Unauthorised Online Transactions From Bank Account; Gauhati High Court Orders SBI To Reimburse Cybercrime Victim
The Gauhati High Court on Monday directed the State Bank of India (SBI) to reverse an amount of Rs. 4,44,699.17, in the bank account of a cyber-crime victim, which was deducted from their account through several unauthorised transactions. Justice Kalyan Rai Surana concluded that the petitioner likely fell victim to cybercrime due to the origin of the unauthorized transactions in...
The Gauhati High Court on Monday directed the State Bank of India (SBI) to reverse an amount of Rs. 4,44,699.17, in the bank account of a cyber-crime victim, which was deducted from their account through several unauthorised transactions.
Justice Kalyan Rai Surana concluded that the petitioner likely fell victim to cybercrime due to the origin of the unauthorized transactions in Thane.
“…in this case, 35 (thirty-five) transactions take place between the short period from 08.05.2012 to 17.05.2012. Out of these transactions, the State CID had been able to locate 12 IP addresses in Thane District, out of which 2 (two) IP addresses are fake. Therefore, the preponderance of probability is that the petitioner is a victim of cyber-crime. The respondent nos. 4 and 5 have not been able to show that any sms alerts were issued to the petitioner for all these transactions disputed by the petitioner.”
The petitioner held an account with SBI and alleged that unauthorised online transactions amounting to Rs. 4,44,699.17 occurred in his account between May 8 and May 17, 2012, without his knowledge or consent. He claimed that he did not receive any SMS alerts notifying him of these transactions in his registered mobile number. Accordingly, he reported the matter both to the bank and law enforcement authorities.
The petitioner contended that although he initially had a 19-digit ATM-cum-debit card without e-commerce capability, he received a replacement card, allegedly without his request, which was later used for the said unauthorised online transactions. He sought an inquiry into why SMS alerts for these transactions did not reach him and requested a refund of the stolen amount along with interest.
A complaint was registered with the Additional Director General of Police (CID), Assam who investigated the case but could not trace the people involved. They discovered that the cybercrime originated in Thane with fake names and addresses. The CID investigation also revealed that certain IP addresses were related to the case, although some of them were fake. Due to the limited data retention period of internet service providers, the investigation faced challenges.
Thereafter, the petitioner filed a complaint before the Banking Ombudsman which was rejected as the determination would require consideration of documents and oral evidence.
Hence, the petitioner approached the High Court seeking an enquiry into why SMS alerts for online transactions did not reach the petitioner’s registered mobile number and sought a direction for the refund of the sum of Rs.4,44,699.17 along with applicable interest.
The petitioner submitted that the SMS alerts he received between May 08 to May 17, 2012, were only regarding ATM transactions and not for any internet transactions, which was not supported by the said card.
The counsel appearing for the SBI submitted that the bank or its officers were not responsible for cybercrime, since one need not wait for an OTP for each transaction from the bank and then place orders by feeding card details, PIN number, etc.
It was admitted that the petitioner's 19-digit ATM card was not suitable for online transactions but they claimed that the petitioner must have disclosed his card details and PIN to someone who committed the fraud.
The Court noted that as per the investigation of State CID, the crime had originated from Thane District of Maharashtra and the CID has not been able to trace 10 out of 12 IP addresses.
“The CID neither seized the petitioner’s mobile nor collected the CDR of the SIM for the period between May 08, 2012 and May 17, 2012. Therefore, there is no scope to verify the truthfulness of the version of the petitioner to establish whether he had received SMS alert or not and there is less scope for tracing out the accused of the case in near future. The respondent nos. 4 and 5 have not produced any record to show that sms alert against alleged fraudulent transactions were generated and sent from their computer system.”
The Court further noted that the Bank did not preserve its record of having sent sms alert to the petitioner regarding e-commerce or internet use of his ATM card.
The Court observed that transactions that had taken place from the petitioner's account vide 19-digit ATM card between May 08 and May 17 were unauthorized and fraudulent in nature because as per the investigation carried out by the State CID, they could find that 12 of the IP addresses through which transactions were made were located in Thane district in Maharashtra.
“Therefore, the petitioner is not found to have any liability in respect of the said transactions to the extent of Rs.4,44,699.17. These transactions are reflected in the statement of bank account of the petitioner, which is annexed to the affidavit filed by the respondent nos. 4 and 5. Therefore, the respondent nos.4 and 5 are required to reverse the said amount in the savings bank account of the petitioner. However, with liberty to recover the said from the persons to whose account said money or part thereof were siphoned off,” the Court said.
Thus, the Court directed the SBI to reverse the unauthorised transactions' amount of Rs. 4,44,699.17 within 60 days. Interest at a rate of 6% per annum would be applied if the amount was not deposited within the specified time.
Citation: 2023 LiveLaw (Gau) 89
Case Title: Smti. Jyoti Bezbarua Goswami & 2 Ors. v. The State of Assam & 6 Ors.
Case no.: WP (C) 3085/2013