In a landmark judgment that reinforces the responsibility of banks to safeguard customer interests, the Delhi High Court has ruled in favour of the petitioner, Hare Ram Singh, an academician who fell victim to a sophisticated cyber fraud. Justice Dharmesh Sharma directed the State Bank of India (SBI) to compensate the petitioner for the unauthorized withdrawal of ₹2.27 lakh from his account, including interest and legal costs.
Case Background
The case, W.P.(C) 13497/2022, involves Hare Ram Singh, a 55-year-old academician, who was defrauded of ₹2.60 lakh in a phishing and vishing attack in April 2021. The fraudsters manipulated Singh into clicking a malicious link under the pretext of keeping his SMS services active, enabling unauthorized withdrawals from his SBI account. Despite immediate complaints to SBI, no remedial action was taken.
After protracted correspondence and partial reimbursement of ₹33,334 following a Banking Ombudsman (BO) directive, Singh approached the High Court for the restoration of the full amount under the guidelines issued by the Reserve Bank of India (RBI) for limiting customer liability in unauthorized banking transactions.
Legal Issues Addressed
1. Liability of Banks in Cyber Frauds:
Justice Sharma underscored that banks have a fiduciary duty to ensure the security of their systems and safeguard customer interests. The court invoked the RBI’s Master Circular on “Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions” (2017), emphasizing the “zero liability” policy for victims of cyber fraud.
2. Negligence Allegation:
The respondents argued that the petitioner was negligent, asserting that the transactions were authenticated using OTPs. However, the court observed that Singh had neither shared his OTPs nor any sensitive credentials and ruled that clicking a fraudulent link does not constitute contributory negligence.
3. Deficiency in Service:
The court noted the SBI’s failure to act promptly despite Singh’s immediate notification of the fraud. This lapse was deemed a breach of service under both the Consumer Protection Act, 2019, and RBI’s digital payment security guidelines.
Court’s Observations
In a significant observation, Justice Sharma stated:
“A bank cannot refuse to act when alerted about a fraud. The delay in initiating remedial action constitutes gross negligence and deficiency in service, undermining customer trust in the banking system.”
The judgment also highlighted systemic vulnerabilities in two-factor authentication (2FA), which was breached in this case, and called for robust mechanisms to combat phishing and vishing threats.
Key Directives
The court annulled the BO’s earlier order, directing SBI to:
– Repay the full disputed amount of ₹2.60 lakh with 9% interest from April 18, 2021.
– Pay ₹25,000 towards legal costs.
Justice Sharma emphasized that banks must adhere strictly to RBI guidelines and ensure swift remedial action in fraud cases, failing which they risk legal consequences.
Representation
– Petitioner: Advocate Ravi Chandra
– Respondents: Advocate Abhinav Sharma for RBI; Advocates Rajiv Kapur, Akshit Kapur, and Riya for SBI.
