Court Rules Customer Negligence in Clicking Suspicious Link Bars Bank Liability
In a significant decision, the Delhi High Court has overturned a previous ruling that held the State Bank of India (SBI) liable for unauthorized transactions totaling Rs. 2,60,000 from the account of Hare Ram Singh. The transactions, which occurred in April 2021, were initially deemed the result of a breach in banking security mechanisms, leading to the bank being directed to compensate Singh.
The judgment delivered by Chief Justice Devendra Kumar Upadhyaya and Justice Tejas Karia pivots on the assessment of customer negligence. Singh, a computer science professor, had clicked on a suspicious link received via SMS, which the court determined to be the primary cause of the unauthorized access to his banking credentials. The court emphasized that negligence can arise not just from sharing payment credentials but also from interacting with suspicious digital content.
The previous judgment had criticized SBI for failing to prevent the fraudulent transactions despite the existence of two-factor authentication (2FA). However, the appellate court found no evidence of a breach in the bank's security mechanisms. The court noted that the transactions were carried out using valid Internet Banking credentials and One-Time Passwords (OTPs) sent to Singh's registered mobile number.
The Delhi High Court highlighted the distinction made in the RBI's 2017 Circular regarding customer liability in unauthorized electronic transactions. The circular states that a bank's liability does not arise if the customer's negligence, such as accessing suspicious links, is established. The court ruled that Singh's actions fell within this category of negligence, thus barring the application of the "zero liability" provision.
This ruling reiterates the importance of customer vigilance in digital banking activities. The court remarked that banks continuously issue advisories cautioning against engaging with unknown sources or disclosing sensitive information. In this case, SBI had taken immediate action to block further transactions once the fraudulent activity was reported, complying with the necessary security protocols.
The appellate court's decision underscores the limitations of writ jurisdiction in resolving technical issues related to digital banking fraud. It emphasized that such matters require technical and forensic examination beyond the scope of the court's capabilities.
The judgment not only impacts the immediate parties involved but also sets a precedent for future cases involving digital banking fraud, reinforcing the principle that banks cannot be held accountable for losses incurred due to customer negligence.
Bottom line:-
Banking law - Customer liability in unauthorised digital transactions - Bank cannot be held liable for unauthorised transactions if customer negligence, such as clicking on suspicious links, is established, and the bank's security mechanisms are not compromised.
Statutory provision(s): RBI Circular dated 06.07.2017, Article 226 of the Constitution of India, Banking Ombudsman Scheme, 2006
State Bank of India v. Hare Ram Singh, (Delhi)(DB) : Law Finder Doc id # 2909891
