Reverse Disputed Transaction of Rs18.36 Lakh, Consumer Commission Tells SBI
Moneylife Digital Team 18 August 2021
In a path-breaking judgement the Gondia District Consumer Disputes Redressal Commission has directed the State Bank of India (SBI) to reverse the disputed transaction of Rs18.36 lakh into the customer's bank account.
The Commission even directed SBI to recover the money from the salary of its concerned officers and staff.
In an order on 10 August 2021, a bench led by Bhaskar Yogi, president and Sarita Raipure, member, says, "The opposite party (SBI) is hereby declared liable for the loss caused to the complainants. Opposite party is directed to reverse the disputed transaction of Rs18,36,400 along with simple interest at 6% per annum from 22 November 2019 till realisation to the complainants."
SBI has also been asked to pay Rs25,000 as compensation for causing mental agony and suffering to the complainants, both of whom are senior citizens. 
The Commission further says, "Opposite party (SBI) may recover the above amount from the concerned officers or staff after conducting their internal enquiry from the salary of the staff who has committed dereliction in duty for the loss caused to the public institute (bank)."
Advocate Dr Mahendra Limaye, who represented the complainants in this case, says, "This judgement establishes that even if police have not fully investigated in the matter of cyber-crime, victims should not feel remediless and can avail option of civil remedy to fight for their rights in cyberspace and can get the lost amount back."
Gondia-based Dr Suresh Bholeshwar Katre and his wife Minakshi are both senior citizens and had filed a complaint against SBI alleging that the Bank had failed to protect and to take due care in the capacity of the trustee of money deposited in their savings account, resulting in an online fraudulent transaction of Rs12,86,800 and Rs5,49,600, respectively, from their savings account. 
On 20 November 2019, both the senior citizens received an SMS on their mobile number saying "Your SBI account will be suspended today 20/11/19 due to wrong date of birth verified in your bank account. For reactive upgrade Fully KYC, immediately by online visiting click link below."
However, earlier the same day, Dr Katre had submitted his documents for know-your-customer (KYC) verification to SBI. After receiving the SMS, he thought the link in the SMS is sent by the Bank since only the Bank has his KYC verification information. 
Dr Katre, using the link given in the SMS, updated his date of birth and mentioned the mobile number of his wife that was linked with their two bank accounts. After that Minakshi Katre, the wife of Dr Katre, received a message saying that account activation is successful. She also received an SMS for one-time passcode (OTP), which she shared with a person who called her from the number 9840997056. 
On the same day, at around 2.10, both the Katres received messages about change in their net banking login and password from 20 November 2019. 
On the night of 20 November 2019, Ms Katre received three SMSs and early morning of 21 November 2019 there were three more SMSs. In total, she received six SMSs informing her about the withdrawal of Rs1,99,800 in each transaction. Again at 5.02am on 22 November 2019, she received an SMS informing her of a withdrawal of Rs88,000 from her account. In total, Rs12.87 lakh vanished from her account in three days. 
She also received similar SMS for her other account informing her of the withdrawal of Rs5,49,600 in three transactions at 5.02am on 22 November 2019. 
After realising something is wrong with her accounts, Ms Katre reported the matter to SBI while requesting for a debit freeze of the beneficiary account. The Katres also registered a first information report (FIR) with the Gondia police station.
In their plea, the Katres contended that the SBI was unable to provide any information of the beneficiary and this "not-providing beneficiary account’s information as well as not initiating quick action of recalling the amount from the beneficiary bank by opposite party amounts to deficiency in service."
As per the Reserve Bank of India (RBI) master circular on customer services in India dated 1 July 2015 at point no. 5.17 page 31, guidelines are provided for securing electronic payment transactions. These guidelines at (i) say that customer induced options may be provided for fixing a cap on value/mode of transactions/beneficiaries. "In the present case the Opposite party failed to fix the cap on such activities," they said.
The same circular at (iv) mandates that banks may put in place a mechanism for velocity check on the number of transactions effected per day or per beneficiary and any suspicious operations should be subjected to alert within the bank and to the customer. 
The senior citizens submitted, "SBI has miserably failed on this count also as they failed to detect the suspicious transaction within the bank, occurring at odd hours of the day and the uncharacteristic velocity of the transactions. Also, though the e-mail ID of the complainant was registered with SBI, it failed to initiate emails for the huge volume of transactions. Failure of SBI to follow the RBI mandated guidelines also amounts to deficiency in service reasonably expected by the bank for the online transactions." 
"RBI through KYC guidelines has mandated the opposite party to identify the clients as per their transactions pattern and provide security according to their classification but the opposite party also failed to provide reasonable security to the client’s account and hence again liable for deficiency in service," they added.
The Katres also contended that SBI failed to provide robust and dynamic fraud detection and prevention mechanism as this led to happening of fraud and the complainant losing the huge amount of Rs18.36 lakh. 
"These acts of omission and commission of SBI, which is one of the leading banks in India, having all the technological innovations at its discretion, of not responding to the enquiry by the complainant regarding detailed transaction information of our accounts and not initiating any proactive measures on its own after the receipt of the report about suspected activities happening on our account, and not protecting our confidential information, amounts to most severe deficiency in service as per banking industry guidelines and norms," the senior citizen couple contended. 
In its submission, SBI contended that the Katres committed negligence and were not careful. "And on loss or injury, now the complainant cannot equate it with inadvertence and shift the burden of care on SBI, beneath the effect of instructions and circular of RBI, which even otherwise do not assure for the negligent act of complainant. It is well settled that once the things, which are declared not to follow or commit, if someone commits it, he is bound to suffer."
The Commission visited the website of SBI and took screenshots to understand the requirements of creating the user ID and login password. 
It says, "From the screenshots for user-driven registration–new user, it seems that the account number, customer identification file (CIF) number, branch code are mandatory fields and from pleadings, the complainant has only shared the birth date and the OTP. Thus the question as to who shared the account number and CIF number is to be seen."
"Only two persons, the complainant and the bank know the above details and if the complainant has received phone calls and the link on the same day and the number submitted in the KYC application when he had submitted the KYC documents, it is obvious that the confidential information is parted by the employees of the bank only," the bench noted.
Further it observed, "Unless the bank is able to satisfy the Court of either an express condition in the contract with its customer or an unequivocal ratification, it will not be possible to save the bank from its liability. Banks do business for their benefit. Customers also get some benefits. If banks are to insist upon extreme care by the customers in minutely looking into the passbook and the statements sent by them, no bank perhaps can do a profitable business. It is common knowledge that the entries in the passbooks and the statements of account sent by the bank are either not readable, decipherable or legible.
"There is always an element of trust between the bank and its customer. The bank’s business depends upon this trust."
Coming down heavily on SBI, the district commission observed that details of miscreants can be traced but the bank does not help poor consumers.
"Even the employees of the bank share details of customers to fraudsters, which can be taken note of, for the simple reason that a person's bank details are only with the bank or the consumer. Then how come anyone knows that a particular person has such and such a bank account in such and such a bank at such and such place."
"Thus, it is a burden on the part of the bank and its employees to discharge their burden first then only can the complainant be held responsible for any alleged negligence. Hence looking from any angle the opposite parties miserably failed to discharge their burden that the complainant was negligent.
"In view of the above ruling and facts of the present complaint, the complaint must be allowed with cost and compensation," the commission says. 
It then directed SBI to reverse the transaction for Rs18.36 lakh to the bank accounts of the Katres and "recover the public amount from the salary of the public servant, who has performed their duty capriciously and caused harassment and mental agony to the complainants after conducting their internal enquiry from the staff, who has committed dereliction in duty, resulting in the loss, and cost to the public authority as per Supreme Court Judgment in case of Lucknow Development Authority vs. M. K Gupta 1994 AIR 787."
Here is the copy of the judgement from the Gondia District Consumer Disputes Redressal Commission:
2 years ago
I do not have any account in SBI. Still I keep getting these messages. The fraudsters are sending SMS to random people. SBI being the largest bank has a higher probability of having a customer's account. In the instant case the concerned bank staff is unlucky as the customer received SMS on the same date of form submission. The assumption by the decision passing authority is incorrect in assuming staff involvement. While these types of cases are regularly on the rise, nobody talks about KYC compliance by telecom companies. Mobile connections are distributed freely to onboard new users. The frauds are perpetrated by people using this flaw as they cannot be traced due to incorrect/incomplete KYC. In the present scenario when mobile numbers are playing crucial part in financial transactions it is high time that RBI and TRAI jointly come up with KYC due diligence guidelines for mobile operators. Till then there is no hope of the situation improving. Also, when fintech companies / payment gateways are involved in the transactions there is very little the bank staff can do other than sending mails. The wallets of these new age companies get credited with the amounts and money is siphoned off. The additional intermediate layer is a hindrance in tracing the transactions and induces a delay thereby providing the fraudster sufficient time to dispose off the funds. The KYC compliance of wallets also requires RBI attention. RBI should come up with guidelines for realtime sharing of complete transaction information including the beneficiary at each stage between fintech companies and commercial banks. Unless the bank staff is able to view the aforesaid information in CBS system of the bank he cannot help the customer in any manner. There should be a centralised repository/portal for the banks to report the fraudulent transactions. The portal may be monitored/set up by RBI for ensuring efficacy.
3 years ago
High end technology in the hands tailend staff is incompatible and risky
3 years ago
3 years ago
I too am Haunted by even a worse problem which involves corruption by SBI But nobody guide's me not even moneylife
3 years ago
There is a huge time gap btw the profile change sms, and the txn initiated sms they could have stopped it themselves.. All the sms wud have been recieved by the complainant regarding the change .. Wen they already knew sumthing phishy is happening they cud have stopped it .. Its purely customer negligence..
3 years ago
The thing is here, the details which were provided by the complainant is as per the complaint given by the customer to cc or police. Whereas the communication tat happened btw the fraudster and the complainant shud b verified bcoz there is no way a customer detail like cif no. Or ac no. be shared to third party at any cost by a banker. Court should ask the police to enquire in such a angle too.

Many frauds are happening nowdays by fraudsters call, sms and email. 99.9% time it happens due to the customers negligence where they used to reveal all the information.

Its all due to the ppl urge or want of getting things done online without any paperwork or verification. And tats wat the fraudsters are taking advantage of stealing the amount in the name of calls.
Evrydy atleast 1 or 2 calls we get from fraudsters. It is upto us to be safe. And not reveal even a bit of our data unnecessarily without papers in person.
3 years ago
I was victim of similar onlinr fruad amounting to @ rs.90,000/- from my HDFC BANK account by a fruadster from west bengal/Bihar in march 2020 (before lockdown).

I had approched Moneylife with all details.Moneylife officials studied the case in detail and guided me to recover my lost money.It took about TWO months to get back my lost money.

Even after fruadster's merchant from Delhi refunded disputed amount to HDFC but HDFC took lots of time and documentation to transfer my lost amount back into my HDFC account.
Replied to DeepakSB comment 3 years ago
In my case there was a flow from HDFC Bank.While transferring online fund to third party,HDFC BANK asks security question which needs to be mnaually answered.Howevr in my casr HDFC could not provide PROPER REASONING/CLARIFICATION as to how security questions-answers were by passed by fruadster.
Replied to DeepakSB comment 3 years ago
For TPT the party needs to be registered and there is a cooling time before doing transfer . After the cooling time they send a sms that cooling period is over. Finally after transfer they need the security answer or the OTP for doing it.

Nothing of this sort happened with you?
3 years ago
Well written judgement and eyeopener for banks who take customer for granted.Moreover recovery is to be made from erring employee is best part.Employee should be more cautious.
Replied to vaibhavdhoka comment 3 years ago
I dont know wat was the doctor doing wen banks send daily caution sms regarding this kinda frauds.. Was he deyin up his butts? Its purely their negligence , he has shared all the information but he s hiding those details from court just to get his money back.
Replied to vaibhavdhoka comment 3 years ago
Mostly bank employees of PSU banks are in efficient,careless,arrogant AND ALSO CORRUPT SOME TIMES IN SPITE OF GETTING HEAFTY SALARIES.SBI BANK at North Mumbai suburb after relaxation of first lock down,Account holders-mostly senior citizens were made to wait for 2-3 hours in QUE for pass book updation !!!!
Replied to DeepakSB comment 3 years ago
Ha ha, I am waiting for 1.5 yrs to update IDBI bank passbook, or take online access and get print out from there.
Free Helpline
Legal Credit