what is the liability of Banks in Unauthorized and Fraudulent Online transactions

Online transactions are a new normal as the government is pushing for online transactions. Banks are also providing big discounts on online sale and purchase of products through credit and debit cards.
But sometimes people the infrastructure of the
On 21st December, 2020 in National consumer Disputes Redressal Commission (NCDRC), the Hon’ble Presiding Member, Mr. C Viswanath dismissed the Revision Petition  filed under Section 21 (b) of the Consumer Protection Act, 1986 in 1 HDFC Bank Ltd. & Anr. versus Jesna Jose R.P. N. 3333 of 2013 by HDFC Bank and held that the bank will be liable to pay to its customers in case of unauthorized transactions. Thus, the banks must compensate to its account holders in case of fraudulent transactions in the absence of any evidence to substantiate its stand that the fault was on the part of the account holder and in today’s digital age, the possibility that the credit card was hacked or forged cannot be ruled out.

Brief facts of the matter:

The vcitims purchased a pre-paid Forex Plus Debit from the bank in 2007 and the fraud took place in 2008. The victim’s father got a call from the Credit Card Division of bank for confirming the transaction attempted by the victim’s card. but after verifying the same from the victim, it came to the attention of both  that no such transaction was done by the victim/card holder and thereafter a complaint was registered in the police station, Los Angeles. The victim also received the chargeslips and came to know  that the signatures on the charge slip didn’t match the victim’s signatures

Victim filed a consumer complaint on the facts that the credit card was in her possession when the transaction took place and thus there is a possibility that her card could have been hacked or forged by some third party for which the petitioner is liable or some other technical and/or security lapse in the electronic banking system through which the transactions had taken place as the transaction took place several miles away from the actual place of the respondent.

The matter went on to the Hon’ble NCDRC wherein it was held that since the petitioner bank has failed to produce any evidence to substantiate that the fraudulent transaction took place because of the account holder’s fault hence, the petitioner will be liable for the same and the bank cannot rely on arbitrary terms and conditions to wriggle out of its liability towards customers and any such terms and conditions must be in conformity with the directions issued by the RBI which is responsible for safekeeping of the banking systems and maintaining checks and balances in the same.

The Hon’ble NCDRC also relied upon the  RBI circular dated 6th July, 2017 dealing with Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions wherein it stated:-

“6. A customer’s entitlement to zero liability shall arise where the unauthorised transaction occurs in the following events:

Contributory fraud/ negligence/ deficiency on the part of the bank (irrespective of whether or not the transaction is reported by the customer).

Third party breach where the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system, and the customer notifies the bank within three working days of receiving the communication from the bank regarding the unauthorized transaction.”

Time taken to report the fraudulent transaction from the date of receiving the communication

Customer’s liability

Within three working days –    Zero liability

Within four to seven working days –  The transaction value or the amount or the maximum liability of the customer ranges from ? 5,000 to ? 25,000, depending on the type of account whichever is lower

Beyond seven working days – As per bank’s Board approved policy

The Hon’ble NCDRC has observed as under:

“11. The first fundamental question that arises is whether the Bank is responsible for an unauthorized transfer occasioned by an act of malfeasance on the part of functionaries of the Bank or by an act of malfeasance by any other person (except the Complainant/account-holder). The answer, straightaway, is in the affirmative. If an account is maintained by the Bank, the Bank itself is responsible for its safety and security. Any systemic failure, whether by malfeasance on the part of its functionaries or by any other person (except the consumer/account-holder), is its responsibility, and not of the consumer.”

The Reserve bank of India (RBI) on 6th July 2017 amid the national drive toward digital transactions and rising incidents of fraud, had notified the norms in order to fix the liability in cases if a person loses money through an unauthorized electronic banking transaction like cyber attack on the bank or hacking of account.

The order passed by the Hon’ble NCDRC is going to help millions of people who fell victims to such frauds and unauthorised transactions because In today’s time with an increase in digital and net-banking transactions, the threat of fraud in online transactions and hacking are also on the rise.

(Visited 14 times, 1 visits today)