IN THE CONSUMER DISPUTES REDRESSAL FORUM, KOTTAYAM
Dated this the 30th day of December, 2022
Present: Sri.Manulal.V.S, President
Sri.K.M. Anto, Member
CC No. 81/2021 (Filed on 12/04/2021)
Complainant : Bonslee S Chakkala, aged 25
S/o Shaji Abraham
INMOBI Technology Services
B Block, Delta Block
7th Floor, Cessna Business Park
Bengaluru -560087, now residing at
Chakkalayil House, Pariyaram P.O
Kottayam-686021.
(Adv.Ajin Thomas)
Vs
Opposite parties : 1. The Manager, Kotak Mahindra Bank
Ground Floor, Sarjapura Main Road
Jakkasandra, Bangalore, Karnataka
India-560034
2. The Managing Director & CEO
Kotak Mahindra Bank
27 BKC, C27, G Block
BandraKurla Complex
Bandra (E) Mumbai-400051
Maharashtra
3. The Manager, Kotak Mahindra Bank
Teresa Plaza, Railway Station Road
Kottayam-686001
(Adv.Sreenivas V Pai)
O R D E R
Sri.Manulal.V.S, President
The Complaint is filed under section 12 of the Consumer Protection Act 1986.
The complainant holds a savings account bearing no. 2611839307 with the first opposite party. On 02-10-2020 an amount of Rs.10,000/- was unjustifiable gone missing from the said account. The complainant never initiated such a transaction from his account. This matter was immediately informed to the first opposite party by the complainant and the first opposite party avowed of technical failure in their network.
The first opposite party further promised that the said amount which was gone missing will be credited to the complainant’s account within 24 hours. On verification, it is shown in the account statement that the said amount was debited from the account of the complainant and was credited to some other account with which the complainant does not have any association or relation. An amount of Rs.5,000/- was twice debited on 02-10-2020 from the account of the complainant. The complainant on 3-10-2020 lodged a complaint with the first opposite party. That after a few weeks the first opposite party contacted the complainant and informed the complainant that the amount which was missing from the account is due to some technical defect and deficiency on the part of the opposite party bank. The first opposite party further informed that the fund which was missed will be reimbursed by the first opposite party within a month. When the complainant enquired with the third opposite party on 16-12-2020, the manager informed the complainant that the complaint made by the complainant is still under internal inquiry. It is averred in the complaint that opposite parties with evil intention to defraud the complainant never initiated the internal inquiry and thereby looted an amount of Rs.10,000/- from the complainant. The acts of the opposite parties amount to deficiency in service and unfair trade practice. Thus the complainant filed this complaint praying for an order to direct the opposite parties to reimburse Rs.10,000/- with interest along with a compensation of Rs.50,000/- and the cost of this litigation.
Upon notice opposite parties appeared before the commission and filed joint version contending as follows; The complaint is not maintainable since the complainant is trying to mis-utilize his own mistakes for benefit. The disputed two transactions had occurred through internet banking/mobile banking. While attempting to log in to the internet/mobile banking, the person attempting is bound to provide his customer relationship number (CRN) followed by net banking /mobile banking password. Post successful login, using the above data, a one-time password is generated, which will be received by the customer on his registered mobile number. Once the OTP is authenticated, the net banking /mobile banking access is provided and the transactions can be carried out. Unless and until these details are comprised by the complainant net banking is impossible by another person.
On 02-10-2020 two numbers of Immediate Payment Service (IMPS) of Rs.5,000/- each had occurred from the savings bank account of the complainant through mobile banking sent to ‘ok 309011173759’. Those transactions are affected only through valid mobile banking credentials. These credentials are provided for giving more security to the money kept in the bank account. Hence, as per the opposite parties, the transaction is a voluntary transaction by the complainant if the same is not done by the complainant, it can happen only if the complainant had voluntarily or negligently shared these security codes with others and had compromised the security credentials and paved the way for unauthorized transactions. Since the subject matter transaction had been effected with the knowledge /negligence of the complainant, he is not entitled to ‘shadow credit’ as per RBI guidelines. Even then as a goodwill gesture, the opposite parties had placed a request for the reversal of the disputed amount to the beneficiary bank ie RBL Bank, and are awaiting a response from it. The opposite parties had sent an email dated 10-12-2020 to the complainant. There is no deficiency in service or unfair trade practice on the part of the opposite parties.
Evidence part of this case consists of proof affidavit of the complainant and exhibits A1 and A2 from the side of the complainant and proof affidavit of Salu Jacob who is the Branch operations manager of the third opposite party and exhibits B1 to B3 from the side of the opposite parties.
On the evaluation of the complaint version and evidence on record, we would like to consider the following points.
1. Whether there is any deficiency in service or unfair trade practice on the part of the opposite parties?
2. If so what are the reliefs and costs?
Before dealing with the rival submissions and contentions advanced by the learned advocate appearing for the complainant as well as opposite parties, it will be pertinent to point out certain undisputed facts. There is no dispute that the complainant had opened a savings account with the first opposite party vide account number 2611839307. On 02-10- 2020 two numbers of Rs.5,000/- each had transferred to another account from the savings bank account of the complainant by net banking.
Complaint was resisted by the opposite parties stating that the network system of the opposite parties has no fault and no money is lost by the complainant due to any defect of the opposite parties and the alleged transactions were done with the knowledge of the complainant.
On perusal of exhibit A2 we can see that there was a withdrawal of Rs.5,000/- each against MB Sent to ok 309011173759 IMPS Ref 027623831056 and ref 027700839016 on 02-10-2020. Exhibit B3 is the e-mail sent by the opposite parties to the beneficiary bank ie RBL Bank for the reversal of the disputed amount. On going through exhibit B3 we can see that the said amounts were transferred to account no. 309011173759 which is hold by one Mayrimohai.
On perusal of exhibit B1 which is the printout of the SMS delivered to the complainant on 10.02.2020 at 2.59.40 p.m we can see that the opposite party has sent a message to the complainant as “you have requested to activate the Kotak mobile app on 02-10-2022 for Crn xx 5313, do not share it with anyone, Activation code is 101654”. Thereafter, another SMS was sent o the same at 3.01.45pm as “you have activated Kotak mobile app on Sm-M115f, if you have not activated this device, report fraud on kata.com/fraud</msd”. Thus it is clear that the mobile application for mobile banking is activated by the complainant only on 10.02.2020. The opposite party has no case that there was prior money transaction by the complainant through mobile banking network.
On close scrutiny of exhibit B1 we cannot see there is any entry regarding the transfer of amount of Rs.5,000/- each to account no. 309011173759 which is hold by one Mayrimohai.
Opposite parties relied upon the circular of RBI dated July 6, 2017. A customer shall be liable for the loss occurring due to unauthorized transactions in the following cases: (i) In cases where the loss is due to negligence by a customer, such as where he has shared the payment credentials, the customer will bear the entire loss until he reports the unauthorized to the bank. Any loss occurring after the reporting of the unauthorized transaction shall be borne by the bank. And repeatedly argued that due to the negligence of the complainant opposite party is not liable.
Thus opposite party can escape from liability only if it can establish knowledge to the customer of the fraudulent online transaction. More over the burden to prove- negligence is upon the bank as per Point no. 12 of the said circular. RBI in its circular dated 06/07/2017 admitted the need of issuing direction as specified in Para.2 of the circular as “With the increased thrust on financial inclusion and customer protection and considering the recent surge in customer grievances relating to unauthorized transactions resulting in debits to their accounts/ cards, the criteria for determining the customer liability in these circumstances have been reviewed.” Customer Protection – Limiting Liability of Customers in Unauthorized Electronic Banking Transactions Strengthening of systems and procedures.
3. Broadly, the electronic banking transactions can be divided into two categories: (i) Remote/Online payment transactions and (ii) Face-to-face/ proximity payment transactions (transactions which require the physical payment instrument such as a card or mobile phone to be present at the point of transaction e.g. ATM, POS, etc.) Limited Liability of a Customer (a) Zero Liability of a Customer.
6. A customer’s entitlement to zero liability shall arise where the unauthorized transaction occurs in the following events: (i) Contributory fraud/ negligence/ deficiency on the part of the bank (irrespective of whether or not the transaction is reported by the customer). (ii) Third party breach where the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system, and the customer notifies the bank within three working days of receiving the communication from the bank regarding the unauthorized transaction.
Reversal Timeline for Zero Liability/ Limited Liability of customer 9. On being notified by the customer, the bank shall credit (shadow reversal) the amount involved in the unauthorized electronic transaction to the customer’s account within 10 working days from the date of such notification by the customer (without waiting for settlement of insurance claim, if any). Banks may also at their discretion decide to waive off any customer liability in case of unauthorized electronic banking transactions even in cases of customer negligence. The credit shall be value dated to be as of the date of the unauthorized transaction.
Burden of Proof 12. The burden of proving customer liability in case of unauthorized electronic banking transactions shall lie on the bank. -(Emphasis supplied). In the ruling in ‘Sri Thomas Ninan -Versus- Axis Bank; Anr.’ Appeal No.-A/14/755, decided by Hon’ble State Commission, Mumbai decided on 07.08.2017, held in Para no. 11:- “11.
There is an increase in the grievances of the customers in relation to unauthorized banking transactions in respect of electronic online remote payment and cashless transactions e.g. internet banking, mobile banking, card, not present (CNP) transactions, pre-paid payment instruments resulting in debits from their Bank accounts and customers need to be protected in unauthorized electronic banking transactions. Banks need to assure safety to the customers making them feel safe and secure in respect of electronic banking transactions. Banks are duty bound to take appropriate steps to assess the risk and provide for robust mechanism to prevent and detect fraud and to provide for liability arising out of misappropriation or fraud.
Banks must ask their customers to compulsorily register for the E-mail alerts, SMS alerts, system must be such so that customers can immediately inform by reply to the bank about any illegal or unauthorized remote or internet transaction soon after occurrence thereof. Customer’s liability must be zero when he informs the Bank at the earliest possible opportunity.
Burden of proof to prove customer’s liability is upon the Bank in all cases of the online internet transactions, Bank must show that it had taken immediate steps to prevent and/or detect fraud. Banks transacting inter se do have means to trace the culprits on the basis of Know Your Customer (KYC) details in the Bank accounts and recover the sums wrongly transferred by electronic transfers. The basic principle is one must be made to pay for negligence when it has caused deficiency in service and loss to consumer actionable under the Consumer Protection Act, 1986. It is argued that appellant himself is negligent but this submissions by the opposite parties is not acceptable because in cases of internet transfers unless alerted prior to or at the time of internet transfers we cannot impute any blame to the consumer, who was in darkness as to withdrawals by unknown persons by mode of internet transfers. -(Emphasis supplied).
We also relied upon State Bank of India v. P. V. George, Regular Second Appeal No. 1087 of 2018 in Appeal Suits No. 107 of 2015 in original Suit No. 212 of 2014 decided on 09/01/2019/19th pousha, 1940 Citations: 2019 (1) KLT 505: 2019 (1) KLJ 848: AIR 2019 Ker. 140. The Hon’ble High Court of Kerala held in para 8;11. “8. Having regard to the facts admitted by the parties and the submissions made by the learned senior counsel for the appellant, the following substantial questions of law have been formulated for decision in the matter: (i) Are not the banks permitting withdrawal of cash from the accounts of their customers making use of ATM cum debit cards liable for the loss caused to the customers in connection with the transactions made without their junction by fraudsters?; (ii) Could a bank be exonerated from the liability for the loss caused to its customer on account of the unauthorized withdrawals made from his account merely on the ground that the customer has not responded promptly to the SMS alerts given by the bank? 11. Question (ii): Various services are being provided by banks to their customers. In fact, banks are soliciting business by advertising the various services provided by them to their customers in connection with different accounts. SMS alerts is one of the facility extended by most of the banks to their customers in connection with the savings bank accounts having electronic banking facilities including ATM cum-Debit Card facilities. Such facilities are provided not only to those who specifically request for the same but also to those who do not ask for such facilities. Could such a facility voluntarily given by banks to their customers determine the rights of parties, is the question. According to me, only if there exists a specific term in the contract between a bank and its customer to the effect that the bank would be exonerated from the liability in connection with the unauthorized transactions if the customer does not respond to the SMS alerts, SMS alerts cannot be the basis for determining the liability of the customer, for, there would be accountholders who may not be in the habit of checking SMS alerts at regular intervals and account holders like the plaintiff in the instant case who is working in an offshore oil rig, who may not be able to access their mobile phones for several days having regard to the peculiarity of their avocation. The defendant has no case that there is a contract between them and the plaintiff to the effect that if the plaintiff does not respond to the SMS alerts given by them regarding the withdrawals from his accounts, they would not be liable for the loss, if any, caused to the plaintiff. In the circumstances, question (ii) is also answered against the appellant”. -(Emphasis supplied)
In Tony enterprises and others vs Reserve Bank of India and others (2019 (2) KHC 269) the Hon’ble High Court of Kerala has held as “13. Banking transaction is both contractual and fiduciary. The bank owes a duty to the customer. Both have a mutual obligation to one and another. The bank, therefore, is bound to protect the interest of the customer in all circumstances. The technology as adverted has its own defect.
Online transactions are vulnerable. Though the bank might have devised a secured socket layer connection for online banking purpose which is encrypted (1), this security encryption can be hacked using different methods. The well-known hacking modes are phishing, trojans, session hijacking, key logger, etc. The public WiFi is the easiest target for hackers. NORTON, a leading cyber security provider in its web page refers to the risk of using public WiFi. The unencrypted network in public WiFi allows hackers to collect data easily. WiFi snooping (2) using software allows hackers to access everything online while the user is active in online. The possibilities of fetching data relating to the banking account while the customer using online transaction, by the hackers, cannot be overruled in banking transaction. The bank can identify fraud risk and also devise mechanisms to protect customers. There are counter technologies to identify location behaviour of operators also. It is for the bank to secure the safety of online banking transactions.”
As per the circular, it is the burden of the opposite parties to prove their case, which they failed to prove. Above cited rulings/judgments are applicable to the present complaint. And the judgment relied by the opposite parties is not relevant to the facts of the complaint before us. . It is also observed that Banks are having networks and they can easily help the customers/consumers e.g If a fraudulent online transaction happened the money is in the system till working time. Banks can easily stop the payments for better protection of customer’s interest and even whoever has withdrawn the amount fraudulently from bank accounts can be identified easily. Since only after completing all the formalities of Aadhar Verification, PAN Card details, ID proof, and valid address proof an account is opened. Thus the details of miscreants can be traced but the bank does not help poor consumers even the employee of the bank shares the details of customers with fraudsters which can be taken note of for the simple reason that a person’s bank details are only with the bank or the consumer then how come anyone knows that a particular person has such and such bank account in such and such bank at such and such place etc. Thus it is the burden on part of the bank and its employees to discharge their burden first then only the complainant can be held responsible for any alleged negligence. Hence looking from any angle the opposite parties miserably failed to discharge their burden that the complainant was negligent. In view of the above ruling and facts of the present complaint, the complaint must be allowed with compensation. Accordingly, complaint is allowed.
We hereby direct the opposite parties to pay Rs.10,000/- together with an interest @ 9% from 2-10-2020 till realization. We hereby direct the opposite parties to pay Rs.10,000/- as compensation for the deficiency in service committed by the opposite parties and to pay Rs.2,500/- as the cost of this litigation to the complainant.
The opposite parties are jointly and severally liable to pay the awarded amounts within 30 days.
Pronounced in the Open Commission on this the 30th day of December,2022.
Sri.Manulal.V.S, President sd/-
Sri. K.M. Anto, Member sd/-
Appendix
Exhibits marked from the side of complainant.
A1- True copy of cancelled cheque leaf of the complainant bearing account no.2611839307 & bank address.
A2- True copy of statement of account bearing no.2611839307 from 01.08.2020 to 06.11.2020.
Exhibits marked from the side of opposite parties
B1- Details of message sent to the registered mobile number of the complainant.
B2- Email communication sent to the complainant on 12/10/2020.
B3- Email of Kotak Mahindra Bank Ltd dated 05/10/2020 with IT certificate.
By Order
sd/-
Assistant Registrar
