Mumbai, April 10: In a significant ruling on cyber fraud and banking liability, the Bombay High Court has directed HDFC Bank to refund Rs 38.04 lakh to a Pune-based businessman, Subodh Korde, who lost the amount in a series of unauthorised online transactions in 2021.
Court upholds RBI ‘zero liability’ rule
A bench of Justices Bharati Dangre and Manjusha Deshpande held that he was entitled to “zero liability” under Reserve Bank of India (RBI) guidelines.
Korde, a freelancer in business consultancy, lost the amount through eight unauthorised online transactions executed within just 41 minutes on July 15, 2021.
The fraud was preceded by the addition of three unknown beneficiaries and a sudden increase in his transaction limit from Rs 4 lakh to Rs 40 lakh a day earlier. He claimed that he neither authorised nor received OTPs for these.
Bank’s defence rejected by court
The bank denied liability, alleging possible compromise of the customer’s credentials and also raised a preliminary objection that, as a private entity, it was not amenable to writ jurisdiction. It further argued that the dispute arose out of contractual obligations.
Rejecting these contentions, the High Court held that private banks operating under RBI regulation and dealing with public funds perform a public function.
“When a bank conducts business under the aegis of the RBI and public interest is involved, its actions can be subjected to judicial review,” the bench observed.
SIM swap fraud confirmed
Interestingly, BSNL, the businessman’s network provider, confirmed that Korde’s SIM card had been swapped multiple times between July 12 and July 15, 2021.
Accepting this, the court noted that it was a “clear case of SIM swapping”, where fraudsters gain access to OTPs by duplicating a user’s mobile number. “This is precisely the methodology adopted… the petitioner did not receive any OTP as the SIM card was cloned,” the court noted.
Inconsistencies in bank’s claims
The bench also found inconsistencies in the bank’s defence. While HDFC claimed OTPs and alerts were sent, it failed to produce proof of delivery. Its own records revealed that the transactions originated from an IP address in Chennai, whereas Korde’s genuine transactions were from Pune. Further, internal alerts flagging suspicious activity were not effectively acted upon.
Relief granted with interest
Relying on the RBI’s July 6, 2017 circular on ‘Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions’, the court emphasised that the burden of proving negligence lies with the bank.
“The burden to prove customer negligence lies on the bank,” it said, adding that if a customer is not at fault and reports promptly, “the liability is zero”.
Also Watch:
Observing that Korde had acted swiftly upon discovering the fraud and that there was no evidence of negligence on his part, the court ruled in his favour. “For no fault of his, the petitioner was deprived of his own money,” the bench said.
The court directed HDFC Bank to refund Rs 38.04 lakh within eight weeks with 6% annual interest, which would increase to 8% in case of delay.
To get details on exclusive and budget-friendly property deals in Mumbai & surrounding regions, do visit: https://budgetproperties.in/
