The National Consumer Disputes Redressal Commission (NCDRC) recently held that in case of fraudulent transactions leading to the withdrawal of money from a person’s bank account, the concerned bank shall be responsible for the loss, not the customer if it is not proven that the fraudulent the transaction had taken place due to the account holder’s fault.
The ruling was made by Presiding Member C. Viswanath, who opined that in today’s digital age, the possibility that the credit card was hacked or forged can not be ruled out.
The NCDRC stated that in a case where the Bank has been unable to prove that the impugned the fraudulent transaction had taken place due to the account holder’s fault, for example, loss of credit card, the Bank shall be made liable for the unauthorized transactions, as it is deemed that there was a security lapse in the electronic banking system through which the transactions had taken place.
In the present case, the Commission was hearing a revision petition filed by the HDFC Bank against the dismissal of its appeal by the State Commission, thereby upholding the order directing the Bank to compensate the customer for fraudulent transactions from her account.
The Complainant-customer had stated that the credit card was in her possession when the disputed transactions had taken place. She further stated that the transactions had taken place remotely, several miles away from her actual location and therefore, the reason for the fraudulent transactions must be forgery/hacking of the card or some other technical and/or security lapse in the electronic banking system through which the transactions had taken place.
The Bank had on the other stated that the Credit Card must have been stolen and that it is due to the Card Holder’s negligence that she lost safe custody of her card.
The Court noted that the Bank had failed to produce any evidence to substantiate its averment that the credit card was stolen or that the Complainant had resorted to any fraud/forgery.
“In the absence of any evidence that the credit card was stolen, I hold the Bank for the unauthorized transactions,” Presiding Member C. Viswanath said. The Commission relied on an RBI circular as per which, zero liability will rest with the customer, where the defciency lies in the banking system.
As per Circular dated 6 July 2017: “A customer’s entitlement to zero liability shall arise where the unauthorized transaction occurs in the following events” :
- Contributory fraud/ negligence/ deficiency on the part of the bank (irrespective of whether or not the transaction is reported by the customer).
- Third-party breach where the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system and the customer notifies the bank within three working days of receiving the communication from the bank regarding the unauthorized transaction.
In the facts of the case, the Commission noted,
- The first unauthorized transaction took place on 15.12.2008.
- The said transactions were observed by the Bank on 15.12.2008 itself.
- The Complainant's father was contacted only on 18.12.2008.
- On 20.12.2008, within three days of receiving information from the Bank, the Complainant's father notified the Bank that the transactions were unauthorized.
“In such circumstances, therefore, even if the deficiency was not with the Bank, but elsewhere in the system, the Bank will be held liable for all the 29 unauthorized transactions which were effected from 15.12.2008 till the card was hotlisted, i.e. till 20.12.2008,” the Commission said.
Reliance was also placed on Punjab National Bank & Anr. v. Leader Valves II, (2020) CPJ 92 (NC), where the Commission while addressing the question of liability of a Bank in case of unauthorized and fraudulent electronic banking transactions, had observed: