6 min readNew DelhiUpdated: Jun 8, 2026 11:44 AM IST
SBI news: The Delhi High Court recently observed that customer negligence in digital banking is not confined to sharing OTPs and may also extend to clicking on suspicious links that compromise banking credentials, while allowing the State Bank of India (SBI)’s appeal against an order directing it to reimburse Rs 2.60 lakh lost in an alleged cyber fraud.
Chief Justice Devendra Kumar Upadhyaya and Justice Tejas Karia noted that in the context of evolving cyber frauds, a customer’s duty of care includes exercising caution while interacting with unknown links and applications, as such actions may expose sensitive banking credentials to misuse.
“In matters involving digital banking fraud, customer negligence cannot be confined solely to cases of express disclosure of OTPs or passwords. Compromise of such credentials may also occur where a customer interacts with suspicious links or unknown applications, thereby exposing the banking credentials to misuse,” read the May 29 order, which relieved the SBI of the liability.
Chief Justice Devendra Kumar Upadhyaya and Justice Tejas Karia found that there is no material to indicate that there was any compromise of the banking system.
The high court was hearing an appeal filed by State Bank of India (SBI) challenging a November 18, 2024, order of a single judge directing the bank to pay Rs 2.60 lakh to the customer, a computer science professor, along with Rs 25,000 towards litigation costs. It subsequently set aside the single judge’s order relieving the bank from the liability of paying the amount to the man.
No breach on part of SBI
- The high court noted that in the present case, no such investigative finding has, till date, emerged to establish that the subject transactions were carried out through any breach of the SBI’s system.
- The court noted that the man admittedly clicked upon a suspicious link received from an unknown person immediately before the subject transactions.
- The court found that there is no material presently on record to indicate that the subject transactions bypassed the authentication process prescribed by the SBI Bank or that there was any established compromise of the banking system.
- Consequently, the court held that the single judge was not justified in presuming deficiency on the part of the SBI Bank and in consequently fastening liability upon it.
- The bench also noted that SBI had immediately blocked the customer’s internet banking profile upon receiving information about the fraud and that no further unauthorised transactions occurred thereafter.
- The court further observed that the Reserve Bank of India (RBI)’s 2017 circular on unauthorised electronic banking transactions draws a clear distinction between losses caused by deficiencies on the part of banks and losses attributable to customer negligence.
- The court also found that the said RBI circular provides that where the loss is occasioned by the customer’s negligence, including by sharing payment credentials, the customer should bear the entire loss until the unauthorised transaction is reported to the bank.
2 transactions, fraud, litigation
- The case arose after Hare Ram Singh, a professor of computer science, lost Rs 2.60 lakh from his SBI account in 2021, following an alleged phishing/vishing fraud.
- It was placed on record that Singh maintained a savings account with the SBI bank at its Greater Noida Branch. On April 18, 2021, an aggregate sum of Rs 2.60 lakh was unauthorisedly withdrawn from the bank account by way of two transactions in the sums of Rs 1 lakh and Rs 1.60 lakh, respectively.
- The man subsequently contacted the customer care department of the SBI, alleging that the subject transactions were unauthorised and fraudulent, and for the purpose of lodging a complaint and seeking blockage of the bank account. Thereupon, the SBI account was allegedly blocked immediately.
- Singh filed complaints which were lodged on the cybercrime portal and before the local police in Bihar.
- Later, on April 26, 2021, a complaint was filed before the banking ombudsman of the RBI.
- Subsequently, the SBI’s internal committee rejected the customer’s claim on July 14, 2021, holding that the transactions were authenticated through internet banking credentials and OTPs sent to the registered mobile number.
- Later, the bank formally rejected the reimbursement request on July 26, 2021.
- However, on October 20, 2021, the banking ombudsman directed the bank to pay one-third of Rs 1 lakh for failing to initiate chargeback proceedings but declined relief regarding the Rs 1.60 lakh Paytm transaction.
- A single judge of the Delhi High Court set aside the ombudsman’s order and directed the bank to refund the entire Rs 2.60 lakh with interest by a November 18, 2024 order.
Contractual, fiduciary nature of relationship
Appearing for the man, advocate Ravi Chandra Prakash argued that the said judgment correctly holds that the unauthorised withdrawals of Rs 2.60 lakh from the SBI Bank account occurred on account of failure of the banking security mechanisms and deficiency in service on the part of the bank.
It was further observed that the banker-customer relationship is both contractual and fiduciary in nature and that the bank owes a corresponding duty of care towards its customer. On that basis, it was contended that the SBI Bank was bound to safeguard the interests of the man in the facts of the present case.
It was contended that vulnerabilities in digital banking systems cannot be visited upon an innocent customer and that SBI Bank was obliged to maintain robust fraud-detection and prevention mechanisms.
Story continues below this ad
It was added that the technology, by its very nature, is susceptible to vulnerabilities and that online transactions are not immune from compromise.
The SBI was represented by Senior Advocate Harin P Raval.
Chief Justice Devendra Kumar Upadhyaya and Justice Tejas Karia found that there is no material to indicate that there was any compromise of the banking system.