Coming close on the heels of banks and mobile service providers being pulled up for lax security measures that are breached by criminals to carry out cyber frauds, the adjudicating officer of the Maharashtra government’s Directorate of Information Technology (IT) has directed Kotak Mahindra Bank and Reliance to compensate a cyber fraud victim of Rs 23 lakh.
The case pertains to Manu Bharadwaj (46), a Navi Mumbai resident, whose mobile phone number was tampered with and fraudulent transactions of over Rs 23.75 lakh were made from his bank account in August 2013.
S V R Srinivas, Principal Secretary of the state IT department, in an order on September 27, directed Kotak Mahindra Bank to pay Rs 13 lakh to the complainant, while Reliance Communication has been directed to pay Rs 12 lakh.
“More than the money, we are happy to have been proven right. We had been certain that the fraud was carried out not due to mistake on our part but due to poor security procedures at the bank,” Bharadwaj told The Indian Express.
On August 23, 2013, Bharadwaj, who has a subscription business, realised that his cellphone had no network. After approaching his mobile network provider, Reliance Communi-cations, and getting a new SIM card, he found that within two days Rs 23.75 lakh had been fraudulently transferred from his Kotak Mahindra Bank account. “While the bank reversed a transaction of Rs 2 lakh, the rest of money was in dispute. An FIR was later registered and I approached the adjudicating officer through my lawyer Vicky Shah,” said Bharadwaj.
In his order, the adjudicating officer observed: “It is clear that both Reliance Communications and Kotak Mahindra Bank have let their customer down. Even though the customers are expected to use their discretion to secure their net banking IDs and passwords, the onus of securing customers’ data is on the banks and similarly the telecommunication companies.”
Regarding Kotak Mahindra Bank, the order said: “…It is clear that foreign IP addresses were used by the fraudster to withdraw money using net banking. There was a total variance with the normal transaction activities of the complainant, i.e the complainant never exceeded the limit of online transaction to more than Rs 2 lakh… All these did not raise any alerts with the bank’s system…This clearly shows the bank does not have a proper system in place for fraud detection.”
Regarding Reliance Communications, the order said: “There is a direct link between blocking of SIM card of the complainant, issuance and use of duplicate SIM card by the fraudster and the unauthorised transaction from the account of the complainant. The bank transactions happened after the duplicate SIM card was procured by the fraudster…The KYC documents that they (Reliance Communications) had obtained were clearly not verified with the originals. The signature of the customer is different and even the copy of the passport obtained is fake and has different details of the customer, including the photograph.”
Rohit Rao, chief communication officer, Kotak Mahindra Group, said: “We are not in receipt of the order issued by the Principal Secretary (Information Technology), Government of Maharashtra. The bank was never notified about the hearing/s and the order has been issued ex parte. We are getting aware of this order through media (your) query. Fact of the case is that fraudsters procured duplicate SIM card from the telecom service provider sometime around August 23, 2013 and the fraud happened between August 23 and 24 in the customer’s account. The fraud has been done via net banking, which is possible only when customer compromise their CRN number and password. The bank has a robust cyber security and risk management in place and there is no lapse in bank’s procedures. Therefore, the bank cannot be held liable for the siphoning of the amount from the customer’s account. We intend to file an appeal on receipt of the order.”
Reliance Communications did not respond to the e-mail seeking their response on the order.
Lawyer Vicky Shah said: “This is a good sign that banks and mobile service providers who do not have robust security systems in place are being pulled up. This will encourage all establishments to take their security with the seriousness it deserves.”
Meanwhile, Vodafone told to pay Rs 4.5 lakh to Mulund resident
Meanwhile, the adjudicating officer of the IT department last month directed Vodafone Essar to pay Rs 4.5 lakh to a Mulund resident who fell victim to a cyber fraud in 2013. The order said that “due to the negligence of the KYC norms and telecom guidelines by respondent no 3 (Vodafone Essar) the money transfer was facilitated and as a consequence a loss of Rs 4.5 lakh was caused to the complainant.”