Madras High Court Holds PayTM Liable For Unauthorised Debit From Customer’s Account, Asks RBI To Ensure Its Guidelines Are Followed
The Madras High Court recently came to the rescue of a post-graduate medical student, Dr R Pavithra who had lost around 3 lakh rupees from her account due to fraudulent unauthorized transactions on Paytm. She had approached the court after the City Union Bank failed to reverse the loss suffered by her and instead allegedly attempted to shift the blame on her. Justice RN Manjula...
The Madras High Court recently came to the rescue of a post-graduate medical student, Dr R Pavithra who had lost around 3 lakh rupees from her account due to fraudulent unauthorized transactions on Paytm. She had approached the court after the City Union Bank failed to reverse the loss suffered by her and instead allegedly attempted to shift the blame on her.
Justice RN Manjula after hearing in detail the submissions of the City Union Bank, Paytm, and the Reserve Bank of India, held that the payments bank, ie, Paytm was liable for the transactions and not the petitioner’s bank.
The court, however, also noted that since Paytm is a private body, directions cannot not be issued straight away.
"Even though the petitioner has sought compensation from the 7th respondent banker, the facts and materials available on record as discussed above would only fix the liability on the payment bank [the 10th respondent] and not upon the 7th respondent bank. Though a straight away directions can not be given against the 10th respondent, since it is a private body, this Court can mould the relief in such a way that directions should be given to the 6th respondent, RBI, to take action against the 10th respondent for violating its own guidelines. The RBI guidelines are issued not as a formality, but the entities subjected to the RBI regulations should comply with the conditions of the master circular in its true letter and spirit," the court said.
The court noted that though customers are encouraged to use payment applications, whenever there are fraudulent interventions, they are made to run from pillar to post and the institutions keep on shifting the blame.
"Even though the public is encouraged to use payment banks such as PayTM, Google Pay, Amazan Pay, etc., the customer is made to run from pillar to post, in case he is affected due to any 3rd party violations or fraudulent intervention. What is surprising is that even when the RBI has issued detailed master directions for both banks and Prepaid Payment Instruments [PPI], every institution shifts the blame upon the other and no one has come up with a concrete idea as to who has to bear the loss suffered by the petitioner, for none of her mistakes."
The court noted that in the circular dealing with Customer Liability in case of Unauthorized Electronic Payment Transactions through Paypointz Wallet, whenever a complaint is filed beyond a period of 7 days, the liability of the customer is based on the policy of the prepaid payment instrument.
In the present case, though Paytm took a stand that it was not informed about the fraud, the court held that the petitioner had promptly given her complaint to the banker. The court also added that it was not possible for the petitioner to know how the fraud was committed.
The court also noted that Paytm failed to establish the liability of the customer within 90 days as necessitated under the RBI circulars. Thus, the court held that as per guidelines, the amount is to be paid to the customer irrespective of whether negligence was on the part of the customer.
The court was also informed that RBI had taken action against Paytm M under Sec.35-A of the Banking Regulation Act 1949 and had banned it from enrolling new customers. The court was also informed that RBI had directed Paytm to appoint an IT audit firm to conduct a comprehensive system audit of its IT system in view of the increased spying attacks.
"In fact, it is stated by the RBI that such an action has been taken based on certain materials connecting to supervising concerns observed by the bank itself. So the system audit is required for the IT system adopted by the 10th respondent, which is vulnerable to fraudulent activities. The petitioner is one among the several users and hence the 10th respondent is liable to make out the loss suffered by the petitioner," said the court.
Case Title: Dr. R Pavithra v The Commissioner of Police and others
Citation: 2023 LiveLaw (Mad) 140
Counsel for the Petitioner: Mr. Sharath Chandran