‘Glaring service deficiency’: Delhi HC directs SBI to compensate man who lost Rs 2.60 lakh to cyber fraud
The money was debited from the man’s SBI account in 2021 after he clicked on a link he received via SMS.
3 min read
The court of Justice Dharmesh Sharma directed that the payment be made to the petitioner Hare Ram Singh, a 55-year-old academician, within four weeks along with costs for legal proceedings, Rs 25,000. (File Image)Allowing a petition by a man who lost Rs 2.60 lakh from his State Bank of India (SBI) account in a voice phishing attack, the Delhi High Court on Monday recorded a “glaring service deficiency” on the part of the bank and directed it to compensate him the lost amount, along with interest at a rate of 9 per cent per annum from the date of the fraud.
The court of Justice Dharmesh Sharma directed that the payment be made to the petitioner Hare Ram Singh, a 55-year-old academician, within four weeks along with costs for legal proceedings, Rs 25,000.
On April 18, 2021, Singh was duped of Rs 2.60 lakh after he received an SMS with a link and clicked on it. The amount was debited from his SBI account even though he did not share any OTP, allegedly in breach of the two-factor authentication he had enabled.
Granting relief to Singh, the court noted that there is “nothing to suggest that the petitioner shared the sensitive financial information” that would be tantamount to negligence on his part and was rather a case “where the OTPs received on the mobile phone of the petitioner automatically got transmitted to the cyber fraudsters who thereby were able to withdraw the amount from the account of the petitioner”.
Recording SBI’s deficiency, the court order stated, “In my view, the petitioner was a ‘victim’ of cyber fraud and he cannot be said to be ‘negligent’ in any manner under the notions of the civil law or for that matter under the criminal law. Negligence implies ‘the duty to take care’ that would be expected from a person of ordinary prudence. The negligent act on the part of the customer should be such which is gross, utterly reckless and unconscionable. In the present case, the petitioner had taken care not to share the OTPs, in fact he had no occasion to do so, and if that is the case, it would imply that even the most hyped 2 Factor Authentication [“2FA”] was breached as the same was not secure, which is directly attributable to deficiency in service provided by the respondent…SBI”.
“…(SBI) demonstrated a glaring service deficiency. Despite prompt intimation from the petitioner about the account breach, they showed no urgency. (SBI) failed to exercise due care, neglecting their duty to act swiftly upon notification of the fraudulent withdrawal. Consequently, they took no steps towards chargeback, retrieval, or freezing the suspicious accounts maintained with IDFC Bank and One97 Communication (where the amount Singh was defrauded of, was transferred to),” the court further stated.
Holding SBI liable to pay compensation for Singh’s loss, the court held, “It has to be presumed that it is on account of the failure on the part of the bank to put in place a system which prevents such withdrawals, that the petitioner suffered monetary losses….Unhesitatingly, there was patent deficiency in services on the part of the bank, inasmuch as the response of the bank was lukewarm, defective, and not prompt.”
You May Like
Photos
