Cyber fraud: Supreme Court orders SBI to refund Rs 94,000 lost in an online scam to its customer
Jan 7, 2025
Synopsis
State Bank of India (SBI): A person from Assam fell victim to a cyber fraud when he tried to return a Louis Philippe blazer. However, instead of helping this victim, SBI said the fraudulent transactions happened through Google Pay, a third party app not recommended by SBI. Further Gauhati High Court found out that SBI took 'no action' despite being informed within hours of the scam happening. Supreme Court holds SBI responsible and orders full refund.
Who knew returning a blazer worth Rs 4000 purchased from Louis Philippe, a division owned by Aditya Birla Fashion could result in a cyber fraud where the entire bank account is cleaned out. This is exactly what happened to a man from Assam. All he ever wanted was to return the purchased blazer and get back his money. But instead of getting back any money he lost about Rs 94,000 kept in his State Bank of India bank account. Strange, isn't it?
State Bank of India, India's largest public sector bank instead of lodging a cyber complaint and raising a chargeback request chose to instead blame the victim for his irresponsibility. This does not end here as SBI went as far ahead to say since the fraudulent transactions happened through Google Pay, the bank is not responsible. This is because Google Pay is a third-party app, and the bank never recommends using third party apps to conduct online transactions.
However, this person was also determined as he left no stone unturned. He fought with SBI in the RBI Banking Ombudsman, Gauhati High Court and lastly in the Supreme Court. Except the RBI Banking Ombudsman, everywhere else it was proved that the person is a victim of cyber fraud and hence SBI must refund the money. Read below to know this person's story and listen to his fight for justice which may also help you in a similar situation.
The cyber fraud started with Louis Philippe's website getting hacked
This entire incident started when Louis Philippe's website got hacked in 2021 and several customer's (including the present victim's) personal information was sold online.
Using this personal information a fraudster called him up (the present victim) and identified himself as a customer care representative of Louis Philippe. He went on to further explain that the blazer purchased from Louis Philippe can only be returned if an app was installed on the phone. As soon as this app was installed, the fraudster took out whatever money was lying in the SBI savings bank account and transferred it to a Federal Bank savings bank account. From this Federal Bank savings account the money was almost instantaneously transferred to a Jupiter Neo savings account and from there to multiple other accounts using UPI and payment gateway. Within a few hours the entire Rs 94,204.80 stolen from this person's SBI account was withdrawn. All the victim was left with was an Rs 4000 worth blazer which he didn't even want to keep in the first place and an empty bank account.
This victim immediately contacted SBI's hotline number and narrated the issue. SBI acknowledged this issue and blocked his card and accounts. He then went on to lodge an FIR in Jalukbari Police Station and lodged three complaints with the Cybercrime Cell of Criminal Investigation Department (CID), Assam Police. He also filed a complaint with the National Cyber Crime Reporting Portal of the Ministry of Home Affairs.
Getting no major breakthrough he first filed a complaint with the RBI Banking Ombudsman. When he lost the case here he knocked on the doors of Gauhati High Court. In between the time proceedings of the case were ongoing, Assam Police tracked down the fraudster who was living in Uttar Pradesh under a false name. The Honorable High Court after its investigation found fault in action taken by SBI in this fraud case and ordered full refund to the victim. However, SBI filed an appeal in Gauhati High Court against this order. In this appeal also SBI lost the case and was ordered to refund the victim and recover the money from the fraudster who was now caught.
Instead of following the Honourable High Court's order, SBI chose to file an appeal in the Supreme Court of India. The Supreme Court, after reading through the facts and evidence presented relating to this fraud case also found SBI guilty. Hence the Supreme Court upheld Gauhati High Court's order and ordered a full refund to the victim.
Gauhati High Court finds SBI who was informed about this fraud within hours took no action
According to the order of Gauhati High Court, SBI who was informed about this fraud within hours of it happening but had taken no action.
Gauhati High Court said: "....Even after receipt of a written complaint of fraudulent electronic transaction from the account of the respondent no. 1/petitioner, no complaint was lodged by the appellant Bank before the appropriate authority. It is noticed that the appellant Bank did not make any 'charge back' request to the beneficiary bank soon after receipt of the intimation about the fraud on 18.10.2021 or even on receipt of the complaint dated 19.10.2021. It appears that after receipt of the complaint on 19.10.2021 the appellant (SBI) has not taken any action in the matter to protect the interest of its customer."
SBI says it does not recommend using Google Pay and is certainly not responsible for any transactions done using it
Lawyers representing SBI said before Gauhati High Court that the fraudulent transactions were done through Google Pay, a third-party app and third party apps are not recommended by SBI for online transactions.
SBI's lawyer said: "....the learned Single Judge has failed to consider the admission by the respondent no/ 1/writ petitioner in the FIR dated 18/10/2021 that the first transaction of Rs 64,017.00/- was done through Google Pay. As Google Pay is a third-Party App, appellant Bank is not responsible for a transaction that has been done through a third-party app which is in no way connected to the Bank. Bank never recommends any third-party app for online transactions."
SBI's lawyers even went as far as to say that National Payments Corporation of India (NPCI) terms and conditions imply a user is solely responsible for any damage resulting from usage of UPI apps.
SBI's lawyers said "..The learned Single judge has failed to consider that UPI (Unified Payment Interface) is a third-Party App developed by National Payments Corporation of India (NCPI) and one can enjoy the App only after accepting Terms and Conditions of the App. As per Clause 3.6 of the Terms and Conditions of the App the App does not provide warranty that the App will be free from defects or that operation of the App will be uninterrupted. Use of the App by the User is at the User's own discretion and risk and the User is solely responsible for any damage resulting from the use of the App."
However, the high court rejected SBI's appeal and ordered "This intra-Court appeal is directed against the judgment and order dated 30.09.2022, passed by the learned Single Judge in WP(C) No. 1900/2022, whereby, the learned Single Judge, has set aside the order dated 07.03.2022, passed by the Ombudsman, Reserve Bank of India, and directed the appellant to deposit an amount of Rs. 94, 204.80/- (Rupees Ninety-four thousand two hundred four and Eighty Paisa) only, in the bank account of the petitioner with a liberty to recover the amount from the respondent No. 3."
Supreme Court says SBI despite having the latest technology did not use it to detect and prevent such cyber fraud
The Supreme Court upheld Gauhati High Court's order which told SBI to give a refund to the victim and recover the money from the fraudster who is now in police custody. The Supreme Court in its order said: "We see no good reason to disturb the impugned order passed by the High Court."
Here's a summary of what the Supreme Court observed:
> "All that the High Court has said is that the original petitioner who suffered the loss was not negligent in any manner. All transactions relating to the account of the respondent No.1 - herein maintained with the petitioner - Bank were found to be unauthorized and fraudulent. It is the responsibility of the bank so far as such unauthorized and fraudulent transactions are concerned. The Bank should remain vigilant. The Bank has the best of the technology available today to detect and prevent such unauthorized and fraudulent transactions. Further, clauses 8 and 9 respectively of the RBI's Circular dated 6-7-2017 make the position further clear."
> "We also take notice of the fact that within 24 hours of the fraudulent transaction, the customer, i.e., the respondent No.1 - herein brought it to the notice of the Bank."
> "We expect the customers, i.e., the account holders also to remain extremely vigilant and see to it that the O.T.Ps. generated are not shared with any third party. In a given situation and in the facts and circumstances of some case, it is the customer also who could be held responsible for being negligent in some way or the other."
Crucial element of the judgement which secured victory for this victim
As per the order of the Supreme Court, "We are in complete agreement with the observations as contained in Para 42 of the impugned judgment (Gauhati High Court)."
"Para 42: Having heard and considered the submissions of the learned counsel for the parties and after going though the materials available on record, we are in full agreement with the learned Single Judge that the online transactions that took place on 18.10.2021 from the respondent No. 1/petitioner's Bank account were unauthorized and fraudulent in nature. No negligence on the part of respondent No. 1/petitioner could be established by the Appellant. Clauses 8, 9 of the RBI Circular dated 06.07.2017 would apply. The respondent No. 1/petitioner will not have any liability."
As per the order of the Gauhati High Court the bank must be able to prove negligence on the part of the customer otherwise it is responsible for the fraudulent transactions.
Para 40: "Undoubtedly, it is correct that if a customer is negligent in handling his or her account and discloses sensitive information such as, password, OTP, MPIN, Card Number etc., resulting into fraudulent transaction, the Bank cannot be held liable for loss, if any suffered by the customer. However, in such cases, negligence on the part of the customers must be cogently established by the Bank by bringing reliable materials on record. The Banks cannot absolve themselves of the liability towards losses suffered by the customers on account of unauthorized electronic transactions based on perceived negligence of the customers."
[The Economic Times]
