Bombay HC Quashes Banking Ombudsman Order, Asks Bank of Baroda To Refund Rs76.9 Lakh Debited Fraudulently with 6% Interest
Moneylife Digital Team 14 June 2024
Highlighting the lackadaisical attitude displayed by the banking ombudsman and Bank of Baroda (BoB) while handling a cyber fraud case of the bank customer, the Bombay High Court (HC) directed BoB to refund Rs76.9 lakh fraudulently debited from the customer's account with an interest of 6%pa (per annum) from 2 October 2022 till the date of payment. 
 
In an order, the bench of justice Girish S Kulkarni and Firdosh P Pooniwalla says, "While the banking ombudsman came to the conclusion that there was no deficiency or lapse on the part of Bank of Baroda-BoB, the banking ombudsman did not make any proper inquiry as to whether the debit transactions had taken place with the authorisation of the petitioners. The banking ombudsman has merely stated that it was established that the transactions were completed post addition of beneficiaries and input of valid credentials or two-factor authentication (2FA) known only to the account holder. The banking ombudsman failed to appreciate that the adding of the beneficiaries and the debit transactions from the bank account of the petitioners took place without any intimation to the petitioner either on their mobile number registered with BoB or on their email ID registered with the Bank, as is demonstrated by the three reports from the cyber cell. In these circumstances, the order (of the banking ombudsman) dated 10 January 2023 would be required to be quashed and set aside."
 
Jaiprakash Kulkarni, director of his family company Pharma Search Ayurveda Pvt Ltd, has the company account in BoB. On 1 October 2022, certain entities and individuals were added as beneficiaries to the bank account without any one-time passcode (OTP) sent to the mobile number or email address registered with BoB. On 2 October 2022, he was informed by his accountant, Vishwanathan Shetty, about several messages from BoB regarding a total of Rs76.90 lakh debited in several tranches from the company account. 
 
Mr Kulkarni immediately informed the cyber cell at Worli police station in Mumbai and the bank manager of BoB about the illegal transactions. He was advised to block the SIM card associated with the registered mobile number associated with the bank account. The next day, the company sent a letter to BoB and registered a first information report (FIR) in the Worli police station.
 
Despite repeated follow-up with BoB about the refund of the money illegally debited from the company account, Mr Kulkarni did not receive any response. He then filed a complaint with the banking ombudsman.
 
On 10 January 2023, the banking ombudsman rejected his complaint, stating that the transactions were completed post-addition of the beneficiaries and input of valid credentials and 2FA known only to the account holder, and, therefore, there was no deficiency or lapse on the part of BoB.
 
Mr Kulkarni and Pharma Search Ayurveda then filed a petition before the Bombay HC. They contended that despite the specific timelines and procedure as laid down in the circular issued by the Reserve Bank of India (RBI) as well as the customer protection policy of BoB, the bank failed to refund the amount illegally debited from their account and the banking ombudsman wrongly rejected their complaint. 
 
Mr Kulkarni also alleged that despite the RBI circular, BoB was unwilling to refund the amount debited from the company account. Instead, he was asked to approach the beneficiary banks or the police.
 
While passing an order on 26 April 2023, the HC asked the cyber cell of Worli police station to provide logs from the telecom services provider, Airtel, for filing an affidavit.
 
In their affidavit, Mr Kulkarni and Pharma Search Ayurveda quoted from the report submitted by the cyber cell. The report states that, on 1 October 2022, when beneficiaries were added to the company's bank account, no messages were received from BoB on the mobile number linked to the bank account.
 
Further, pages 6 and 7 of the report show that the messages regarding logging into the net banking services on 1 October 2022 and adding beneficiaries to the bank account were never delivered to the registered mobile number. They show that the OTPs for adding the beneficiaries were undelivered to the registered mobile number. A further perusal of pages 7 and 8 of the report, which contained the SMS logs of BoB, shows that a total of 15 SMSs were received by the accountant, Mr Shetty, on the registered mobile number on 2 October 2022, from BoB, regarding the fraudulent transactions undertaken from the company account to the beneficiaries, who were already added on 1 October 2022 without any intimation to Mr Kulkarni and the company. The report pages show that, out of the 15 messages that were delivered to the registered mobile number, only two were for OTP and the remaining 13 messages were debit messages. 
 
Further, the report also shows that, on 2 October 2022, between 7.44am and 7.57am (a total of 13 minutes), the bank account of Pharma Search Ayurveda was debited of Rs76,90,444.70 in favour of beneficiaries who had been already added.
 
The HC observed that the report of the cyber cell clearly shows that beneficiaries were added to the bank account without any intimation of the same being received on the mobile number registered with the bank and that messages were received on the mobile number only when, on the next day (2 October 2022), monies were debited from the bank account of Pharma Search Ayurveda.
 
"Thus, there was no intimation to the petitioners about adding the beneficiaries, and the petitioners only received messages on the registered mobile number when the bank account was actually debited," it says.
 
In its affidavit, BoB submitted that Mr Kulkarni and Pharma Search Ayurveda were negligent in dealing with the matter. "...there were 14 emails generated and served and delivered on the registered email ID of Pharma Search Ayurveda, which was pertaining to the OTP, successful login and the successful addition of beneficiaries on 1 October 2022. The petitioners and/or their accountant were hand-in-glove with the fraudsters, due to which they purposely ignored these emails," BoB contended.
 
The bank also used the word 'call barred' in its affidavit. The HC, in its order on 15 February 2024, directed BoB to submit a certificate from a police authority or the mobile company about the messages which are shown under the heading 'calls barred' in the context of the operational changes.
 
When the cyber cell inquired with Airtel, the telecom operator, it was told that "As per our call data records (CDRs) there is nowhere reflecting term 'call barred', hence it is not possible to explain the exact meaning for the same." 
 
"This shows that the term 'call barred' was coined by BoB and not by the service provider. This further substantiates the fact that, on 1 October 2022, when beneficiaries were added to the said bank account, no intimation was received by the Petitioners on their registered mobile number," the bench of justice Kulkarni and justice Pooniwalla says.
 
Further, the HC says, "As per the RBI circular and the policy of BoB, the liability of Mr Kulkarni and Pharma Search Ayurveda in respect of the said unauthorised transactions would be zero as the unauthorised transactions have taken place due to a third party breach where the deficiency lies neither with BoB nor with Mr Kulkarni and Pharma Search Ayurveda, as already held based on the said three cyber cell reports. In these circumstances, as per the RBI circular and as per the policy of BoB, Pharma Search Ayurveda is entitled to a refund of the amount from BoB." 
 
"In this context, it is also important to note that, as per paragraph 12 of the RBI circular, the burden of proving customer liability in case of unauthorised electronic bank transactions lies on the bank. In the present case, BoB has no acceptable material to fasten any such liability on the part of Mr Kulkarni and Pharma Search Ayurveda. On the contrary, the three Cyber Cell reports clearly show that the unauthorised transactions have taken place without any intimation to the petitioners either on their mobile number registered with BoB or on their email ID registered with BoB. For all the aforesaid reasons, BoB will have to be directed to refund the amount illegally and unauthorisedly debited from the bank account of Pharma Search Ayurveda to the petitioners," the bench says.
Comments
noorani.shaban
8 months ago
we hd kept fD worth 30 million in bob colaba we were getting 6% intreste when govement made intreste rates higher aftr corona v requested local bob bank they just kept dilly dialling later we came2know it wasnt manegers vishalS but region office isnt responding' to vishalSharma ji we hd to goto regional office HEIGhT was region mr manoj dint even hd time to meet us tho he was sitting inside with his tailor 2nd time N 3rd time we went they also kept sayying we will come bk to u they did not. we said we will debit the amount AND to debit it they charged us penal intreste n sone other charges ranging to 84 lakh ? . wich v paid n v debited our amount 2024 . if they treat radiunt customers this way wat about others...
pankajanayak1963
8 months ago
The High Court could come to the correct conclusion that there was no negligence on the part of the bank (bank has generated the sms and e-mails from its end to inform the customer about adding of beneficiaries, online transactions etc.) or the customer (he had not received the alert emails and some of the sms, so he was not aware of the addition of beneficiaries, unauthorised transactions, etc. going on in his account), but it was a third-party breach, because they could get the call records from mobile service provider and email delivery report from mail service provider and also reports from the cyber police. Unfortunately the Banking Ombudsman of RBI has no such powers to ask the mobile service provider or email service provider or the cyber police to provide such reports. Ombudsman has powers only to ask the bank and the complainant. The bank's report proved emails and sms were sent to customer. So the Ombudsman, based on available information, concluded that there was no negligence on the part of the bank, and rejected the complaint.
sivakumar_go
8 months ago
This is purely an insider job. Without the active connivance of the bank officials this would not have been possible. There are many black sheep within the bank. I lost faith in the banking system of ours.
ArrayArray
Free Helpline
Legal Credit
Feedback