400 with a single interest rate of six percent from November 22, 2019 to plaintiff
  • It ordered compensation of 25,000 rupees from the bank to complainants “for causing psychological distress and suffering”.
  • It instructed the bank to pay Rs 10,000 to cover legal fees the couple had incurred
  • It also enabled the bank to recover the lost amount from the salaries of officers and employees responsible for “breaches of duty” that resulted in the bank’s loss. This can be done after an internal request has been made.

Attorney Mahendra Limaye, who represented the couple, told MediaNama that when people become victims of cybercrime, they are unaware of the tools available to them. “They think that filing a complaint with the police is all they can do, and even the police are not seriously investigating the complaint.”

He also added that most cybercrimes involve an element of victims’ negligence, either due to ignorance or ignorance, or due to circumstances that are then used against victims to blame them for their mistake.

“This judgment tells the victims that they don’t have to worry about being held responsible for their negligence. The victims did not ask to be pushed with digitization and to fall into the trap of cyber criminals. There needs to be a mechanism for banks to detect these scams for the safety of the account holders, in addition to prompting customers to exercise due diligence. ”Attorney Limaye said.

Findings & observations by the commission

negligence

The commission said that the bank is heavily based in its reasoning Circular from RBI from 07/06/2017 with the proviso that the customer for the damage caused by negligence from a customer, for example where he shares the payment information.

The panel examined the definition of negligence and suspected that it was more an accident as the complainant’s negligence.

Deficiencies in the service of the bank

The commission also visited the SBI website and took screenshots indicating that information such as account number, CIF number and branch code is mandatory for new users. But the complainant only shared his Date of birth and OTP and not account and CIF number.

Just two people the complainant and the bank (institution) are aware of the above details and if the complainant received a call and link on the same day and the number specified in the KYC application when he submitted KYC documents, it is evident that the Confidential information is only passed on by the employees of the bank, ”stated the panel. It also said:

“Unless the bank can either fulfill an express condition in the contract with its customer or a clear confirmation to the court. It will not be possible to save the bank from its liability. Banks do business for their benefit. Customers also benefit from it. If banks should insist on it extreme care by the customers with a meticulous inspection of the savings book and the bills they have transmitted, no bank can maybe Profitable business. It is common knowledge that the entries in the savings books and account statements transmitted by the bank are either illegible, decipherable or readable. There is always an element of trust between the bank and its customer. The bank’s business depends on this trust. ” Emphasis delivered

It concluded: “After the complaint was filed citing specific incidents of unauthorized withdrawals, it was the bank’s duty to conduct the necessary review of the matter rather than washing its hands off the entire episode. Obviously there is a lack of performance by the bank towards the consumer / complainant. “

Burden of proof

“The burden of proof of the customer’s liability in the case of unauthorized electronic banking target lie on the bench. ”Declared the Commission.

  • Banks have an extensive network and can help customers with fraudulent online transactions, the commission said.
  • It is said that banks can stop payments to protect customers’ interests and identify fraudsters as an account can only be opened after Aadhar verification and PAN card details requirements.
  • Banks don’t help customers even if they can track down villains. The commission concluded that employees passed on customer data to criminals because the fraudsters knew details about customer accounts at various banks.

Dr. Suresh Katre, the complainant, told MediaNama that after the order, he was relieved that the criminals had cheated a huge amount.

“Banks should be more vigilant about unauthorized transactions on customer accounts and notify them immediately if they see suspicious activity. You should also keep track of where the money is going and compare it to the client’s historical records to see if there is any discrepancy, ”said Dr. Katre.

also read:

Do you have anything to add? Post your comment and give someone a MediaNama as a gift subscription.