Complaint No.

CC/109/2019 1

BEFORE THE HON’BLE DISTRICT CONSUMER DISPUTES

REDRESSAL COMMISSION, GONDIA

Complaint No. : CC/109/2019 Date of filing: 16/12/2019

Date of Order: 10/08/2021

Complainant:- 1. Dr. Suresh Bholeshwar Katre,

A/a 65 years. Occp. – Professor/Director,
R/o. Abhiyanta Colony,
Kudwa, Gondia - 441614.

2. Mrs. Minakshi Suresh Katre,

A/a 61 years. Occp. – Retired,
R/o. Abhiyanta Colony,
Kudwa, Gondia - 441614.

- Versus –

Opposite Party:- State Bank Of India,

Railtoli, Gondia,
Kudwa Road, Gondia -441614.

Quorum :- Shri Bhaskar B. Yogi, Hon’ble President

Ku. Sarita B. Raipure, Hon’ble Member.

Present :- Mr. M. B. Limaye, Adv. for complainant.

Mr. Anant Dixit, Adv. for O. P.

-: ORDER /JUDGMENT:-

(Passed on dated 10th August, 2021)

Per Shri Bhaskar B. Yogi – Hon’ble President.

1. Both the complainants are senior citizens and present complaint is

filed against the opposite party- bank who fail to protect to take due care in
the capacity of trustee of money deposited in saving account, which
 Complaint No. CC/109/2019 2

resulted in online fraud(fraudulent transaction) of Rs. 12,86,800/ and Rs.

5,49,600/- respectively from their saving account. Hence this complaint
seeking reversal of entire amount along with mental agony and legal cost.

FACTS OF THE CASE ARE AS UNDER:-

2. The Opposite party is the Bank extending various banking services.

The complainant no.1 is having saving account jointly with complainant
no.2 bearing A/c no.10672253985 and complainant no.2 is also having her
individual saving account bearing A/c no.10672251795. The mobile
number 9823067088 of complainant no. 2 is registered for both these
accounts’ with the opposite party bank.

3. It is the case of complainant that on 20th November 2019, around

1:12 noon, complainant no.1 received a link on his mobile no.9923796356
and complainant no.2 also received similar link on her mobile no.
9823067088, which mentioned that, "Your SBI account will be suspended
today 20/11/19 due to wrong date of birth verified in your bank account.
For reactive upgrade Fully KYC, immediately by online visiting click link
below"

4. The complainant has already submitted his documents for KYC

verification purpose to the opposite party bank in morning on same day i.e.
20th November 2019 and hence he believed the link to be sent by opposite
party. The information about submission of KYC verification was only
with the opposite party and there was no any reason to disbelieve that this
message could have been sent by any other person.

5. The complainant no.1 updated date of birth on the link provided and
also mentioned the number 9823067088 of the complainant no.2, which
was linked with the two bank accounts.
 Complaint No. CC/109/2019 3

6. The mobile of complainant no.2, which was registered with these

two saving accounts, received the message that account activation is
successful. Thereafter, the mobile of complainant no.2, received one OTP
which was shared with the person calling from no.9840997056.

7. On same day at around 2.10 afternoon both the complainants

received the message that Net Banking login password is changed i.e. on
20/11/2019. And while complainant no.2 was sleeping in night of 20th
November 2019, at around 11:35 pm. 11:36 pm., 11:37pm. and on 21st
November 2019 early morning at around 00:02 am, 00:04 am. and 00:07
am. she received six messages about withdrawal of Rs 1,99,800 in each
transactions and on 22nd November 2019 at morning 5:02 am complainant
no.2 again received message of withdrawal of Rs 88,000/- from her
account no.10672253985 amounting to Rs.12,86,800/-.

8. The complainant no.2 also received messages of withdrawal of Rs.

1,99,800/-, Rs.1,99,800/- and Rs.1,50,000/-from her another account
no.10672251795 in the morning of 22nd November 2019 at around 5:02
am. Amounting to Rs.5, 49,600/-.

9. The complainant no.2 saw all these messages on 22nd November

2019 morning at about 8:00 am onwards and realized that something
wrong has occurred. The complainant immediately reported the matter of
fraud with opposite party bank and asked for debit freeze of the beneficiary
account. The FIR was also registered with Ramnagar, Gondia Police
Station vide FIR No.373 dated 22nd November 2019. That the Opposite
party were unable to provide any information of the beneficiary and this
non-providence of beneficiary accounts information as well as not
initiating quick action of recalling the amount from beneficiary bank by
opposite party amounts to deficiency in service.

10. It is the case of complainant that the documents of the complainants

were submitted to opposite party for KYC updating and due to which
 Complaint No. CC/109/2019 4

complainant believed on content of the message and this confidential

information was compromised from opposite party's end only and non-
protection of customers confidential information also amounts to
deficiency in service on part of opposite party. As per Reserve Bank Of
India Master Circular on Customer services in India dated 01 July, 2015 at
point no. 5.17 page 31 guidelines are provided for Securing Electronic
Payment Transactions. These guidelines at (i) says that Customer induced
options may be provided for fixing a cap on value/mode of
transactions/beneficiaries. In present case the Opposite party failed to fix
the cap on such activities.

11. The same circular at (iv) mandates that Banks may put in place
mechanism for velocity check on the number of transactions effected per
day/per beneficiary and any suspicious operations should be subjected to
alert within the bank and to the customer. The Opposite party have
miserably failed on this count also as they failed to detect the suspicious
transaction within the bank, occurring at odd hours of the day and the
uncharacteristic velocity of the transactions. Also though e-mail id of
complainant was registered with opposite party, opposite party failed to
initiate emails for the huge volume of transactions. Failure of opposite
party to follow the RBI mandated guidelines also amounts to deficiency in
service reasonably expected by the bank for the online transactions. RBI
through KYC guidelines has mandated Opposite party to identify the
clients as per their transactions pattern and provide security according to
their classification but Opposite party also failed to provide reasonable
security to clients account and hence again liable for deficiency in service.

12. AS per the RBI Circular on Customer Protection- Limiting Liability

of Customers in Unauthorized Electronic Banking Transactions mandates
that the systems and procedures in banks must be designed to make
customers feel safe about carrying out electronic banking transactions. To
achieve this, banks must put in place:
 Complaint No. CC/109/2019 5

i. appropriate systems and procedures to ensure safety and security

of electronic banking transactions carried out by customers;
ii. robust and dynamic fraud detection and prevention mechanism;
iii. mechanism to assess the risks (for example, gaps in the bank’s
existing systems) resulting from unauthorized transactions and
measure the liabilities arising out of such events;
iv. appropriate measures to mitigate the risks and protect
themselves against the liabilities arising there from; and
v. a system of continually and repeatedly advising customers on
how to protect themselves from electronic banking and
payments related fraud.

13. Opposite party failed to provide robust and dynamic fraud detection
and prevention mechanism as this led to happening of the fraud and
complainant losing huge amount of Rs.18,36,400/. These acts of omission
and commission of the Opposite party, which is one of the leading Banks
in India, who has all the technological innovations at its discretion, of not
responding to the enquiry by complainant regarding detailed transaction
information of the complainant's accounts and not initiating any proactive
measures on its own after receipt of report about suspected activities
happening on complainants account, not protecting confidential
information of the complainant, amounts to most severe deficiency in
service as per Banking industry guidelines and norms. Accordingly
complainant prayed as:
i. That Opposite party SBI is directed to reverse the disputed
transactions of Rs.18, 36,400 to the complainant's account.
ii. To provide monetary relief towards mental harassment,
agony, pain and loss of professional gains as he was required
to devote his time in resolving the present issue, litigation
charges etc. amounting to Rs. 1,63,600/- (Rs One Lakh Sixty
Three Thousand Six Hundred only).
iii. Grant any other relief which this Hon'ble court deems fit
and proper in the facts and circumstances of the case;
iv. The complaint is allowed with cost of Rs.20,00,000/-
(Rupees Twenty Lac only) in the interest of justice.
 Complaint No. CC/109/2019 6

14. The complaint was admitted on 20/12/2019. The opposite party filed
their written version on 28/02/3020. The Opposite party admitted residence
of complainant in Gondia, also saving account in their bank, but disputed
other facts and blamed complainants for sharing their confidential OTP to
third person to whom the complainant negligently provided the
confidential OTP number. Rather it can be said that the complainant
without knowing the effect of future loss pressed the fake link and also
provided OTP these factors lead to the entire transaction. The complainant
was hopelessly negligent and acted irresponsible against which there is no
difference in providing the service by the opposite party Bank. The bank
has already given message that not to share the OTP with anyone as is
evident from the document which is placed on record for producing for
everyday transaction that is done, a message is sent to the registered mobile
number- if particular transaction not done forward this SMS to
9223008333 to block INB or call 1800111109 and with every OTP
message and alert of not to share OTP with anyone is also given in the
message despite this known fact the complainant shared password OTP.

15. The exact pleas raised in defence by the Opposite party in its
Specific Pleadings supported with affidavit in lieu of evidence pg. no. 112
Para no. 18 – 27 are as under:

(18) In the facts and circumstances of the alleged contentions in the

complaint it is worth relevant significant to know the released
regulations of RBI wherein it has explicitly laid down the extent to
which a customer will be liable in cases of an unauthorized
transaction /fraud. Admittedly, financial transactions have become
more web based and electronic exchanges or use of Debit & Credit
cards - i.e. becoming part of life as go to mode of transactions.
However, with this advancement, notorious hackers have found
ways to beat the system and commit theft of e-money, frauds etc.
 Complaint No. CC/109/2019 7

(20). It is worth significant to consider the regulation that, in the

circumstances Where the bogus transaction has occurred because of
the customer's Carelessness i.e. the payment details or passwords
were shared by the customer with someone else, then until this
transaction is reported to the bank, the entire loss will be borne by
the customer. However, once the transaction in question is reported
to the bank, loss from any fraudulent transaction thereafter will be
borne by the bank.

(21). The Bank on its part used to alert the customer from time to
time. The complainant had shared the OTP when then and there in
the same massage an alert has been given to the complainant not to
share an OTP still the complainant shared the OTP. This is nothing
but an act of sheer negligence. Even on login the bank's internet
banking login page it is clearly mentioned thereon. “Beware of
Phishing attacks" Phishing is a fraudulent attempt, usually made
through email, phone calls, SMS etc. seeking your personal and
confidential information.

(22). State Bank or any of its representative never sends you

email/SMS or calls you over phone to get your personal
information, password or onetime SMS (high security) Password.
Any such e-mail/ SMS or phone call is an attempt to fraudulently
withdraw money from your account through Internet Banking.
Never respond to such email / SMS or phone call. Please report
immediately on report. Phishing@sbi.co.in if you receive any such
email/ SMS or phone call. Please lock your user access immediately,
if you have accidentally revealed your credentials. By clicking on
continue to login button you agree to the terms of service (Terms &
Conditions) of usage of internet Banking of SBI. Thus, the
complainant who is highly qualified and a regular and seasoned
internet banking user must have been extra careful and beware of the
public notice of fraudulent acts issued by the Bank time to time.
 Complaint No. CC/109/2019 8

Therefore, the negligence is the nucleus of entire complaint which

the complainant committed and that cannot be equated with the
alleged deficiency.

(23). It is pertinent to note that, the transactions are authenticated by

using the OTP (one time password) which means one can
Successfully make payment or transfer money online. If he receives
an OTP for a transaction that was not initiated by him, then
immediately he would have contacted the bank or card issuer. He
ought to have been extra careful not to share the OTP, especially
over a phone call. But the complainant miserably failed to do so.

It is specifically submitted that, So far as negligence and deficiency

is concerned it is necessary to peruse the definition of the negligence
it means "failure to exercise the degree of care expected of a person
of ordinary prudence in like circumstances in protecting others from
a foreseeable and unreasonable risk of harm in a particular
situation".

(24). In the present case the complainant her/himself committed

negligence and was not careful. And on loss or injury now the
complainant can not equate it with inadvertence and shift burden of
care on the OP beneath the effect of instructions and circular of RBI,
which even otherwise do not assure for negligent act of
complainant. It is well settled that, once the things which are
declared not to follow or commit if someone commits it, he is bound
to suffer.

The Bank has thousands time proclaimed and passed massage to its
consumers not to share OTP or password, but despite this the
persons like complainants used to commit the same mistake which is
a blunder. Law protects them who are vigilant and not negligent.
 Complaint No. CC/109/2019 9

The complainant availed digital services off course he is bound to

follow the procedure & instructions issued time to time by the bank.

It is pertinent to asserted that, Sharing of password, unless the

transaction is confirmed is prohibited. However, just believing the
theme of KYC upgrade. It was mandatory on the part of
complainant to check & verify the correctness of call which seeking
his private credentials. Now, at all if the legal interpretations we
look the act of complainant does not allow him to claim the amount
he loosed due to his own negligence.

Consequently, under the head deficiency the negligent act of

complainant cannot be shifted upon the OP Bank.

(25). In this particular case there seems assumption of risk, as the

complainant knowingly and voluntarily assumes a risk of harm
connected with the negligence of the sharing of pass word when the
complainant assumed such a risk, he cannot claim compensation of
his or for any harm has allegedly resulting from the OP's conduct.

(26). Admittedly, the complainant had actual knowledge of the risk

involved in sharing the password in non official hours. Impliedly or
expressly he assumes the risk, as is evident from the pleading in the
complaint. It is submitted that, the nature of the conduct of
complainant as per his complaint was inherently dangerous.

Thus, the OP bank has not committed deficiency in service which is

sole ground of complaint. In the circumstances and facts also taking in to
consideration the negligent acts and not following the system generated
alerts by the complainant, there does not accrue any cause of action on the
contrary the OP Bank has unnecessarily being dragged in this litigation
leveling unjustified and false allegations just misleading the settled things.
The complaint being devoid of substance and merit and on the
 Complaint No. CC/109/2019 10

misconceived facts & wrong interpretations of guidelines, and prayed that

the complaint needs to be rejected out rightly with heavy exemplary cost.

16. Heard arguments of both the parties at length. Ld Adv. M. B.

Limaye for Complainant and Ld. Adv. Anant Dixit for the opposite party.
Complainants advocate relied on Document no. 3 at Pg. no. 79 to 81 and
RBI Guidelines Circular dated July 15, 2015 specifically 5.17 Securing
Electronic payment transactions & Circular dated July 6, 2017 Point
no. 3. & 4 -Strengthening of system and procedures. Point no. 5
reporting of unauthorized transactions by customers to banks. Point
no. 12 Burden of proof. He also relied upon judgments of Hon’ble
National Commission, Hon’ble State Commission and Hon’ble Kerala
High Court viz:
i. State Bank of India V. Dr. J.C.S. Kataky decided on
03/05/2017. (NCDRC)
ii. ICICI Bank Limited V. Kateka Sudhakar decided on
05/03/2018. Telangana State commission.
iii. State Bank of India v. P. V. George decided on
09/01/2019/19th pousha, 1940. The Hon’ble High
Court of Kerala.

Ld Adv. for opposite party vehemently argued his point and relied
on same circular dated July 6, 2017 point no. 7. (b) limited liability of a
customer. He also brought our attention to the admitted fact that the
account was freeze immediately after complainant’s complaint as
mentioned in Para no.10 of his written arguments. He also argued that
there was no fraudulent transaction happened thereafter, there is no
deficiency on their part and due to sharing of OTP by complainant himself
amounts to negligence by customer, for this bank is not liable for his own
mistakes. He also file certain documents circular, Terms and conditions of
internet banking issued by State Bank of India, and relied upon Judgment
 Complaint No. CC/109/2019 11

of Hon’ble District Commission Pune in case of Complaint Case No.

CC/15/530 Jayprakash Mandal v. SBI Credit Card decided on 28/07/2016.

17. Perused entire record and after considering the pleadings of the
parties, documentary evidence adduced on record and hearing the
arguments advanced by the Ld. Advocates. Following points arise for our
determination and we record our finding thereon for the reasons as follow:
Sr. No. Points for determination Our findings

1. Whether opposite party proves negligence In negative

on part of complainant? And whether it
It was an Accident
was negligence or accident on part of
complainant mistakenly disclosing the
OTP?
2. Whether opposite party committed In affirmative
deficiency in service?
3. What order? Complaint partly
allowed

FINDINGS AND REASONS

Issue no. 1 & 2:

18. Opposite party has not disputed the saving account of complainant
and fraudulent transaction happened in night on 20/11/2019 and earlier
hours of 21/11/2019. But strongly relied upon the circular dated July 6,
2017 point no. 7. A customer shall be liable for the loss occurring due to
unauthorized transactions in the following cases: (i) In cases where the loss
is due to negligence by a customer, such as where he has shared the
payment credentials, the customer will bear the entire loss until he reports
the unauthorized to the bank. Any loss occurring after the reporting of the
unauthorized transaction shall be borne by the bank. And repeatedly argued
that due to negligence of complainant opposite party is not liable.

19. Therefore, issue of negligence has to be discussed first.

What is negligence? Or whether it was negligence or accident on
part of complainant mistakenly disclosing the OTP?
 Complaint No. CC/109/2019 12

Documents at page no. 78 – 81 clearly reveals that on 20.11.2019

the complainants had submitted the KYC application which is duly signed
and acknowledged by Opposite party bearing seal of the branch.
Thereafter, same day around 01:12 noon, complainant no.1 received a link
on his mobile no.9923796356 and complainant no.2 also received similar
link on her mobile no.9823067088, which mentioned that, "Your SBI
account will be suspended today 20/11/19 due to wrong date of birth
verified in your bank account. For reactive upgrade Fully KYC,
immediately by online visiting click link below”.
The complainant stated on oath/affidavit (pg. no. 45) that since he
has already submitted/filed his documents for KYC verification purpose in
opposite party bank in morning on same day and hence he believed the link
to be sent by opposite party. The information about submission of KYC
verification was only with the opposite party and there was no any reason
to disbelieve that this message could have been sent by any other persons
and on such beliefs he shared the OTP.

From the pleadings and documents it appears that the fraudsters had
first of all opened bank accounts in IDFC Bank Limited in name of various
persons as revealed from the documents filed at pg. no. 120-125 and send
link to create user id of the complainants. The complainant has stated that
he updated date of birth and also mentioned the number 9823067088 of the
complainant no.2 this statement on oath has not been specifically denied
with supporting documents, though mentioned specifically but the opposite
party just denied for want of knowledge (pg. no.29 & 108) and for the
reason that no such link or message delivered by the O.P. bank at any point
of time.

The word negligence as per the definition in tort involves the

following constituents: (1) a legal duty to exercise due care; (2) breach of
the duty; and (3) consequential damages.
 Complaint No. CC/109/2019 13

The breach of duty may be occasioned either by not doing

something which a reasonable man, under a given set of circumstances
would do, or, by doing some act which a reasonable prudent man would
not do.

In Poonam Verma vs Ashwin Patel & Ors. decided on 10 May, 1996

citied at 1996 AIR 2111, 1996 SCC (4) 332, the Hon’ble Supreme court
in Para 40 describes negligence (medical) as:

Para 40: “Negligence has many manifestations - it may be active

negligence, collateral negligence, comparative negligence, concurrent
negligence, continued negligence, criminal negligence, gross negligence,
hazardous negligence, active and passive negligence, willful or reckless
negligence or Negligence per se, which is defined in Black's Law
Dictionary as under :

Negligence per se: Conduct, whether of action or omission, which may be

declared and treated as negligence without any argument or proof as to the
particular surrounding circumstances, either because it is in violation of a
statute or valid municipal ordinance, or because it is so palpably opposed
to the dictates of common prudence that it can be said without hesitation or
doubt that no careful person would have been guilty of it. As a general
rule, the violation of a public duty, enjoined by law for the protection of
person or property, so constitutes."

In Concise Law Dictionary - P. Ramanatha Aiyar- 1997 Reprint

Edition 2001
NEGLIGENCE. Negligence in law signifies a coming short of the
performance of duty.

Negligence is “the absence of proper care, caution and diligence; or such

care, caution and diligence, as under the circumstances reasonable and
ordinary prudence would require to be exercised.”
 Complaint No. CC/109/2019 14

NEGLIGENCE AND CONTRIBUTORY NEGLIGENCE. A clear

distinction exists between negligence and contributory negligence .
Negligence is contributory when and only when, it directly and
proximately induces the injury in whole or in part.
NEGLIGENCE, ACTIONABLE. The act or omission amounting to want
of ordinary care on the part of the complaining party which concurring
with defendant’s negligence, is proximate cause of injury.

ACCIDENT. An un-designed, sudden or unexpected event; mishap;

misfortune; disaster. The word “accident” generally denotes an event that
takes place without one’s foresight or expectation ;an event which
proceeds from an unknown cause, or is an unusual effect of a known cause,
and therefore not expected; chance, casualty, contingency. (Webster’s
Dict.) An event happening without the concurrence of the will of the
person by whose agency it was caused.

In WHARTON’S CONCISE LAW DICTIONARY Universal Law

Publishing co. Fifteenth Edition (concise) 2009 Reprint 2010, 2011 ISBN
|:978-81-7534-783-0

Accident, means an unlook for mishap or an untoward event which is not

expected or designed, Fenton v. Thorley & co. Ltd., 1903 AC 443:

Accident, Accidental, an accident is not the same as an occurrence, but

something that happens out of the normal or ordinary course of things,
Sukhdev Singh v. Delhi State, (2003) 7 SCC 441 (447).

Negligence, is absence of reasonable or prudent care which a reasonable

person is expected to observe in a given set of circumstances. But the
negligence for which a consumer can claim to be compensated under this
Sub-s. must cause some loss or injury to him, Consumer Unity & Trust
Society v. Bank of Baroda, (1995) 2 SCC 150 (153);

Negligence, contributory negligence, the question of contributory

negligence arises when there has been some act or omission on the
 Complaint No. CC/109/2019 15

claimant’s part, which has materially contributed to the damage caused,

and is of such a nature that it may properly be described as ‘negligence.’
Negligence ordinarily means breach of a legal duty to care, but when used
in the expression “contributory negligence” it does not mean breach of any
duty. It only means the failure by a person to use reasonable care for the
safety of either himself or his property, so that he becomes blameworthy in
part as an “author of his own wrong”, Pramod Kumar Rasikbhai Jhaveri v.
Kanmasey, AIR 2002 SC 2864 (2866): (2002) 6 SCC 455. (Motor
Vehicles Act, 1988, s. 168)

From above definition there is no legal duty cast upon the

complainant at the most it would be contributory negligence, but from
circumstances it is more of accident and neither it is negligence, nor it is
contributory negligence on part of complainant.

20. Further to verify the modus operandi of the fraudulent transaction,

we visited the opposite party –SBI BANK website and taken screenshots
and pasted in this judgment which are part and parcel of this judgment for
better understanding. Marked as Annexure ‘X’ for the purpose of
identification at the end of the judgment / order. (pg. no. 25 onwards)

Requirements of creating user id and login password.

From the screenshots for user driven registration–new user. It seems

that the Account Number, CIF Number, Branch Code are mandatory fields
and from pleadings the complainant has only shared birth date and OTP
thus the question who shared account number and CIF number is to be
seen.

Only two persons the complainant and the Bank(institution) knows

above details and if complainant has received phone call and link on same
day and number submitted in KYC application (ref: Para 3 above) when he
had submitted KYC documents it is obvious that the confidential
information are parted by the employees of the Bank only.
 Complaint No. CC/109/2019 16

In this regard we rely upon the observations made by Hon’ble Delhi

State Commission III (2013) CPJ 5 (del.) in case of American Express
Banking Corp. v. Sushma Agarwal FA-892/09 decided on 31.05.2013
…sheer negligence on part of appellant/op bank in conspiracy with others
has deliberately did not stop payment and encashed the same-no illegality
or irregularity in impugned order. (Para 8, 9)

21. We also rely upon the observations made by Hon’ble Supreme

Court in case of Canara Bank vs. Canara Sales Corporation & Ors.
Civil Appeal No. 1777 of 1973 Date of Judgment 22/04/1987 citation:
[1987] 2 SCR 1138, AIR 1987 SC 1603, (1987) 2 SCC 666, Negotiable
Instruments Act, 1881--Sections 6, 31, 77, 85 and 117--Bank and customer
of the Bank--Relationship between--That of a creditor and debtor-Cheque
duly signed by a customer presented-Mandate to Bank to pay the amount--
Element of trust between Bank and its customer--Exists. Banking Law--
Bank and Customer-Entries in pass book and statement of accounts
furnished by bank--Customer whether duty bound to intimate
discrepancies. Held:-
42. We adopt the reasoning indicated above with great respect.
Unless the bank is able to satisfy the Court of either an express condition in
the contract with its customer or an unequivocal ratification. It will not be
possible to save the bank from its liability. Banks do business for their
benefit. Customers also get some benefit. If banks are to insist upon
extreme care by the customers in minutely looking into the pass book and
the statements sent by them, no bank perhaps can do profitable business. It
is common knowledge that the entries in the pass books and the statements
of account sent by the bank are either not readable, decipherable or legible.
There is always an element of trust between the bank and its customer. The
bank’s business depends upon this trust. Whenever a cheque purporting to
be by a customer is presented before a bank it carries a mandate to the
bank to pay. If a cheque is forged there is no such mandate. The bank
can escape liability only if it can establish knowledge to the customer of
 Complaint No. CC/109/2019 17

the forgery in the cheques. In-action for continuously long period cannot
by itself afford a satisfactory ground for the bank to escape the liability.

44. This is how this Court understood how a plea of estoppel

based on negligence can be successfully put forward. We have seen that
there is no duty for a customer to inform the bank of fraud committed
on him of which he was unaware. Nor can in-action for a reasonably long
time in not discovering fraud or irregularity be made a defence to defeat a
customer in an action for loss. Thus the contentions put forward by the
bank cannot be accepted to defeat the plaintiff.”
-(Emphasis supplies)

22. Thus opposite party escapes from the liability only if it can establish
knowledge to the customer of the fraudulent online transaction. More over
the burden to proof- negligence is upon bank as per Point no. 12 of the said
circular. RBI in its circular dated 06/07/2017 admitted the need of issuing
direction as specified in Para.2 of the circular as “With the increased thrust
on financial inclusion and customer protection and considering the recent
surge in customer grievances relating to unauthorized transactions resulting
in debits to their accounts/ cards, the criteria for determining the customer
liability in these circumstances have been reviewed.”

Customer Protection – Limiting Liability of Customers in

Unauthorized Electronic Banking Transactions Strengthening of systems
and procedures
3. Broadly, the electronic banking transactions can be divided into
two categories: (i) Remote/Online payment transactions and (ii) Face-to-
face/ proximity payment transactions (transactions which require the
physical payment instrument such as a card or mobile phone to be present
at the point of transaction e.g. ATM, POS, etc.)
Limited Liability of a Customer (a) Zero Liability of a Customer
6. A customer’s entitlement to zero liability shall arise where the
unauthorized transaction occurs in the following events: (i) Contributory
 Complaint No. CC/109/2019 18

fraud/ negligence/ deficiency on the part of the bank (irrespective of

whether or not the transaction is reported by the customer). (ii) Third party
breach where the deficiency lies neither with the bank nor with the
customer but lies elsewhere in the system, and the customer notifies the
bank within three working days of receiving the communication from the
bank regarding the unauthorized transaction.
Reversal Timeline for Zero Liability/ Limited Liability of customer
9. On being notified by the customer, the bank shall credit (shadow
reversal) the amount involved in the unauthorised electronic transaction to
the customer’s account within 10 working days from the date of such
notification by the customer (without waiting for settlement of insurance
claim, if any). Banks may also at their discretion decide to waive off any
customer liability in case of unauthorized electronic banking transactions
even in cases of customer negligence. The credit shall be value dated to be
as of the date of the unauthorised transaction.
Burden of Proof
12. The burden of proving customer liability in case of
unauthorised electronic banking transactions shall lie on the bank.
-(Emphasis supplied)

23. The Opposite party fails to discharge its burden as directed by the
RBI. In this regards the Hon’ble National Commission in case of “State
Bank of India-Versus-J. C. S. Kataky (Dr)” 2017 (2) CLT 602 (NC) has
held in Para No.11, 12, 16 & 19 quoted below for ready reference:-
“11. …………It is clear from the facts on record that the Bank flatly
refused to even look into the matter, what to speak of making any
investigation into the same. Once the specific POS number had been
given in the message received from the Bank itself to the complainant,
the Bank could have very well verified the genuineness of these
transactions, after establishing contact with the person or merchant
establishment in possession of the said POS, but nothing of that sort
was done.
 Complaint No. CC/109/2019 19

12. ……………………….It was, therefore, necessary for the Bank

to have carried out suitable investigation into the alleged transactions.

16. ……………………………………………… Moreover, there

was a third debit from the account of the complainant amounting to
Rs.28,949/- for which no message was received by the complainant
from the Bank. It was, therefore, the duty of the Bank to have looked
into the matter to arrive at the truth of the same.

19. A plain reading of this provision is sufficient to establish that

once the complaint was made citing specific incidents of
unauthorised withdrawal, it was the duty of the bank to have
carried out the necessary verification in the matter, rather than
washing their hands off from the whole episode. Evidently, there
has been deficiency in service on the part of the Bank, vis-à-vis, the
consumer/complainant. It is held, therefore, that the consumer fora
below have made a correct appreciation of the facts and circumstances
on record which deciding the complaint in favour of the complainant.”
- (Emphasis supplied)

24. In the ruling in ‘Sri Thomas Ninan -Versus- Axis Bank & Anr.’
Appeal No.-A/14/755, decided by Hon’ble State Commission, Mumbai
decided on 07.08.2017, held in Para no. 11:-
“11. There is increase in the grievances of the customers in relation
to unauthorized banking transactions in respect of electronic online remote
payment and cashless transactions e.g. internet banking, mobile banking,
card not present (CNP) transactions, pre-paid payment instruments
resulting in debits from their Bank accounts and customers need to be
protected in unauthorized electronic banking transactions. Banks need to
assure safety to the customers making them feel safe and secure in respect
of the electronic banking transactions. Banks are duty bound to take
appropriate steps to assess the risk and provide for robust mechanism to
prevent and detect fraud and to provide for liability arising out of
 Complaint No. CC/109/2019 20

misappropriation or fraud. Banks must ask their customers to compulsorily

register for the E-mail alerts, SMS alerts, system must be such so that
customers can immediately inform by reply to the Bank about any illegal
or unauthorized remote or internet transaction soon after occurrence
thereof. Customer’s liability must be zero when he informs the Bank at the
earliest possible opportunity. Burden of proof to prove customer’s
liability is upon the Bank in all cases of the online internet
transactions, Bank must show that it had taken immediate steps to
prevent and/or detect fraud. Banks transacting inter se do have means
to trace the culprits on the basis of Know Your Customer (KYC)
details in the Bank accounts and recover the sums wrongly transferred
by electronic transfers. The basic principle is one must be made to pay
for negligence when it has caused deficiency in service and loss to
consumer actionable under the Consumer Protection Act, 1986. It is argued
that appellant himself is negligent but this submissions by the Opposite
partys is not acceptable because in cases of internet transfers unless
alerted prior to or at the time of internet transfers we cannot impute
any blame to the consumer, who was in darkness as to withdrawals by
unknown persons by mode of internet transfers.
-(Emphasis supplied)

Similar view taken by Hon’ble Telangana State commission,

in FA/1284/2013 ICICI Bank Limited V. Kateka Sudhakar decided on
05/03/2018, filed by complainant in Para 13.

25. Complainant also relied upon State Bank of India v. P. V. George,

Regular Second Appeal No. 1087 of 2018 in Appeal Suits No. 107 of
2015 in original Suit No. 212 of 2014 decided on 09/01/2019/19th pousha,
1940 Citations : 2019 (1) KLT 505 : 2019 (1) KLJ 848 : AIR 2019 Ker.
140. The Hon’ble High Court of Kerala held in para 8 &11.
“8. Having regard to the facts admitted by the parties and
the submissions made by the learned senior counsel for the appellant, the
 Complaint No. CC/109/2019 21

following substantial questions of law have been formulated for decision in

the matter:
(i) Are not the banks permitting withdrawal of cash from the
accounts of their customers making use of ATM cum debit
cards liable for the loss caused to the customers in connection
with the transactions made without their junction by
fraudsters?;
(ii) Could a bank be exonerated from the liability for the loss
caused to its customer on account of the unauthorised
withdrawals made from his account merely on the ground that
the customer has not responded promptly to the SMS alerts
given by the bank?

11. Question (ii): Various services are being provided by banks to

their customers. In fact, banks are soliciting business by advertising the
various services provided by them to their customers in connection with
different accounts. SMS alerts is one of the facility extended by most of the
banks to their customers in connection with the savings bank accounts
having electronic banking facilities including ATM cum-Debit Card
facilities. Such facilities are provided not only to those who specifically
request for the same, but also to those who do not ask for such facilities.
Could such a facility voluntarily given by banks to their customers
determine the rights of parties, is the question. According to me, only if
there exists a specific term in the contract between a bank and its customer
to the effect that the bank would be exonerated from the liability in
connection with the unauthorised transactions if the customer does not
respond to the SMS alerts, SMS alerts cannot be the basis for determining
the liability of the customer, for, there would be account holders who may
not be in the habit of checking SMS alerts at regular intervals and account
holders like the plaintiff in the instant case who is working in an offshore
oil rig, who may not be able to access their mobile phones for several days
having regard to the peculiarity of their avocation. The defendant has no
 Complaint No. CC/109/2019 22

case that there is a contract between them and the plaintiff to the effect that
if the plaintiff does not respond to the SMS alerts given by them regarding
the withdrawals from his accounts, they would not be liable for the loss, if
any, caused to the plaintiff.
In the circumstances, question (ii) is also answered against the
appellant”.
-(Emphasis supplied)

We also relied upon ruling in the case of Standard Chartered Bank

& Anr. Vs. Anil Shridhar Supenkar First Appeal No. 1252 of 2009
decided on 20/06/2012 cited at 2013 (5) ALL MR (Journal) 37 The
Hon'ble State Consumer Disputes Redressal Commission, Maharashtra,
Mumbai had held that:- Opponent Bank without holding proper inquiry
dismissed said disputes merely on ground that dispute was beyond time
frame Improper exercise –Bank was under Obligation to make through
inquiry and adjudicate the matter-opponent held deficient in service.
(Emphasis supplied)
As per the circular it is burden of opposite party to prove their case,
which they failed to prove. Above cited rulings / judgments are applicable
to the present complaint. And the judgment relied by opposite party is not
relevant in the facts of the complaint before us.

26. It is also observed that Banks are having network and they can
easily help the customer’s/consumers e.g If a fraudulent online transaction
happened the money is in the system till working time. Banks can easily
stop the payments in better protection of customer’s interest and even
whoever has withdrawn the amount fraudulently from bank account can be
identified easily. Since only after completing all the formalities of Aadhar
Verification, PAN Card details, ID proof, valid address proof an account is
opened. Thus the details of miscreants can be traced but bank does not help
poor consumers even the employee of bank share details of customers to
fraudsters which can be taken note for the simple reason that a person's
 Complaint No. CC/109/2019 23

bank details are only with bank or the consumer then how come anyone
know that a particular person have such and such bank account in such and
such bank at such and such place etc. Thus it is burden on part of the bank
and its employees to discharge their burden first then only complainant can
be hold responsible for any alleged negligence. Hence looking from any
angle the opposite parties miserably failed to discharge their burden that
complainant was negligent. In view of the above ruling and facts of the
present complaint, the complaint must be allowed with cost and
compensation.
Therefore issue no. 1 is answered in Negative and sharing of
Birth of date and OTP by the complainant was an accident and issue
no. 2 is in affirmative. Accordingly, complaint is partly allowed.

27. It is also important to recover the public amount from the salary
of the public servant who has performed their duty capriciously and
caused harassment and mental agony to the complainants after
conducting their internal enquiry from the staff who has committed
dereliction in duty resulted the loss cost to the public authority as per
Hon’ble Supreme Court Judgment in case of Lucknow Development
Authority vs. M. K Gupta 1994 AIR 787.

Hence following order.

FINAL ORDER

1. Complaint is partly allowed.

2. The opposite party is hereby declared liable for the loss

caused to the complainants.

3. Opposite party is directed to reverse the disputed transaction

of Rs. 18,36,400/- along with simple interest @ 6 % p.a from
22/11/2019 till realization to the complainants.
 Complaint No. CC/109/2019 24

4. Opposite party further directed to pay to the complainants Rs.

25,000/- for causing mental agony and suffering the
complainants (both senior citizens) suffered due to fraudulent
transaction committed in their accounts.

5. Opposite party is directed to pay Rs.10,000/- as legal cost to

the complainants.

6. Opposite party no. 1 and 2 may recover the above amount

from the concerned officers/staff after conducting their
internal enquiry from the salary of the staff who has
committed dereliction in duty for the loss caused to the public
Institute (Bank).

7. Certified free copies of the order be supplied to the parties as

per rules.

8. Additional set of complaint be taken back by complainant

within 30 days and file be consign to record room.

Pronounced on 10th August, 2021

( SARITA B. RAIPURE) (BHASKAR B. YOGI)

MEMBER PRESIDENT

Date : 10/08/2021
Place : Gondia
 Complaint No. CC/109/2019 25

Annexure “X” Screenshot from SBI Website for opening /creating

User ID and password.
Complaint No. CC/109/2019 26