In a significant ruling on banking liability and cyber fraud, the Bombay High Court has directed HDFC Bank to refund ₹38.04 lakhs to a businessman who lost the amount due to unauthorized online transactions.
Background of the Case
The case involved a Pune-based businessman who became a victim of cyber fraud through a SIM-swapping technique. Fraudsters managed to gain control of his mobile number, enabling them to access banking services and carry out multiple unauthorized transactions.
Within a short span of about 40 minutes, a total of ₹38.04 lakhs was transferred from his bank accounts to unknown beneficiaries without his consent. ([Live Law][1])
How the Fraud Occurred
The Court noted that the fraud followed a specific pattern:
- The victim’s SIM card was fraudulently swapped or cloned
- Unknown beneficiaries were added to his bank account
- Transaction limits were increased without authorization
- Multiple transactions were executed rapidly
Due to SIM swapping, OTPs and alerts were diverted, preventing the customer from detecting the fraud in time. ([Live Law][1])
Court’s Key Findings
The High Court found that:
- The businessman was not negligent in any manner
- He had not shared any confidential banking details
- He reported the fraud promptly after noticing the transactions
The Court emphasized that the burden to prove negligence lies on the bank, and in this case, the bank failed to establish any fault on the customer’s part. ([Live Law][1])
RBI Guidelines and “Zero Liability” Principle
Relying on the Reserve Bank of India’s 2017 circular on unauthorized electronic transactions, the Court held that:
- If a customer is not at fault and reports the fraud promptly
- The customer is entitled to “zero liability”
This means the bank must bear the loss and refund the amount. ([The Indian Express][2])
Court’s Decision
The Bombay High Court directed HDFC Bank to:
- Refund the entire amount of ₹38.04 lakhs to the customer
- Pay interest on the amount
- Complete the payment within a specified time frame (eight weeks)
Important Legal Principle
The Court also clarified that banks, though private entities, operate under RBI regulations and deal with public funds. Therefore, they carry a responsibility to protect customers and can be held accountable for failures in such cases. ([Free Press Journal][3])
Significance of the Ruling
This judgment is important because it:
- Strengthens customer protection in digital banking
- Reinforces accountability of banks in cyber fraud cases
- Highlights risks associated with SIM-swapping fraud
- Clarifies application of RBI’s zero liability rule
Conclusion
The Bombay High Court’s decision sends a strong message that customers cannot be penalized for cyber frauds when they are not at fault. Banks must ensure robust security systems and act responsibly, as failure to do so can result in financial liability.
