DISTRICT CONSUMER DISPUTES REDRESSAL FORUM-II U.T. CHANDIGARH Complaint Case No | : | 248 OF 2010 | Date of Institution | : | 27.04.2010 | Date of Decision | : | 09.01.2012 |
Amit Kumar Sharma s/o Sh. Mehar Chand Sharma, R/o H.No. 3450, Sector 27-D, Chandigarh. ---Complainant V E R S U S Punjab National Bank, Sector 28-C, Chandigarh, through its Branch Manager. ---Opposite Party BEFORE: SH. LAKHMAN SHARMA PRESIDENT MRS.MADHU MUTNEJA MEMBER SH.JASWINDER SINGH SIDHU MEMBER Argued By: Sh. Raman Sharma, Adv. for the Complainant. Sh. Adarsh Malik, Adv. for the Opposite Party. PER JASWINDER SINGH SIDHU, MEMBER 1] Complainant has filed the present complaint against the Opposite Party, on the ground that the Complainant is a bonafide account holder of the Opposite Party with savings account no. 0574001300007072 with the Opposite Party Bank and had also subscribed for the Internet Banking facility and the same was being used by him as per instructions. The Complainant was surprised to see two debit entries of Rs.25,000/- and Rs.400/- mentioned against dates 8.8.2009 and 10.8.2009 respectively when he got his passbook of the said account updated. The Complainant claims that these two transactions were debited from his account without his knowledge through internet banking. Copy of passbook is annexed at Annexure C-1. Initially, Complainant made an oral request to the Opposite Party Bank to look into the matter. Thereafter, a written complaint was submitted to the Manager of Opposite Party Bank on 2.9.2009 regarding the two fraudulent transactions from his account. The copy of the complaint is annexed at Annexure C-2. Besides this complaint, the Complainant also filed another two complaints dated 5.9.2009 and 7.9.2009 against each of these two alleged transactions but the Opposite Party failed to give any satisfactory reply as to in what manner these transactions had taken place. The same are also annexed at Annexure C-3 and C-4 respectively. The Complainant on his own also reported the matter to the Chandigarh Police regarding these fraudulent transactions through a complaint dated 8.9.2009. A copy of “window Receipt” is annexed at Annexure C-5 (colly). The Complainant also made a representation with the Banking Ombudsman, Sector 17, Chandigarh through a registered letter dated 30.9.2009, which was replied by the office of the Banking Ombudsman through its communication dated 6.1.2010, copy of which are annexed as Annexure C-6 and C-7 respectively. The Complainant also filed various other Complaints against this issue to Higher Authorities of the Opposite Party Bank which are dated 5.9.2009 and 3.11.2009 and the same are annexed at Annexure C-8 and C-9. Thereafter, the Complainant in order to inquire about the status of investigation moved an application under RTI Act, 2005, to the Chandigarh Police, which were replied through a communication dated 02.12.2009 by the Deputy Superintendent of Police-cum-CPIO mentioning that as the matter related to cyber crime the same has been sent to I/C Cyber Crime Cell, Crime Branch, Sector 11, Chandigarh. The copies of these communications are annexed at Annexure C-10 to C-13 respectively. The Complainant further states that a letter dated 05.11.2009 was received in response to his communication dated 13.8.2009 and the same was from I.T. Department, C.B.B. Cell, Circle Office, Chandigarh, a copy of which was also marked to AGM, Internet Banking Section, Head Office, ITD, New Delhi, which revealed that the account in which the amount of Rs.25,000/- and Rs.400/- were transferred belonged to one Heeral Kishore Kapdi with an a/c no. 4792000100009415 and apart from these, many other transactions had taken place through which he has received credit. The details of the account of the said person are annexed at Annexure C-14 to C-16 respectively. The Complainant alleges that the said transaction had taken place without his knowledge and consent, and it is evident from the details available on record that the same was got transferred through internet banking alone. Hence, alleging deficiency in service on the part of the Opposite Party for having failed in keeping the good custody of his hard earned money. The Complainant has in the same breath alleged that the Opposite Party Bank is the custodian of savings account of Complainant which has either been hacked because of less stringent safety measures taken by the Opposite Party Bank or because of the connivance of the staff member of Opposite Party Bank as no other person could have disclosed the PIN number and other relevant information regarding the status of account of the Complainant. Hence, the Opposite Party is liable to make good the loss of the Complainant. The Complainant prays for the refund of Rs.25,000/- and Rs.400/- debited on two different occasions from his account with interest. The Complainant further claims compensation of Rs.1,00,000/- on account of harassment and mental agony and Rs.50,000/- as litigation expenses. 2] On notice, Opposite Party has filed their reply/ version contesting the claim of the Complainant raising preliminary objection to the effect that the present complaint pertains to cyber crime i.e. fraudulent transaction through internet banking hence this forum does not have the jurisdiction to entertain it. It is further claimed that an FIR has been lodged against the Culprit and the matter is under investigations, all documents have been submitted to the Cyber Crime Cell, U.T. Chandigarh and an another FIR has been lodged against the culprit at Vasai Police Station, Mumbai. Opposite Party has further cited Section 79 of the Information Technology Act, 2000, wherein the liability of a network service provider is excluded if he proves that the offence or contravention was committed without its knowledge or that it had exercised all due diligence to prevent the commission of offence or contravention. In the present case, it is submitted that the details indicate hacking of the bank account of the Complainant which cannot be attributed to have happened in the knowledge of the Opposite Party or on its instructions as all reasonable care was taken by the Opposite Party Bank. The Opposite Party has also stated that as per the terms and conditions of the network banking the customer was bound to take all necessary precautions to prevent unauthorized and illegal use as well as to avoid unauthorized access to the account provided by the Bank. Hence citing the liability clause of the I.T. Act the Opposite Party prays for the dismissal of the present complaint being not maintainable qua it. On merits, the Opposite Party Bank has replied in para-wise manner to the facts as well as allegations of the Complainant admitting to the fact that the Complainant is an account holder with the Opposite Party under Savings Account No. 05740013000070721 and the two debit entries of Rs.25,000/- and Rs.400/- on 8.8.2009 and 10.8.2009 are admitted and at the same time it is denied that the said amount has been debited without his knowledge. Denying the oral requests of the Complainant the Opposite Party admits that a formal written request was received by the office with regard the aforesaid two transactions. The Opposite Party claims to have fully scrutinized the matter and found that the amount had been credited to Account No. 4792000100009415 at Branch Office Vasai (East) Mumbai in the name of one Sh. Heeral Kishore Kapdi, resident of G-4, Satluj Building, Evertsone, Hari Om Nagar, 100 Ft. Road, Vasai (East), Mumbai. It is also mentioned that the amount was immediately withdrawn by Sh. Kapdi through ATM Card on 8.8.2009 and 10.8.2009 respectively. The Opposite Party has also admitted that the Complainant had filed various complaints with different authorities of the bank but the same were without any supportive evidence to prove that the answering bank was at fault. It is further stated that the Complainant was supplied with clear instructions and terms & conditions before he had accepted the Internet Banking Service. The Complainant had also duly signed the undertaking that he has gone through these terms and conditions governing its use and availment. A detail of these under the headings of responsibility of user, the use of password and liability of the user and the Bank, are mentioned in their version. The Opposite Party claims that as per these clauses and the exclusion of liability of the network service provider to any third party u/s 79 of I.T. Act, 2000, the present complaint deserves to be dismissed against it with costs. 3] Parties led their respective evidences. 4] Having gone through the entire complaint, version of the Opposite Party, the evidence of the parties and with the able assistance of the ld. Counsel for the parties, we have come to the following conclusions. 5] In the present complaint the facts with regard to the Complainant being a consumer and that there is a withdrawal of an amount of Rs.25,400 from the account of the complainant has not been refuted. However, the Opposite Party has sought the dismissal of the present complaint on the ground that under the provisions of Section 79 of the I.T. Act, 2000 the Opposite Party cannot be held liable for the loss suffered by the Complainant and as such, there is no deficiency in service on its part. The entire complaint needs to be dealt under the provisions of the I.T. Act, as well as the terms & conditions and the Rules of the “Registration Form” filled up by the Complainant while subscribing for Internet Banking which is annexed at Annexure R/1. The terms and conditions at Para 13 Page 6, “Liability of the User and the Bank” on page 6 of the Subscriber Form (Annexure R/1) states “if the USER has complied with the TERMS and advises the BANK in writing under acknowledgement of an authorized person of the Bank, immediately after he/she suspects that his/her user ID or password is known to another person and/or notices an unauthorized transaction(s) in his account, he/she shall not be liable for losses arising out of the unauthorized transactions occurring in the account after the receipt of such advice by the Bank”. Furthermore it is mentioned that the user shall be liable for some or all loss from unauthorized transactions in the account(s) if he/she has breached the terms & conditions or contributed or caused the loss by negligent action such as the following, wherein in the last para on page 7 it is mentioned that the Bank shall endeavour to take all possible steps to maintain secrecy and confidentiality of its customer’s account(s) but shall not be liable to the account holders for any damages whatsoever caused on account of breach of secrecy/ confidentiality due to hacking or technological lapses in the System. It is also mentioned “the Bank shall not be liable for any loss due to unauthorized transfer of funds through hacking etc.”. 6] While going through the above terms and condition it has become evident that the Opposite Party while getting the Subscription Form for internet banking filled by the Complainant had actually washed away its hands of all or any liabilities that may occur to itself towards the Complainant even if the same are caused due to the breach of secrecy on the part of the Opposite Party as well as any short comings in the system which the Opposite Party has created to facilitate the Internet Banking. By mentioning that the Opposite Party cannot be held liable for any loss due to unauthorized transfer of funds through hacking or technological lapses in the System, the Opposite Party as such has left a wide gap in its duties and responsibilities towards its customers. We feel that the Opposite Party was duty bound to provide a foolproof system of Internet Banking which is immune to hacking or unauthorized excess. We feel that while providing the Internet Banking services it was incumbent upon the Opposite Party to provide such a service which not only enables the smooth transaction but at the same time the system should also be secure from any outside interference. In the present circumstances the feeble stand taken by the Opposite Party with regard to the impregnability of its system of Internet Banking is itself a deficiency in service, reason being the offer of such services which are froth with shortcomings and is not perfect on all fronts amounts to providing a low quality product or service hence it amounts to deficiency in service. 7] The Complainant in his communication dated 03.11.2009 (Annexure C-9) with the Opposite Party has clearly stated that he has gathered information that the amount transferred from his account has been credited in Account No. 4792000100009415 in the name of one HEERAL KISHORE KAPDI. Even the address of this person is also mentioned in this communication. It is important to connect Annexure C-15 which is the account detail of Heeral Kishore Kapdi in whose account the Complainant’s money is transferred and same stands established from the date as well as the account number of the Complainant which is 0574001300007072. Hence, we feel that it was the Complainant who has knocked at every door while searching for his money and the Opposite Party has not mentioned at all as to what efforts were made by it to locate the same. It was the complainant who complained the happening of the offence to the police on 08.09.2009 after a passage of six days since he brought the matter to the notice of the opposite parties. The Complainant has also mentioned that the person Heeral Kishore Kapdi is also the account holder of the Opposite Party and as such, the Opposite Party has failed to freeze the account of Heeral Kishore Kapdi instantly, so that the money of the Complainant could have been saved from being withdrawn by him. The Opposite Party has also failed to mention that on what date it has initiated the investigation against the culprit after its identity was revealed and that they did freeze the account of the accused, what amount of money was lying in its account and whether the status of such a lien was still in force. Hence, the absence of any prompt action on the part of the Opposite Party and the silence of the Opposite Party on this issue amount to deficiency in service on their part. 8] It is further noticed that Opposite Party has also not mentioned anything about the safety measures which are included in the software with the help of which the Internet Banking is enabled i.e. the affidavit of the Opposite Party is silent with regard to the fact that the system used by the Opposite Party has been tested by an entity which is an authority on I.T. related products so as to claim that the software or the procedure adopted by the Opposite Party while providing the Internet Banking has been so designed that it is beyond hacking or cannot be accessed by any external entity. We feel that the Opposite Party in order to save its skin from any losses, while providing a weak system which can be tampered by external forces and which is prone to hacking, have actually incorporated the terms and conditions which are tailored made to save it from any liabilities that may arise due to the failure of its system. It is also important to mention here that even after the Complainant had clearly mentioned in Para 13 of his complaint that the Opposite Party was the custodian of the Complainant’s money and whosoever had withdrawn the money from its account was because of the less stringent safety measures taken by Opposite Party or because of any of the officials of the Opposite Party connivance with the culprit in disclosing the PIN No. and other relevant information regarding his account, resulting into substantial loss to the Complainant. In reply to this allegation of the Complainant, the Opposite Party has once again cited the same rules and terms & conditions as well as Section 79 of the I.T. Act, 2000, which excludes the liability of a Network Service Provider to any third party. We feel that the Opposite Party should have actually subjected its system of Internet Banking to an expert who could have assessed the quality as well as the safety measures adopted to maintain the secrecy of the said system. Such an independent analysis could have been of use to the Opposite Party to defend itself. Under such circumstances at least the responsibility of the Opposite Party towards this fraudulent transaction could have been set-off. But in absence of any efforts on the part of opposite party as well as in its failure to bring any cogent, reliable and trustworthy evidence, we feel that Opposite Party is actually shielding itself behind the terms & conditions of the subscriber form which are actually heavily loaded against the Complainant even though as per his averments in the complaint, which are supported by an affidavit, that he has not disclosed his subscriber I.D. or password to anyone nor he has ever shared the same with the person in whose account the said money in question has been transferred. Under present circumstances, the reply of the Opposite Party is not sufficient to prove that they are not deficient in providing good services. 9] As the Opposite Party has repeatedly mentioned the Section 79 of Information Technology Act, 2000, wherein under the heading Exemption from liability of intermediary in certain cases, the Section 79(1) speaks as under:- “Notwithstanding anything contained in any law for the time being in force but subject to the provisions of sub-section (2) and (3), an intermediary shall not be liable for any third party information, data, or communication link made available or hosted by him.” We feel it is important to also visit the definition of intermediary as mentioned in under Section 2(w) of the I.T. Act, 2000, which is reproduced as under:- “2(w) “Intermediary” with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online auction sites, online market places and cyber cafes.” The above Section 79(1) of the I.T. Act, wherein the word ‘Intermediary‘ is mentioned as well as the definition of ‘intermediary’ as provided by this Act under Section 2(w), does not mention the name of “Bank” as an intermediary. While a host of other entities such as telecom service providers, internet service providers, web-hosting service provides, search engines etc. are mentioned. In this particular provision it is very much clear that any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record, is defined as an “intermediary”. Whereas in the present circumstances, the Bank as such is an Organization which is into the business of Banking and this fact is also revealed from the first line at page 3 of the “Subscriber Form”, wherein the Opposite Party clearly states that “the Bank refers to Punjab National Bank, its successors and assignees, a Body corporate constituted in India under the Banking Companies (Acquisition and Transfer of Undertakings) Act No. 5 of 1970 and having its Head Office at 7, Bhikhaiji Cama Place, New Delhi – 110066”. And furthermore, in the next line, it mentions the word “Website” which means the website of the Bank. The “User” is referred to the customer of the Bank authorized to use internet banking services, in the present situation it is the complainant. The internet banking account refers to the user’s saving, current or any other account maintained by the Bank. The “Personal Information” refers to the information about the “User” obtained in connection with internet banking. While relating these definitions with the definition of “Intermediary”, we find that the record which the opposite party “BANK” claims to have received, stored and had transmitted is actually its own record maintained for the purpose of its banking services provided to the complainant and not for any other third party. In the present case, the data i.e. received, stored and transmitted is actually its own record and the Internet Banking activity is also being done for itself and not for a third party. Hence in the present case, the Opposite Party has actually tried to assign itself the status of an entity which separates it from itself, even though no demarcation has been specifically defined. The Opposite Party has failed to convince us as to in what manner it has assigned itself the status of “intermediary” as defined in Section 2(w) of I.T. Act, 2000. Hence, in the present context, we feel that the Opposite Party cannot claim the shield of Section 79 of I.T. Act, 2000 to save itself from the liabilities of having caused loss to the Complainant of his hard earned money. 10] It is also important to visit sub-section 2(c) of Section 79 of the I.T. Act, 2000, which clearly speaks that the provisions of Sub-section (1) shall apply if:- “the intermediary observes due diligence while discharging his duties under this Act and also observes such other guidelines as the Central Government may prescribed in this behalf.” Furthermore, under Section 79 sub-section (3) it is mentioned that the provisions of sub-section (1) shall not apply if:- “(a) the intermediary has conspired or abetted or aided or induced, whether by threats or promise or otherwise in the commission of the unlawful act; (b) upon receiving actual knowledge, or on being notified by the appropriate Government or its agency that any information, data or communication link residing in or connected to a computer resource controlled by the intermediary is being used to commit the unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner.” In the light of above provisions of Section 79, the reply/ version of the Opposite Party is completely void and does not mention that a due diligence was observed by the Opposite Party while discharging its duties under this Act. It is further not mentioned in reply that the Bank has not conspired or abetted or aided or induced the fraudulent transaction through which the money of the Complainant was withdrawn from his account. The Opposite Party has also failed to bring on record that it has actually made an effort to investigate as well as to locate as to how the said transaction had taken place and that on completion of such an investigation the Opposite Party has concluded and absolved itself of all the liabilities that it would have otherwise attracted in its failure to stick to the provisions of Section 79 of the I.T. Act, 2000, as well as Para 13 of the terms and conditions of the Subscription Form of which the Opposite Party itself is an Author. The opposite party has also not mentioned that it has gone through its records to confirm that none of its official or employee is involved or connected with the leakage of information or data of the complainant. Hence in such a situation having considered the section 79 of the I.T. ACT 2000 in its entirety the opposite party is very much liable to be held deficient in service. 11] As the Opposite Party in its reply has made simple denials to all the allegations of the Complainant, though answering them in a para-wise manner, but in the light of the circumstances mentioned above, and the provisions of law which the present case attracts, it was required that the reply of the Opposite Party should have been specific as well as supported by an evidence which is independent in nature and believable in the eyes of law. Hence, the Opposite Party has failed to bring any cogent, reliable and trustworthy evidence so as to prove its credentials with regard to have provided best of its services. 12] In the light of the above observations, we feel that the present complaint succeeds against the opposite party and we direct the Opposite Party to credit an amount of Rs.25,400/- in the account of the Complainant, along with simple interest as applicable to the saving’s account since its withdrawal till it is actually paid. We further saddle the Opposite Party with a consolidated amount of compensation to the tune of Rs.10,000/- on account of deficiency in service, mental agony and harassment. The Complainant is also awarded costs of litigation to the tune of Rs.5,000/-. 13] The above said order shall be complied within 30 days of its receipt; thereafter, the Opposite Party shall be liable for an interest @18% per annum on the aforesaid amount of compensation and the amount of Rs.25,400/- instead of savings interest from the date of its debit till it is paid, except for the cost of litigation. 14] Certified copy of this order be communicated to the parties, free of charge. After compliance file be consigned to record room. Announced 09th January, 2012. Sd/- (LAKSHMAN SHARMA) PRESIDENT Sd/- (MADHU MUTNEJA) MEMBER Sd/- (JASWINDER SINGH SIDHU) MEMBER
| | MRS. MADHU MUTNEJA, MEMBER | HONABLE MR. LAKSHMAN SHARMA, PRESIDENT | MR. JASWINDER SINGH SIDHU, MEMBER | | 
