Per Shri Dhanraj Khamatkar – Hon’ble Member:
(1) This appeal takes an exception to an order dated 07.02.2011 passed by the Additional District Consumer Disputes Redressal Forum, Thane in Consumer Complaint No.201/2010.
(2) The facts leading to this appeal can be summarized as under:
The Appellant/original Complainant had an account in the Opponent Bank since 2005. The Opponent Bank had provided the facility of internet banking and provided password to the Complainant. Complainant contended that he occasionally used the internet banking facility. The Complainant further stated that the last transaction he had effected on 07.11.2009. The Complainant further stated that he received a phone call on 21.06.2010 from the Bank. Accordingly, he visited the Bank. The Manager of the Bank enquired with him whether he had done any transaction on internet banking and drawn the money. The Manager informed him that somebody had used his internet I.D. and password and drawn the money and the Manager had come to know this through Head Office. Accordingly, he checked the bank entries and he found that there were four entries in his account on 17.06.2010. Through the aforesaid transactions an amount of `37,500/- had been withdrawn and the transaction had taken place on 17.06.2010 between 00.20 to 01.30 a.m. The Manager of the Opponent had further told him that the money was transferred in the account of one Mr.Kamal Verma from the Opponent’s Gurgaon Branch and subsequently, the amount was transferred in the Opponent’s Mira Road Branch in the account of Zia Mohd. Nazir and Rizwan Pawar and later on the amount was drawn from the A.T.M. at Vashi. After these transactions the account was frozen for some time. The Complainant contended that the Manager told him that he would get back his amount. He had written letters dated 22.07.2010 and 21.08.2010 to the Opponent. However, he had not received any response. Finally the Opponent told him that in withdrawing the amount from the account of the Complainant there is no fault of the Opponent and he would not get back his money. The Complainant contended that the internet banking system used by the Bank is not full proof and hence, money was drawn from his account. Contending this amounts to deficiency in service on the part of the Opponent the Complainant filed consumer complaint praying that the Opponent be directed to return him an amount of `37,500/- and to activate his account and to pay cost of `5,000/-.
(3) The Opponent had contested the complaint by filing written version contending that the complaint filed by the Complainant is not maintainable in law. The Opponent stated that they are using internet banking as per the international standard and they had taken all security measures for the system. They further stated that they had given necessary information regarding internet banking to the Complainant and explained the precautions to be taken by the Complainant. The responsibility of keeping I.D. and password secrete is the responsibility of the Complainant. All these transactions have been carried out through internet banking and as per the internet banking only Complainant can do these transactions as he himself only knows the password and I.D. Therefore, the Opponent had contended that there is no deficiency in service on their part and hence, the complaint filed by the Complainant be dismissed.
(4) The District Forum after going through the complaint, written version filed by the Opponent, the evidence filed by both the parties on affidavits and pleadings of the Advocates have come to the conclusion that there is deficiency in service on the part of the Opponent and allowed the complaint directing the Opponent to pay an amount of `37,500/- to the Complainant and to pay `5,000/- as cost within a period of 45 days, failing which the amount will carry interest @10% per annum till the realization of the amount. Being aggrieved by this order the original Opponent has filed this appeal.
(5) We heard Advocate Ms.Sharada Pinjari, for the Appellant and Respondent in person.
(6) Admittedly, the Appellant had provided internet banking facility to the Respondent and on 17.06.2010 an amounts of `3,000/-, `2,000/-, `23,000/- and `9,500/- were withdrawn from the account of the Respondent. These transactions were effected between 20.00 hours to 01.30 a.m. Strangely, the amount is deposited in the account of one Mr.Kamal Verma in the Appellant’s Branch at Gurgaon. Not only this, the said amount was transferred in the account of Zia Mohd. Nazir and Rizwan Pawar at the Opponent’s Branch at Mira Road and the said amount was finally withdrawn from the ATM at Vashi. From the modus operandi of the transaction it is clear that the transaction has been effected through hacking and it amounts to cyber crime. The Opponent could have traced the person who had withdrawn the amount as the amount was credited in the account of the account holder of the Gurgaon Branch and Mira Road Branch of the Opponent. However, the Opponent had not taken any steps to find out the culprit of the episode.
(7) At the time of arguments, Respondent has filed the guidelines issued by the R.B.I. for the internet banking dated 14.06.2001. In Column ‘F’ of the said guidelines it is stated, “PKI (Public Key Infrastructure) is the most favoured technology for secure internet banking services. However, as it is not yet commonly available banks should use following alternative system during the transition, until the PKI is put in place:
1. Usage of SSL (Secured Socket Layer) which ensures Service authentication and use of client side certificate issued by the Banks themselves using a Certificate Server.
2. The use of at least 128-bit SSL for securing browser to web service communications and, in additional encryption of sensitive date like passwords in transit within the enterprise itself.”
(8) The Appellant had not proved that whether they had followed these guidelines. In the said guidelines in Clause II sub-clause (e) the RBI stated that “Consumer Protection Act, 1986 defines the rights of consumers in India and is applicable to banking services as well. Currently the rights and liabilities of customers availing of internet banking services are being determined by bilateral agreements between the Banks and the customers. Considering the banking practice and rights enjoyed by customers in traditional banking, bank’s liability to the customers on account of unauthorized transfer through hacking, denial of service on account of technological failure etc. needs to be assessed and Banks providing internet banking should insure themselves against such risk.”
(9) The transaction involved in this appeal is hacking of the internet banking. The Appellant has not explained whether they have acted in accordance with these guidelines. The District Forum after taking into consideration the facts of the case has passed the order which we find is just and proper. The deficiency in service on the part of the Appellant is proved beyond doubts. We hold accordingly and pass the following order:
O R D E R
(i) The appeal is dismissed with costs.
(ii) Order of the District Forum is hereby confirmed.
(iii) The Appellant is directed to pay cost of `10,000/- to the Respondent and bear its own cost.
(iv) Inform the parties accordingly.
Pronounced on 11th October, 2012.
