“The Bank apparently cannot be absolved of the liability towards the losses suffered by the complainant on account of unauthorised electronic transactions…since the information of fraudulent transactions was shared with the Bank/OP within stipulated period,” the commission said on April 15.
The SBI failed to take adequate remedial action despite prompt reporting, said the national consumer commission. (Image enhanced using AI)
No evidence of negligence by consumer
The commission held that merely downloading a fraudulent application does not amount to negligence by the consumer. It said that no evidence was produced to show that OTPs were shared and the transactions were clearly unauthorised.
The bank failed to take adequate remedial action despite prompt reporting, said the commission.
“The complicity of the complainant cannot be presumed merely on account of downloading the application,” the national consumer commission observed, emphasising that the bank had failed to establish any negligence on the part of the customer in the fraudulent transactions.
Banks Cannot Pass the Buck on Cyber Fraud — NCDRC Orders SBI to Refund Rs 1.99 Lakh
₹20 Bill attempted
A Bengaluru resident tried to pay a Rs 20 electricity bill after receiving a fake disconnection SMS. Instead, Rs 1.99 lakh was debited without OTP. He reported to SBI and cybercrime police the same day — NCDRC held SBI fully liable. | April 15, 2026
WHAT THE CUSTOMER DID vs WHAT THE BANK FAILED TO DO
✅ Customer Did Everything Right 👤 Prompt & Correct Response
Never shared OTP — transactions were unauthorised; no credentials compromised by customer
Reported same day — informed SBI helpline, email and cybercrime police on July 19, 2022 itself
Downloading a fake app is not negligence — NCDRC: complicity cannot be presumed from app download alone
Reported well within RBI's 3-working-day window → zero liability triggered
❌ SBI's Defence — All Rejected 🏦 Failed to Act, Failed to Prove
"Customer shared credentials" — no evidence produced; claim rejected by NCDRC
"Delayed reporting" — undermined by SBI's own re-crediting of Rs 25,000, proving it knew fraud was reported promptly
Reversed Rs 25,000 but not Rs 1.99 lakh — selective reversal exposed bank's inconsistency and cost it the case
Bank failed to take adequate remedial action despite prompt reporting
📋 The RBI Rule That Decided the Case RBI Circular, July 6, 2017: Customers bear zero liability for unauthorised electronic transactions caused by third-party breaches — provided fraud is reported within 3 working days. Banks must reverse such transactions within a stipulated timeframe and cannot shift the burden onto customers without proof of negligence.
VERDICT SBI directed to refund Rs 1.99 lakh + Rs 25,000 compensation within 4 weeks. Failure attracts 8% annual interest. NCDRC upholds Karnataka State Commission's order — SBI's second appeal dismissed.
Fraud triggered by fake electricity bill alert
The case dates back to July 19, 2022, when Bengaluru resident Prodosh Kumar Banerjee received a fraudulent SMS warning of electricity disconnection for non-payment of dues. On contacting the number provided, he was prompted to download a mobile application resembling the official interface of the electricity department.
Story continues below this ad
Banerjee attempted to pay a nominal amount of Rs 20. However, he soon received alerts indicating that Rs 25,000 had been debited from his SBI account, followed by another unauthorised debit of Rs 1.99 lakh despite no OTP being shared for these transactions. His phone subsequently became non-functional.
Swift reporting, partial reversal
Fearing further loss, Banerjee immediately reported the fraud to the cybercrime police, leading to the registration of a complaint and FIR. He also informed SBI through its helpline and email on the same day.
While the bank re-credited Rs 25,000 and froze the account, no effective steps were taken to reverse the larger debit of Rs 1.99 lakh.
Litigation Journey
August 14, 2023: District Consumer Forum dismisses complaint, citing customer negligence
Story continues below this ad
May 26, 2025: Karnataka State Commission reverses decision, orders SBI to refund Rs 1.99 lakh with Rs 25,000 compensation
April 15, 2026: National consumer commission dismisses SBI’s appeal and upholds the State Commission’s order
SBI’s defence rejected
SBI argued that the fraud could not have occurred without the customer sharing sensitive credentials such as OTP, and alleged that there was a delay in reporting the incident.
However, the consumer commission found that the fraud had been reported promptly within hours and noted that the bank’s own action of re-crediting Rs 25,000 undermined its claim of delayed intimation.
Story continues below this ad
Zero liability under RBI guidelines
The national consumer commission relied on the Reserve Bank of India’s circular dated July 6, 2017, which provides that customers bear zero liability in cases of unauthorised electronic transactions caused by third-party breaches, provided the fraud is reported within three working days.
Referring to precedents, including a Gauhati High Court ruling upheld by the Supreme Court, the consumer commission reiterated that banks must reverse such transactions within a stipulated timeframe and cannot shift the burden onto customers without negligence.
Final directions
Upholding the state consumer commission’s findings, the national consumer commission directed SBI to re-credit Rs 1,99,000 to the complainant, pay Rs 25,000 as compensation and comply within four weeks, failing which 8 per cent annual interest would apply on the defaulted amount.
No order as to costs was passed.
Significance
The decision reinforces consumer protection in digital banking, making it clear that banks must substantiate claims of customer negligence.
Story continues below this ad
Prompt reporting by customers triggers “zero liability” safeguards and financial institutions are obligated to act swiftly to prevent and remedy fraud
With cyber fraud cases on the rise, the ruling underscores that liability cannot be shifted onto consumers in the absence of clear evidence of fault.
19 years after Rs 19 lakh, vanished from ATM, NCDRC slashes 25 per cent insurance payout
Nearly two decades after a mysterious cash shortfall of Rs 19.03 lakh was discovered in an ATM in Ghaziabad, the National Consumer Disputes Redressal Commission (NCDRC) has held the insurer liable but only partially, citing lapses by the insured cash-handling firm in safeguarding access credentials.
A bench comprising Presiding Member Dr Inder Jit Singh and Member Dr Justice Sudhir Kumar Jain was hearing a first appeal filed by United India Insurance Company Limited challenging the September 28, 2016 order of the Delhi State Consumer Commission, which had allowed the complaint of M/s A P Securitrans Private Limited and directed payment of the full insured amount of Rs 19.03 lakh with interest.
Story continues below this ad
“After careful consideration of the entire facts and circumstances of the case, in particular, the Surveyor’s report, the State Commission‘s order, policy document and rival contentions of the parties including the ones contained in their written notes of arguments, we hold that the loss in the present case is covered under the policy,” the commission said on April 13.
NCDRC orders Rs 50 lakh payout
On April 7, the National Consumer Disputes Redressal Commission (NCDRC) has rejected a startling claim by HDFC Standard Life Insurance Limited and upheld a Rs 50 lakh insurance payout while holding that the insurer failed to prove its allegation that the policyholder had died in 1994 instead of 2013.
A bench comprising Dr Inder Jit Singh (presiding member) and Justice Sudhir Kumar Jain (member) was hearing the first appeal by HDFC Standard Life Insurance, challenging an order by the Bihar State Consumer Disputes Redressal Commission, which had directed it to pay a Rs 50 lakh insurance claim following the death of one Sushil Kumar Singh.
The SBI failed to take adequate remedial action despite prompt reporting, said the national consumer commission. (Image enhanced using AI)