Recently, the Allahabad High Court held that the burden of establishing a customer’s liability in cases of unauthorized electronic banking transactions lies squarely on the bank. The Court was adjudicating a writ petition concerning an alleged cyber fraud involving substantial fund transfers between family members’ accounts, and it emphasized that RBI circulars are intended to protect genuine victims, not to be misused to cloak personal transactions as cybercrimes.
Brief Facts:
The petitioners, a father and son, operated separate cash credit accounts with the Bank of Baroda, both having limits exceeding ₹1 crore and active net banking access. On June 19, 2022, petitioner no.1 transferred ₹37.85 lakhs to petitioner no. 2, who then allegedly transferred the funds to unknown accounts. The petitioners claimed this was the result of cyber fraud, lodged an FIR, and approached the High Court, accusing the bank and police of inaction.
Contentions of the Petitioner:
The petitioners contended that despite exercising caution, the suspicious transactions occurred. They argued that their SIM card was blocked, making it impossible to receive OTPs or transaction alerts. Relying on RBI circulars, they asserted that the bank bore full liability to refund such losses, unless customer negligence was proven. To reinforce their claims, judgments in State Bank of India v. Pallabh Bhowmick and Jaiprakash Kulkarni v. Banking Ombudsman were cited.
Contentions of the Respondent:
The counsel for the respondent, however, countered that the entire sequence of transactions was initiated and completed by petitioner using his own login credentials, device, and OTPs. It was submitted that the alleged beneficiary accounts were added by petitioner a day before the transaction, and even the password was changed post-transfer, clearly indicating awareness and control over the account. The bank submitted logs, OTP data, and IP records to prove its case.
Observations of the Court:
The Court took a firm view, holding that, “The petitioners were not victims of cyber fraud. The transactions were executed after proper login, OTP generation, and password modification, all performed by the petitioners themselves.”
It was noted that the petitioners received SMS alerts for the debits on June 19, 2022, but delayed filing a cyber complaint until June 20 and lodged the FIR only on June 21. This timeline, the Court said, pointed to an afterthought. The Court directly addressed the misuse of RBI circulars, “RBI circulars are meant to shield innocent customers from fraudulent third-party transactions, not to serve as a sword for camouflaging personal transactions as cyber fraud. The circular's purpose is protection, not prosecution.”
Supporting documents submitted by the bank, including internet banking logs, OTP records, and password change timestamps, established that the transaction was knowingly executed by the petitioners.
The decision of the Court:
Holding that there was gross negligence and no proof of unauthorized third-party access, the Court dismissed the writ petition, refusing to grant any relief.
Case Title: Suresh Chandra Singh Negi and Anr v. Bank of Baroda and Another
Coram: Justice Shekhar B. Saraf and Justice Praveen Kumar Giri
Case No.: Writ-C No. 24192 of 2022
Advocates for Petitioners: Mr. Aniket Gupta and Mr. Prem Chandra
Advocate for Respondent: Mr. Namit Srivastava
Picture Source :
