1.      The present First Appeal has been filed under Section 51 of the Consumer Protection Act, 2019 (hereinafter referred to as “the Act”) against the Order dated 04.08.2022 passed by the State Consumer Disputes Redressal Commission, Telangana (‘the State Commission’), in Consumer Complaint No. CC/102/2019, wherein the Complaint filed by the Complainants (Respondents herein) was allowed.

2.      For convenience, the parties involved in this Appeal will be referred as per their identification in the Complaint originally filed before the Ld. State Commission. Mr. Biresh Chandra Gangopadhyay is identified as Complainant No. 1, and Smt. Aarti Gangopadhyay, wife of Complainant No. 1, is identified as Complainant No. 2. The State Bank of India, represented by the Branch Manager, Deputy General Manager, and Chief General Manager, will be addressed as Opposite Party Nos. 1 to 3 (hereinafter referred to as "OPs Bank").

3.      The brief relevant facts, as per the complainants, are that they opened a joint Savings Bank Account (S.B. A/c. No. 10123103876) at Balkampet Branch of the OPs Bank. Complainant No. 2 opened three fixed deposits for Rs. 10 lakhs, Rs. 15 lakhs, and Rs. 15 lakhs (total Rs. 40 lakhs) on 09.08.2017 for a period of one year with a mandate for auto-renewal. She was issued with the FD receipts in her name. On 04.04.2019, Complainant No. 1 went to the OP Bank to update the passbook of his wife, Complainant No. 2. He was informed that the printer was not working and was given an account statement from November 2018 to March 2019. He was shocked to see that it showed a balance of only Rs. 3 lakhs instead of about Rs. 28 lakhs. He noticed that all unauthorized withdrawals were made through internet banking, although the account had "View Only" facility and did not have internet banking facility for transactions. He immediately brought this to the notice of the Branch Manager of the OPs Bank and lodged a police complaint, leading to FIR No. 240/2019 dated 09.04.2019. He has also submitted a written complaint dated 12.04.2019 to OP-1, drawing their attention to the unauthorized withdrawal of about Rs.63,00,000/- from Complainant No. 2’s Account, including the premature and unauthorized closure of three FDs amounting to Rs. 40 lakhs. The OP Bank contended that the internet banking credentials of Complainant No. 2 were compromised and OTPs were sent on each occasion when her internet banking was breached. However, the bank sidestepped the fact. The fraud could not have occurred but for the bank's actions in enlarging the scope of inherent banking transactions to permit:

a) The upgradation of "View Only" accounts to embrace all types of transactions, and

b) The premature closure of fixed deposits, which were opened physically offline, through the online facility.

4.      The complainants alleged that the OP bank knew the customer was a senior citizen who had consciously opted for "View Only" access and was 'not tech savvy'. The bank's negligence in changing the transaction access without even verification left the vulnerable senior customer exposed. Thus, the bank must bear responsibility for facilitating the unauthorized transfers by enlarging the scope of INB facilities, including the use of the YONO Application, without the informed consent of Complainant No. 2. Since their grievances were not addressed and the OPs failed to share the results of their internal investigation, they filed Consumer Complaint No. 102 of 2019 before the Ld. State Commission, seeking the OP Bank to pay Rs.63,74,527/- along with interest at 18% p.a.; Rs. 25,00,000/- as compensation for mental agony and; and Rs. 20,000/- as costs.

5.      In their written version before the State Commission, the OPs denied the allegations made in the complaint and contended that it is the customer's obligation to prevent unauthorized use of their mobile device and to avoid sharing the mobile banking password/PIN with unauthorized persons. They shared their mobile, PIN number and other details with their associates, and that all disputed transactions were conducted by these associates either in connivance with them or due to their negligence. Therefore, the OPs Bank cannot be blamed under any circumstances. The domestic help of the complainants who was entrusted with performing banking transactions on their behalf, was involved in the disputed transactions. A total of 37 transactions amounting to Rs. 63,74,536/- were undertaken in the names of five companies. However, the domestic helper and the companies were not added as parties to the proceedings, making the complaint liable to dismissal for non-joinder and mis-joinder of necessary parties. The OPs further contended that Complainant No. 2 enabled transaction rights by logging into https://www.onlinesbi.com on 05.08.2018 at 11:20 AM. The bank sent an OTP to the registered mobile number to complete this request on the same day. Thus, the claim that she did not have transaction rights did not hold. Two fixed deposits were prematurely closed on 17.11.2018 and a third deposit was closed on 10.12.2018 online through the YONO platform, with the proceeds credited to her SB Account. They addressed a letter dated 03.05.2019, explaining the investigations conducted. The Online Banking platform is designed with various security features to ensure adequate authentication processes. The controls and restrictions depend upon the rights opted for by the customer, not the channel through which the accounts are opened. There was no failure by the Bank regarding the disputed transactions. The allegation that physically opened FDs cannot be closed online is incorrect. This complaint is filed with an ulterior motive and sought its dismissal as frivolous and vexatious.

6.      The learned State Commission partly allowed the complaint with the following reasons/findings: -

“…11… Our view is amply supported by the decision rendered by the Hon'ble Supreme Court in DAV Public School vs. The Senior Manager, Indian Bank on 18t December, 2019 wherein the following issue was raised :

1.  Bank was requested to clarify how an account with only cheque facility can be operated with net banking process.
2. Secondly; how any institutional accounts can be linked with any personal account without the request of the account holder;”
3. Without consent, is it possible to make net transaction of the account ?

It was held by the Apex Court that the Bank has rendered themselves liable by enabling net banking facility by linking. the individual account of the school's Principal (which had net banking facility) to the School's account (which did not ask for the facility).

It is unfortunate that the biggest Government owned Bank in the Country had resorted to defamatory statements against an old, vulnerable and longstanding customer of theirs'. From the above discussions, we seek to emphasize that it is the fault of the opposite party bank to have linked the complainants' account with internet banking facility without any request from them, which caused the fraud. They have also failed singularly in not concluding their investigation and finding out from where the initial request was generated to make the complainants' account transactional. The underlying issue namely: how did internet banking transaction take place in the first instance when there was no specific permission or authority to do so-shows the possibility of co illusion of one or more members/employees of the opposite p arty bank. Considering the above, we are of the view that the opposite party bank should- be directed to reimburse the amount siphoned along with interest and reasonable compensation for their suffering. The opposite party bank is at liberty to approach the concerned criminal court and claim any amount recovered by the Police.

12. In the result, the Complaint is partly allowed, and the opposite parties are directed jointly and severally to reimburse the sum of Rs.63,74,527/- along with interest @9% p.a. from the date of the complaint (11.6.2019) till realization thereafter. We further award a sum of Rs. 3 lakhs towards compensation along with Rs.20,000/- towards costs. Time for compliance is six weeks.”

7.      Being aggrieved by the impugned order dated 04.08.2022, the Appellants /OPs Bank filed this present Appeal no. 684 of 2022 seeking the following:

“a). set aside / quash the order/ judgment dated 04.08.2022 passed by the Hon'ble Telangana State Consumer Disputes Redressal Commission, Hyderabad in C.C. No. 102 0f 20 1 9; and/ or

b). Any other or further relief which this Hon'ble Commission may deem fit In the Interest of justice, In favour of the Appellant ad against the Respondents.”

8.      In the instant Appeal, the Appellants/OPs Bank raised the following key issues:

A. The State Commission failed to note that the police investigation into the FIR revealed that the respondents' close associate (driver) was responsible for the unauthorized withdrawals. It is likely that they shared credentials. This crucial fact was suppressed by them in their complaint.

B. The State Commission overlooked that instead of pursuing legal action against the 5 recipient companies of the transferred amount and their associate (driver), who facilitated the transactions, they wrongly targeted the OP bank. They could have sought recovery from these beneficiaries and taken steps against the fraudster.

C. The State Commission failed to note that the respondents enabled internet banking transactions themselves by logging into the bank's portal and confirming OTPs sent to their registered mobile number on 05.08.2018 at 11:20 AM. The bank cannot be held negligent when they shared their account credentials (OTP/PIN) for transactions, contrary to bank procedures.

D.  The State Commission failed to consider that two FDs were prematurely closed on 17.11.2018 and the third on 10.12.2018 via the YONO platform, with proceeds credited to their SB account. They did not object to receiving these FD amounts in their account.

E. The cases involving fraud, cheating, and conspiracy should be referred to a Civil Court, not a consumer forum. Previous decisions by this Commission support absence of jurisdiction in such matters. Additionally, the respondents already sought recourse through Cybercrime and the Banking Ombudsman, without success.

F.  The respondents also lodged a complaint with the Banking Ombudsman, to which the Appellant bank responded on 11.06.2019, affirming that standard Internet Banking practices including OTPs and SMS confirmations were followed rigorously.

9.      In response to the notice on Appeal, the Complainants filed a reply, reaffirming the contents of their complaint and affidavit of evidence filed in the State Commission. They reiterated their stance on the disputed transactions, emphasizing the alleged negligence and responsibility of the Appellant Bank in the unauthorized withdrawals. Conversely, a rejoinder was filed on behalf of the Appellant Bank to counter the reply submitted by the Complainants. In this rejoinder, the Appellant Bank included copies of the RBI Guideline dated 04.06.2008 and the RBI circular dated 06.07.2017. These documents were likely annexed to support their argument regarding banking procedures and customer responsibilities in online transactions. The Bank reiterated the grounds of Appeal, emphasizing customer negligence, adherence to banking protocols, and the lack of jurisdiction of consumer forums in cases involving fraud and conspiracy allegations.

10.    The Ld. Counsel for the Appellant/OP Bank reiterated key grounds of appeal and facts of the case and argued that banks are not liable to recover the lost amount when the customer was negligent in securing their Internet Banking (INB) credentials. The customer must act diligently to secure their personal information. The Ld. Counsel emphasized that the Respondents enabled the transaction rights by logging into the bank's website, with the system processing their request through their login ID and password. All transactions were initiated and completed upon proper validation of customer credentials. Further, each fund transfer was authenticated via an OTP sent to the registered mobile number of the customer. Notifications of deposits/ credits in the savings account were also sent via SMS, indicating that the Respondents were aware of the transactions. The Ld. Counsel further argued that despite the Bank's printer not functioning, the account statement could have been examined through the YONO platform, which was disputed by the bank. He highlighted that there were 37 transactions totalling Rs. 63,74,536/- conducted via INB from 09.08.2018 to 25.03.2019 in 5 companies names, and no dispute about enabling the INB facility was raised by the Complainants. They had closed the FDRs online between 17.11.2018 and 27.12.2018, as detailed in the letter dated 11.06.2019. Thus, it cannot be claimed that they did not avail the INB facility or that the deposits were closed online without their consent. The Respondents also filed a complaint before the Banking Ombudsman, to which the Bank had responded on 11.06.2019. Thus, having invoked the jurisdiction of the Banking Ombudsman, for the same cause of action, a consumer dispute cannot be raised, as it amounts to double jeopardy.

11.    The Ld. Counsel for OP Bank further argued that the RBI had issued Circular dated 06.07.2017, outlining guidelines for Customer Protection & Limited Liability of Customers in unauthorized electronic banking transactions. According to Clause 5 of this circular, banks are required to send SMS alerts to customers on their registered mobile numbers. The OP Bank adhered to these guidelines by sending SMS alerts to the registered mobile number of the Respondents as evidenced. Clause 7 of the RBI Circular dated 06.07.2017 specifies the limited liability of the customer in cases of unauthorized transactions. It states that a customer shall be liable for losses due to negligence, such as sharing payment credentials, until they report the unauthorized transaction to the bank. Any further losses after reporting are to be borne by the bank. The Ld. Counsel emphasized that the bank has established comprehensive guidelines to ensure safety, security, and efficient technology in banking processes. They conduct regular comprehensive IS audits, and the bank has achieved various accreditations like ISO 27001 for Information Security Management System (ISMS), ISO 22301 for Business Continuity Management System (BCMS), and others related to critical applications and IT operations. The Ld. Counsel argued that the Respondents failed to demonstrate any negligence on the part of the bank, particularly in cases where Internet Banking (INB) credentials were allegedly shared with a third party. This defence underscores the Appellant Bank's adherence to RBI guidelines and its robust security measures, implying that any liabilities arising from the unauthorized transactions should not be borne by the bank but by the customers, as per the RBI's prescribed norms. He has relied upon the following judgments:

a. Vishamber Sunderdas Badlani & Anr. V. Indian Bank & Ors., I (2008) CPJ 76 (NC);

b. Rubi Chandra Dutta v. United India Insurance Co. Ltd., (2011) 11 SCC 269;

c. Sunil Kumar Maity V. State Bank of India & Ors., AIR (2022) SC 577;

d. Raghabendra Nath Sen & Anr. V. Punjab National Bank, I (2015) CPJ 254;

e. State Bank of India v. K. K. Bhalla, II (2011) CPJ 106 (NC);

f. Tony Enterprises v. Reserve Bank of India, AIR OnLine 2019 KER 674;

g. Anand Nishikawa Co. Ltd. v. Commissioner of Central Excise, Meerut, 2005 7 SCC 749;

12.    The Ld. Counsel for the Respondents/Complainants reiterated the issues raised I the complaint and the evidence and asserted that the State Commission had already gone into details in depth and determined that the initiation of transactional rights was not properly investigated by the Appellant Bank. The transactions were conducted not through the registered mobile number of the Complainants, who did not possess a smartphone, but through another device, as admitted in Pilli Venkata Ramna's confession to the police brought before the State Commission (police remand report). The Ld. counsel pointed that Mrs. Manam Aruna Kumari, the Owner of Nearby Technologies, was implicated in logging into the account through her portal, which was considered in the State Commission's findings. He highlighted that the State Commission relied on the confession of Pilli Venkata Ramana, who admitted fraudulent acquisition of account credentials and subsequent misuse, including leasing a vehicle to SBI Staff College and loaning money to a tender agent there. This confession, along with the timeline of events where the Complainants raised the issue of fraud on 04.04.2019 further supported their case. Subsequently police and written complaints were promptly followed, demonstrating proactive steps taken by them upon discovering the illegal transactions. He criticized the OP Bank for not taking timely action upon initial complaints, alleging negligence and collusion in failing to respond promptly to the Complainants concerns raised on 04.04.2019. They argued that despite being informed about illegal internet banking activities, the OP Bank did not file any complaint to police, which was a critical oversight. He sought dismissal of the First Appeal, emphasizing the Bank's alleged negligence and inaction in addressing the fraudulent transactions promptly upon notification by the Complainants. He asserted that, after this incident, towards protecting the interests of elderly and otherwise challenges individuals, the OP Bank had come up with the correction in the system mandating physical presence of the individuals seeking grant of internet banking facility. He asserted that, this step in itself is very material in establishing that the process adopted towards use of technology and providing internet banking facility was in fact a disservice to the elderly people who are blatantly vulnerable for being exploited, as happened in the case in question. The OP Bank dutifully corrected this blatant flaw by requiring physical presence of the individuals concerned. This itself established gross deficiency in service to the Complainants beyond doubt. He relied upon the following judgments: -

A.  2019 (20) SCC 31 DAV Public School versus Senio, Manager, Indian Bank  

B.   2019 SCC OnLine Ker 5366 Tony Enterprises vs Reserve Bank of India and Others;

C. AIR 1967 SC 389 Bihta Cooperative Development Cane Marketing Union Ltd & Anr Vs Bank of Bihar and Ors;

D. 1987(2)SCC 666 Canara Bank vs Canara Sales Corp & Ors;

E. 2020 SCC Online NCDRC 719 Chairman Punjab National Bank & Anr Vs Leader Valves Ltd.;

F. 2020 SCC Online NCDRC 864 HDFC Bank Ltd. vs Amrik Singh;

G. 2020 SCC Online NCDRC 507 HDFC Bank Ltd & Anr vs Jesna Jose.

13.    I have examined the pleadings and associated documents placed on record and rendered thoughtful consideration to the arguments advanced by the learned Counsels for both the Parties.

14.   The primary issue in this case revolves around determining the liability of the Appellant Bank (OP Bank) for unauthorized transactions conducted through internet banking (INB) from the Account of the Complainants-Respondents. Key contentions include whether:

A. The OP Bank was negligent in allowing unauthorized access to the Complainants account despite security measures, such as SMS alerts and OTP authentication.

B. The transactions were initiated with proper authentication and consent from the Complainants, considering they did not possess a smartphone and the transactions were done a different device.

C. The OP Bank adhered to RBI guidelines on customer protection and limited liability in unauthorized electronic banking transactions.

D. The Complainants acted negligently by sharing the credentials.

E. The OP Bank took timely and appropriate action upon being informed about the fraudulent transactions, including filing police complaints and conducting thorough investigations.

F.  The OP Bank adequately demonstrated the burden of proof on authenticity of transactions and was there any negligence on the part of Complainants in securing their banking credentials.

15.    It is undisputed position that Mr. Biresh Chandra Gangopadhyay (Complainant No. 1) and Smt. Aarti Gangopadhyay (Complainant No. 2), jointly held Savings Bank Account No. 10123103876 at Balkampet Branch of the OP Bank. Complainant No. 2 opened three FDs totaling Rs. 40 Lakhs on 09.08.2017 for a period of one year with a mandate for auto-renewal. Between 09.08.2018 to 25.03.2019, unauthorized transactions totaling Rs.63,74,536/- were conducted through internet banking (INB) in the names of five companies. These included premature closures of the FDs. Upon discovering discrepancies in their account statement in April 2019, Complainant No. 1 immediately reported to OP Bank. Subsequently, a police complaint (FIR) was lodged on 09.04.2019 regarding unauthorized transactions. OPs Bank contended that the transactions were initiated with the consent and authentication of the Complainants, suggesting negligence on their part in safeguarding their banking credentials.

16.    It is undisputed that the Complainants are elderly persons and valued customers of the OP Bank. It is a matter of record that this incident of loss of Rs.63,74,536/- had in fact occasioned to them and it happened as part of Internet Banking transactions facility provided by the OP Bank. The communications and reports by the Bank as well as the police revealed the involvement of personal staff of the Complainants in a dubious manner. The Complainants are elderly persons and never possessed a smartphone. The illegal transactions were easily done by their driver who was aware the bank Account No. by merely accessing and handling their mobile phone, forwarding the demand and acknowledging the OTPs. As part of the dubious transactions, he had also converted the FDs, got them transferred into SB Account of the Complainants and misappropriated the same as well. Immediately on discovering the illegal and unauthorised transactions, the Complainants reported the matter to the Bank and police. The police investigation revealed the involvement of certain individuals and penal proceedings have been initiated. There is no evidence that has been brought forth by the OP Bank to establish that the Complainants have voluntarily shared the Bank account and other transaction credentials with unauthorised persons, as a consequence of which the unauthorised transactions occurred, or that they are party to the transactions and thus the claim that is made is dubious.

17.    As regards liability of the Appellant bank with respect to the loss, it is clear that as part of modernization of banking facilities, transactions by individuals with respect to their own accounts in the form of Internet banking was introduced in the OP bank. This is provided as an additional facility to facilitate efficiency. Notwithstanding the same, unfortunately this Internet Banking platform adversely impacted the elderly couple in the present case who are the valued customers of the OP Bank wherein, their driver, by being familiar with Account No. details and merely accessing the mobile phone easily misappropriated such high value funds. This happened even when the Complainants had sought “view only” and internet banking facility was not requested. Change to Internet banking facility was also obtained by the fraudster over phone itself and perpetrated the offences. In this regard, it is an undisputed position that, allegedly, subsequent this incident and apparently after requisite banking feedback, the OP Bank changed the Internet Banking system to require such customers to be physically present at the Bank to provide for Internet Banking facility. Clearly this is for ensuring necessary protection of interest of such customers who are not technically savvy and are highly vulnerable for exploitation due to their inherent limitations, which are beyond their control. Had such protection been available to the Complainants as well, these unauthorised transactions were unlikely to occasion.

18.    While the RBI guidelines provide for the timelines between which the complaint is to be filed, in the present case, the Complainant himself was unaware of the transactions happened in his account due to his old age and presumed absence of scope to check the same over his mobile phone. Evidently, he was not expecting account details over phone and that, most likely, even if certain messages conveying the nature of transactions, transfer of funds and the leftover balance in the Bank Account were received, there is a good possibility that the fraudster had deleted those messages thereby denying any scope for the Complainant to discover the unauthorised transactions. While, without doubt the OP Bank followed its set Internet banking procedure as if the individual undertaking the transactions was genuine, the fact was to the contrary. Just by being familiar with Account number of the Complainants and thereafter merely accessing their mobile phone for a while he was able to undertake repeated fraudulent transactions at leisure. This included even transfers of physical FD instruments into cash that was deposited in the SB Account of the Complainant which was also misappropriated. Thus, the Internet Banking system which is aimed at efficacy and convenience in banking transactions to the customers, unfortunately entailed severe adverse impact on the Complainants who are elderly people and exposed them to risk of such frauds, even when they had sought “view only” facility. 

19.    Change of the banking facility from “view only” to full transactions was allowed in the present case without informed consent of the Complainants. By the time the OP Bank introduced the correction to the process of changing the option to Internet Banking system, the consequent exploitation and loss was already suffered by to the Complainants. Therefore, to that extent, the deficiency in service of the OP Bank with respect to its old and valued customers of the age profiles as that of the Complainants and other otherwise challenged is manifest. The learned state Commission has gone into significant details with respect to the facts and evidence brought before it and passed a well reasoned and detailed order dated 04.08.2022.

20.    In view of the discussion above, I am of the considered view that the detailed and well reasoned Order of the learned State Commission dated 04.08.2022 does not suffer from any illegality or impropriety and no interference is considered warranted. Therefore, the instant First Appeal No. 684 of 2022 is Dismissed.

21.    There shall be no order as to costs.

22.    All pending applications, if any, also stand disposed of accordingly.

23.    The Registry is directed to release the Statutory deposit amount, if any due, in favor of the Appellant after the compliance of the order of the learned State Commission.