logo

This Product is Licensed to ,

Change Font Style & Size  Show / Hide
24

  •            

 
CDJ 2026 (Cons.) Case No.100 print Preview print print
Court : National Consumer Disputes Redressal Commission (NCDRC)
Case No : Second Appeal No. 540 of 2025
Judges: THE HONOURABLE MR. JUSTICE AVM JONNALAGADDA RAJENDRA, AVSM, VSM (RETD), PRESIDING MEMBER & THE HONOURABLE MR. JUSTICE ANOOP KUMAR MENDIRATTA, MEMBER
Parties : State Bank of India, Through its Branch Manager, Bengaluru Versus Prodosh Kumar Banerjee
Appearing Advocates : For the Appellants: Vipin Jai, Advocate. For the Respondent: In person.
Date of Judgment : 15-04-2026
Head Note :-
Subject
Judgment :-

Anoop Kumar Mendiratta, Member

1. Second appeal preferred on behalf of the Appellant/Opposite Party assails Order dated 26.05.2025 passed in Appeal No.1742 of 2023 by the learned Karnataka State Consumer Disputes Redressal Commission, whereby the appeal filed by the complainant was allowed and the opposite party has been directed to re-credit the amount of Rs.1,99,000/- within 60 days with compensation of Rs.25,000/-.

2. In brief, Complainant/Respondent is an account holder with the State Bank of India/Opposite Party. On 19.07.2022, complainant received an SMS from mobile No.08910621736 on his mobile regarding disconnection of electricity connection, in case the Electricity Bill for the last month was not paid. Also, a number was indicated for clarification. On calling the aforesaid number by the complainant, the dues were confirmed and further on downloading the application the screen of BESCOM (Bangalore Electricity Department) appeared. An amount of Rs.20/- was initially tried to be paid online by the complainant but a message was received from the bank that the complainant wrongly entered the password three times and, as such, was not permitted to do any transaction. Thereafter, a message was received by the complainant that an amount of Rs.25,000/- was deducted from his SBI account. Again an SMS was received by the complainant for payment of Rs.1,99,000/- even without entering the OTP. Further, the mobile of the complainant was found to be not working thereafter and attempt to inform SBI failed. Complainant fearing loss of any further amount switched off the mobile. Since the server of SBI was down, an e-mail was forwarded by complainant at 'unauthorisedtransaction@sbi.co.in' for reporting 'fraudulent online transaction'. The matter was also reported to Cyber Crime Police, who raised CIRO number 12895 on the same day pursuant to which FIR was subsequently registered as Crime No.451/2022 at East CEN Crime Police, Bengaluru. The matter was thereafter reported by the complainant to OP on 20.07.2022, upon which the account was freezed with an assurance to look into the issue. In the meantime, amount of Rs.25,000/- was credited back to the account of the complainant. Complaint was further filed by the complainant with OP along with relevant documents on 26.07.2022, which was acknowledged by OP vide e-mail dated 27.07.2022. In the absence of any resolution of his grievance by OP, a complaint was preferred by the complainant before the learned District Forum claiming refund of Rs.1,99,000/- along with compensation.

3. The complaint was dismissed by the learned District Forum vide Order dated 14.08.2023. Aggrieved against the same, Appeal No.1742 of 2023 was preferred by the complainant which was allowed by the learned State Commission vide Order dated 26.05.2025, directing OP to re-credit the amount of Rs.1,99,000/- as noticed above. Present SA No.540 of 2025 has been preferred on behalf of Opposite Party, challenging the Order passed by the learned State Commission.

4. Learned counsel for the opposite party submits that crucial facts relating to fraudulent transaction have been suppressed by the complainant. He argues that money could not have been withdrawn without sharing of OTP by the complainant. He further submits that opposite party had been informed of the fraudulent transaction only vide letter dated 26.07.2022 after a delay of eight days of the impugned transaction. He urges that negligence cannot be attributed to opposite party since the credentials were shared by the complainant after voluntarily downloading the application which turned out to be fraudulent. He further states that customers are repeatedly cautioned by the bank to not to share the credentials/OTP by way of advertisements and the bank cannot be burdened with liability arising out of negligence of the complainant owing to fraud committed by a third party. Learned State Commission is stated to have fell in error by taking into consideration regulation 7(i) of RBI Circular No. Leg.BC.78/09/07.005/2017-18.

5. On the other hand, learned counsel for the respondent reiterates the stand taken in the complaint and submits that the amount of Rs.25,000/- and Rs.1,99,000/- had been fraudulently withdrawn though only an attempt to pay an amount of Rs.20/- had been made. He submits that no OTP for the said transactions for Rs.25,000/- and Rs.1,99,000/- was ever shared. He further urges that though the amount of Rs.25,000/- was re-credited but no efforts appear to have been made for stalling the transaction of Rs.1,99,000/- by the bank. He further supports the Order passed by the learned State Commission.

6. We have given considered thought to the contentions raised and perused the record carefully.

Learned District Forum dismissed the complaint holding that there is no deficiency on the part of the Opposite Party/Bank, since the complainant was responsible for the transactions in question. It was further observed that RBI Circular dated 06.07.2017 could not be applied to the complainant.

On the other hand, Learned State Commission vide impugned Order allowed the appeal preferred by the complainant observing that the transaction of Rs.1,99,000/- and Rs.25,000/- was intimated to the OP Bank immediately within three hours. Further, though the transaction of Rs.25,000/- was reverted on receiving the intimation from the complainant but steps were not taken for reversing the amount of Rs.1,99,000/-. Learned State Commission was of the opinion that zero liability clause in terms of RBI Circular dated 06.07.2017 was applicable.

7. The pith and substance of the contentions raised on behalf of the Appellant Bank is that complainant is liable for consequences of downloading the fraudulent application and voluntarily sharing the OTP. Learned counsel for opposite party emphasis that the bank cannot be held liable for deficiency in service in case the OTP is voluntarily shared.

On the other hand, as per the complainant, only an amount of Rs.20/- was tried to be credited after receiving the fraudulent call regarding pendency of electricity bill. However, amount of Rs.25,000/- and Rs.1,99,000/- was deducted without sharing of any OTP. It is pertinent to notice that the matter was immediately reported by the complainant to Cyber Crime Police which raised CIRO No.12895 as well as information was shared on SBI Helpline. Since the amount of Rs.25,000/- was credited back to the account of complainant and his account was freezed, the opposite party cannot claim that intimation regarding fraudulent transaction was only received on 26.07.2022.

8. Hon'ble Division Bench of the Gauhati High Court in State Bank of India v. Pallabh Bhowmick and 4 Ors, Case No. WA/364/2022 decided on 13.09.2024 authoritatively held that in case of unauthorised electronic banking transaction occurring due to third party breach i.e. where the deficiency neither lies with the customer or the bank, the customer liability will be zero, if the fraudulent transaction is reported within three working days from the date on which the customer receives the communication. The aforesaid Order was upheld by the Hon'ble Apex Court in SLP (C) No.30677/2024 vide order dated 03.01.2025.

The said case has been relied by this Commission in RP No. 1381 of 2018 SBI v. Kodudhala Joji Redy & Anr. decided on 17.11.2025. The observations therein in para 15 may be beneficially reproduced for reference :-

                          "15. Reference may also be made to State Bank of India v. Pallabh Bhowmick and 4 Ors, Case No. WA/364/2022 decided by the Hon'ble Division Bench of the Gauhati High Court on 13.09.2024, which has been upheld by the Hon'ble Apex Court in SLP (C) No.30677/2024 vide order dated 03.01.2025.

In the aforesaid case, complainant was enjoying netbanking facility provided by the appellant/SBI in respect of his savings account and on 18.10.2021, an amount of Rs.94,204.80 was unauthorizedly transferred from the SBI Account through internet banking by way of fraudulent transactions due to downloading of a software application by the complainant. The complainant therein relied upon clauses 9 & 10 of the standing circular of RBI dated 06.07.2017 which provides for guidelines for customer protection, limiting the liability of the customers in case of unauthorized electronic banking transactions. On the other hand, reliance was placed on behalf of the appellant bank upon clause 7 of the circular to submit that the incident took place due to negligence of the customer and, therefore, the appellant bank had no liability. Findings of the Hon'ble Division Bench in para 35 to 40 of the judgment, directing the appellant bank to credit an amount of Rs.94,204.80 in the account of complainant, are apt to be noticed:-

                          "35. In view of the above, we would examine the relevant Clauses 7 to 10 of the RBI Circular dated 06.07.2017. On perusal of the provisions of the RBI circular, we find that Clause 8 deals with third party breaches where the deficiency lies neither with the Bank nor with the customer but lies elsewhere in the system. As held by the learned Single Judge to which we are in agreement with that "Third party breach" is not a defined expression under the RBI circular dated 06.07.2017. However, on reading of Chapter-8 it appears that in case of un authorized electronic banking transaction occurring due to third party breaches i.e., where the deficiency neither lies with the customer or the bank, the customer liability will be "zero" if the fraudulent transaction is reported within 3 (three) working days from the date on which the customer receives the communication. In the present case, even if it is assumed that the fraudulent transaction had taken place due to "third party breach" i.e. breach in the customer data base of the respondent No 3, even then, the fraud/un- authorized transaction was reported to the Bank on 19.10.2021 i.e., within one working day. Therefore, as per clause -8 of the RBI circular, the liability of the customer/writ petitioner in this case ought to be "zero".

                          36. Clause 9 deals with reversal timeline of zero liability/ limited liability of customers in case of unauthorized electronic banking transaction, it would be the discretion of the bank to waive off any customer liability even in case of negligence of the customer. On a reading of the above clauses, it can be inferred that in case of un-authorized electronic transactions the Bank would have a duty to reverse the payment and credit the amount involved in the un authorized transaction within a time frame, provided the fraudulent transaction is reported by the Customer within the time frame provided in the Circular. In an appropriate case, even the negligence, if any, on the part of the customer, can be waived by the Bank.

                          37. On consideration of the materials on record, we find that three online transactions from the respondent no. 1/petitioner's account took place on 18.10.2021 when he had downloaded the 'mobile app' on being prompted by the fraudster. The respondent no. 1/petitioner appears to have done so in order to get refund of his money from respondent No.3. The three transactions were evidently unauthorized as the respondent no. 1/petitioner would never intend to transfer any amount to the respondent No. 4 by downloading the mobile app. The appellant has also not denied that the transaction was unauthorized. In such circumstances, we are in agreement with the learned Single Judge that merely because the respondent no. 1/petitioner had downloaded the mobile app, that cannot by itself lead to the presumption of negligence on the part of the respondent no. 1/petitioner in contributing the unauthorized transaction.

                          38. Learned single Judge has rightly observed that regardless of whether it was a UPI or PG transaction, it is not believable that the respondent no. 1/petitioner would deliberately share his OTP, password and MPIN so as to allow his hard-earned money to be siphoned off from the bank account by a fraudster, that too, on three consecutive occasions, in quick successions. Rather, the incident appears to be pure and simple case of cybercrime whereby, the fraudster had hacked the database of respondent No. 3 and thereafter, got access to sensitive information pertaining to various customers of Respondent No. 3 including the respondent no. 1/petitioner which information was used for completing the fraudulent transactions. The participation on the part of the petitioner appears to be only to the extent of downloading the mobile app. Although the appellant has contended that the petitioner had shared OTP, password and MPIN with the fraudster, yet, the said claim could not be substantiated by the Bank. No material particulars of the complicity on the part of the respondent no. 1/petitioner have been placed on record. Therefore, we are of the view that the appellant has failed to establish any negligence on the part of the respondent no. 1/petitioner.

                          39. It is the contention of the appellant that on receipt of the complaint dated 19.10.2021, the appellant Bank had taken necessary action. However, there is nothing on record to substantiate the same. Even after receipt of written complaint of fraudulent electronic transaction from the account of the respondent no. 1/petitioner, no complaint was lodged by the appellant Bank before the appropriate authority. It is noticed that the appellant Bank did not make any 'charge back' request to the beneficiary bank soon after receipt of the intimation about the fraud from the respondent no. 1/petitioner on 18.10.2021 or even on receipt of the complaint dated 19.10.2021. It appears that after receipt of the complaint from the respondent no. 1/petitioner on 19.10.2021 the appellant has not taken any action in the matter to protect the interest of its customer. Not even a complaint was lodged by the appellant Bank with the cybercrime cell. However, bald claim has been made by the appellant alleging negligence against the respondent no.1/petitioner by denying any liability.

                          40. Undoubtedly, it is correct that if a customer is negligent in handling his or her account and discloses sensitive information such as, password, OTP, MPIN, Card Number etc., resulting into fraudulent transaction, the Bank cannot be held liable for loss, if any suffered by the customer. However, in such cases, negligence on the part of the customers must be cogently established by the Bank by bringing reliable materials on record. The Banks cannot absolve themselves of the liability towards losses suffered by the customers on account of unauthorized electronic transactions based on perceived negligence of the customers. In the present case, having considered the facts and circumstances of case and the materials available on record, we concur with the view of the learned Single Judge, that the appellant has failed to establish negligence on the part of the respondent no. 1/petitioner leading to the fraudulent transactions. Thus, the learned Single Judge has rightly directed the appellant to deposit an amount of Rs.94,204.80/- (Rupees Ninety- four thousand two hundred four and Eighty Paisa) only, in the bank account of the respondent no.1/petitioner."

9. Reverting back to the facts of the case, the complainant herein had only initiated a payment of Rs.20/- from his account but resulted in fraudulent transaction of Rs.25,000/- and Rs.1,99,000/- without sharing of any further OTPs. The account stood debited since the online software was under control of a third party. However, admittedly, no OTP for said two transactions was received by the complainant. The complicity of the complainant cannot be presumed merely on account of downloading the application. In case of third-party fraud, complainant cannot be held liable for allegedly sharing the OTP for transaction of Rs.1,99,000/- and Rs.25,000/- when the transactions were not initiated by him. The Bank apparently cannot be absolved of the liability towards the losses suffered by the complainant on account of unauthorized electronic transactions in view of RBI Circular dated 06.07.2017 as referred to above in preceding paragraphs, since the information of fraudulent transactions was shared with the Bank/OP within stipulated period.

10. For the foregoing reasons, we agree with the findings of the learned State Commission directing re-credit of Rs.1,99,000/- in the account of the complainant with compensation of Rs.25,000/-. In case the Bank/Opposite Party fails to pay the aforesaid amount within period of four weeks, the same shall be payable with interest @ 8% p.a. from the date of default till realization. Second appeal along with pending applications, if any, accordingly stand disposed of. No order as to costs.

A copy of this order be sent to both the parties by the Registry.
 
  CDJLawJournal