The Bombay High Court in a recent case of Jaiprakash Kulkarni & Anr v the Banking Ombudsman & Ors has directed the Bank of Baroda ("Bank") to refund an amount of Rs 76.9 Lakh, which was fraudulently debited from the customer's account with an interest of 6% per annum.
Brief Facts:
An amount of Rs 76.9 Lakh was debited from the Petitioners' current account which was maintained with the Bank. The Petitioners claimed that they did not receive any message/s or email/s when beneficiaries were added in the net banking system linked to the account and that 20 messages of account debit were only received within a short spam of 13 minutes when the amounts were fraudulently transferred to these beneficiaries. Bank Manager of the Bank and Cyber Cell at Worli Police Station ("Cyber Cell") were informed within an hour of the Petitioner becoming aware of the illegal transactions. The Petitioners had also approached the Banking Ombudsman, when the Bank and Reserve Bank of India refused to refund the amount. Vide its order dated 10 January 2023 ("Impugned Order"), the Banking Ombudsman rejected the complaint of the Petitioners on the sole ground that there was no deficiency/lapse on part of the Bank. Aggrieved by the same, the Petitioners had filed the present Writ Petition before the Hon'ble Bombay High Court.
Contention of the Parties:
The Petitioners, with the help of reports filed by the Cyber Cell, established that they did not receive either message/s or email/s when the beneficiaries were illegally added and the amount was transferred to these beneficiaries without any intimation to the Petitioners. This information was availed by the Cyber Cell from Airtel and Rediffmail upon directions to procure the same by the Hon'ble High Court while hearing the Petition. Vide the said reply, it was derived that on the given date of adding beneficiaries, the registered number/email of the Petitioner did not receive any intimation via email or OTP which was required for adding beneficiaries in the account for making the payments and that on the date of transactions, only emails of account being debited and 3 messages of OTP, which OTP's were not shared by the Petitioner with anyone. On the contrary, it was the explicit stand of the Bank that the Petitioners were intimated by email when the beneficiaries were added and that the Petitioners were acting in collusion with the alleged fraudsters, who were added as the beneficiaries. The Bank took such a stand after obtaining a report from their IT Operations Team wherein it was shown that emails notifications were released from the servers of Bank to the email id of the customer. However, the email domain Rediff vide its email clarified that on the date of adding the beneficiaries, the registered email domain of the Petitioner did not receive any emails as alleged by Bank.
The Reserve Bank of India in its Reply established that, according to RBI Circular dated 6 July 2017,a customer has zero liability when the unauthorized transactions occur due to a third party breach where the deficiency lies neither with the bank nor with the customer but elsewhere in the system i.e third party and the customer notifies the bank regarding the unauthorized transactions within a period of 3 days from receiving communication of such a transaction.
Held:
After considering rival submissions, the Bombay High Court held that the Banking Ombudsman did not make any proper inquiry as to whether the debit transactions that had taken place were made with the prior authorisation of the Petitioners. As the Petitioners were not intimated either on message or email about the addition of beneficiaries, the Impugned Order was set aside and the Bank was directed to refund to the Petitioner an amount of Rs 76.9 Lakh within a period of six weeks from the date of pronouncement of this Order with interest at the rate of 6% per annum from date of unauthorized transaction till date of payment. It was also noted that the Petitioners had informed the Bank within 3 days from becoming aware of the debit transactions.
MHCO Comment:
The view taken by the Bombay High Court would set a landmark precedent as it is in the interest of innocent persons, who fall prey to Cyber Fraud at an increasing rate. At the same time, the law requires that such victims should approach the bank within 3 days and, therefore, rewards the vigilant. The Order further sets a model precedent for the Banking Ombudsman and the banks to follow in future cases of Cyber Fraud.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.