West Bengal

Kolkata-II(Central)

CC/337/2014

SHAMBHU PRASAD - Complainant(s)

Versus

STATE BANK OF INDIA & OTHERS. - Opp.Party(s)

S.K. DUTTA

04 Feb 2015

ORDER

DISTRICT CONSUMER DISPUTES REDRESSAL FORUM
KOLKATA UNIT - II.
8-B, NELLIE SENGUPTA SARANI, 7TH FLOOR,
KOLKATA-700087.
 
Complaint Case No. CC/337/2014
 
1. SHAMBHU PRASAD
69B/1B, SAMBHU BABU LANE, KOLKATA-700014.
...........Complainant(s)
Versus
1. STATE BANK OF INDIA & OTHERS.
P-135, C.I.T ROAD, KOLKATA-700014.
2. THE DY. GENERAL MANAGER, STATE BANK OF INDIA
16TH FLOOR, STATE BANK BHAWAN, MADAME CAMA ROAD, MUMBAI-400021.
3. THE GENERAL MANAGER , STATE BANK OF INDIA
SAMRIDDHI BHAWAN, 1, STRAND ROAD, KOLKATA-700001.
............Opp.Party(s)
 
BEFORE: 
 HON'BLE MR. Bipin Mukhopadhyay PRESIDENT
 HON'ABLE MR. Ashok Kumar Chanda MEMBER
 HON'ABLE MRS. Sangita Paul MEMBER
 
For the Complainant:S.K. DUTTA, Advocate
For the Opp. Party:
Ops are present.
 
ORDER

This is an application u/s.12 of the C.P. Act, 1986.

          Complainant by filing this complaint has submitted that complainant is an Account Holder State Bank of India, C.I.T. Road Branch, Kolkata vide account No.10825801125 and also having ATM Card No.6220180014000090117.

It is stated by the complainant that on 06-06-2009 he tried to withdraw Rs.20,000/- twice by using the said ATM Card, but did not receive the amount and subsequently on the same day he withdrew Rs.5,000/- from the said ATM Machine.  Thereafter, on 08-06-2009, the complainant again withdrew Rs.4,000/- and we found on the statement that his savings account balance is lying only Rs.520/-.  The said fact regarding non-payment of the amount of Rs.20,000/- through ATM operation was brought to the notice of the OP1 Branch Manager on 08-06-2009, but no response was given by the Branch Manager.  It is also stated by the complainant that finding no other alternative, he again approached the OP/branch Manager of CIT Road, on 19-06-2009.  Fact remains, on 18-07-2009 he received a letter from the Branch Manager, SBI wherein it is informed by the Branch Manager that from his Savings Bank Account No.10825801125 ATM Card No.622018011400900117 had withdrawn Rs.10,000/- in two times through ATM though his account was debited but cash was not disbursed.  Thereafter, the complainant also made representation to the AGM-III, State Bank of India on 23-07-2009 as well as to the General Manager, Department of Banking Supervision on 12-08-2009 who routed the same to the Branch Manager, CIT Road Branch who again e mailed the Acs and NFS for information but till date the complainant has not received any reply from the Acs or NFS and finding no other alterative the complainnt has lodged the instant complaint and the specific case of the complainant is that he never withdrew Rs.20,000/- from the ATM on 06-06-2009 and the loss of Rs.20,000/- from his account from the ATM of the OP/Bank who failed to provide adequate security and could not install secured ATM machines which resulted in loss of money of the complainant.  Hence, this case.

Whereas by filing written version the OPs/Bank submitted that it is not a fact that the complainant by using the said ATM Card tried two times to withdraw Rs.20,000/- on 06-06-2009 but did not receive the amount from the ATM Machine.  On the contrary be it submitted that from the journal printer as well as from the Mini Statement of the account of the complainant, is clearly reveals that he has received the amount of Rs.10,000/- twice on 06-06-2009 and, thereafter, again on the same date he has withdrawn and received the sum of Rs.5,000/-.  It is a fact that on the other occasion the complainant also withdrew an amount of Rs.4,000/- on 08-06-2009.  It is also a fact that as per complainant the alleged non-payment of the amount through ATM operation was brought to the notice of the OP/Branch Manager on 08-06-2009 but not a fact that no response was given by the said Branch Manager.  In its submission it is stated that though a representation of such a nature where it is alleged that the ATM withdrawn amount has not been disbursed, while documents show that the same has been disbursed on 06-06-2009, but the complainant was made on 08-06-2009 which makes it evident that the same was an after though of the complainant.  Fact remains, the OP/Bank have informed vide its letter dated 18-07-2009 to the complainant that the ATM withdrawal of Rs.10,000/- (twice) on 06-06-2009 was a successful transaction as per journal printer record which showed that the two withdrawals for the sum of Rs.10,000/- each were successfully disbursed.  When the ATM transaction of the complainant was successful and the same is evident from the ATM, statement of the complainant as well as confirmed by the Journal Printer, so there is no scope of any commitment towards refund of any money by them.  Hence, there is also no scope of alleging any deficiency of service on the part of the OPs.  In this regard Bank has no fault and there is no allegation or defect of the Machine within the two withdrawals and for such withdrawal practically complainant is responsible and OP/Bank has no responsibility about the transaction as alleged by the complainant.  The debit card is a personal possession and the card holder needs to take proper care of its safety to prevent the misuse.  So, the OP is not liable to reimburse the complainant for the loss.

Decision with Reasons

On through study of the complainant including evidence and the written version and the argument of the OP, it is no doubt a fct that complainant is a holder of Savings Bank Account being No.10825801125 with State Bank of India, CIT Road Branch, Kolkata having ATM card bearing No.62201800114000090117 which is being used by him and it is admitted position that complainant went to the ATM counter of OP/SBI at CIT Road Branch on 06-06-2009 tried to withdraw Rs.20,000/- but failed to receive the amount and subsequently on the same day he withdrew Rs.5,000/- from the same ATM machine.  Thereafter, on 08-06-2009 the complainant withdraw Rs.4,000/- and the balance as shown in the step against SB A/c. of the complainant is only Rs.520/-.

          The main contention of the complainant is that immediately on 08-06-2009 he brought to the notice of the OP/Branch Manager, SBI, CIT Branch alleging the fraudulent withdrawal of his money from the Bank amounting to Rs.20,000/- but no response was given by the OP/Bank.  So, he again on 19-06-2009 approached the Branch Manager of SBI, CIT Road Branch but he was informed that the transaction was a successful as per Journal Print Out of the Bank.  Thereafter, the complainant also made representations to the AGM-III, SBI on 23-07-2009 as well as to the GM, Deptt. of Banking Supervision on 12-08-2009 justice who forwarded his representation to the OP/Bank, CIT Branch, but anyhow the OP/Bank did not respond.  So, the complainant has alleged that the OP/Bank are dishonestly harassing for which he was suffered severe stress and mental agony for such dishonest act of OP/Bank which is no doubt deficiency in service on the part of the OPs that resulted the financial loss of the complainant, mental agony and harassment. 

          But OP/SBI submitted that the complainant made a transaction of Rs.5,000/- on 06-06-2009 and Rs.4,000/- on 08-06-2009 which were successful and by using the said card he twice withdrew Rs.10,000/- each on 06-06-2009 from the ATM Machine which has been debited from his account.  It is stated that the second and third transaction were successful transaction which was made from the CIT Branch i.e. in the same premises.

          In its submission Ld. Lawyer of the OP submitted that it is not possible for any bank for refund of money when complainant has failed to prove any cogent evidence that the money had been withdrawn by an unauthorized person from the ATM without ATM card and pin number and in this case, the complainant has failed to prove negligence and deficienicy on the part of the OP.  Further Ld. Lawyer for the OP submitted that as per system of ATM as prevailed at present an unauthorized person is unable to withdraw money from the ATM without using ATM card along with the pin number then it is the duty of the complainant to prove how the said money was withdrawn without using his ATM Card and PIN number which is in the custody of the complainant, but complainant is completely silent in this regard for which the complaint should be dismissed.

          On the other hand, the complainant submitted that he went to withdraw Rs.20,000/- from the ATM of SBI, CIT Road Branch on 06-06-2009 but did not receive the amount from the ATM Machine.  Subsequently he withdrew Rs.5,000/- from the ATM on the same day.  On other occasion the complainant also withdrew Rs.4,000/- on 08-06-2009 and he found his Savings balance is lying Rs.520/- only.  So, immediately, he took up the matter with the OP/Branch Manager on 08-06-2009 but he did not get any response from the OP/SBI about such non-payment of the amount through ATM from his Savings Account and showing debit of Rs.10,000/- each twice on 06-06-2009 from his savings account.  So, the casual approach and defence of the Bank that without ATM card and Pin Number no unauthorized person can withdraw the money from ATM is not scientifically accepted in view of the present operation of the hackers and at the same time when the complainant filed this complaint has no need to tell a lie before the bank authority or the Forum for such money but because it was stolen by adopting some scientific process by the hackers, so, complainant appeared before this Forum.

          Considering the argument of the Ld. Lawyer of the Op and also the judgment of the National Commission reported in 2011(2) CPR 26 (NC) as referred by the OP, we have gathered that it is normal procedure as it is found in all the ATM Cases, but fact remains that the complainant pointed out a very vital   question and if the observation and ruling of the National Commission are taken into account then Global problem of ATM Hacking cannot be solved by the judgment.  So, for that purpose, we have gone through some types of ATM threats practically card and currency fraud which involves both direct attacks to steal and indirect attacks to steal a consumer’s identity (i.e. card data and pin numbers).  The intent of direct attacks is to fraudulently use the consumer data to create counter feit card and obtain money from the customer’s account through fraudulent redemption.

          The word “try” as used by the complainant in his complaint regarding the attempts to withdraw the amount twice simply proves that there was no signal of ATM about the processing of the amount of the ATM Machine.  Invariably, at the first instance the ATM fails and for which 2nd attempt was made that also failed and in reality if the machine would be able to process in the first instance to deliver the money in that case there are no ground for the complainant to attempt for the 2nd time.  But invariably, the machine failed to process to deliver the amount to the complainant for which he 2nd time attempted to withdraw and when 2nd time also failed to process and deliver the amount complainant was disgusted and realized as per his knowledge that ATM machine was not functioning and unable to process and deliver money.  Because of the fact, he is in a habit to withdraw money on the earlier occasion and to verify this present disputed/ATM non-functioning he went to another ATM Booth and again tried when he was successful and on receipt of amount from other ATM he was satisfied that the disputed ATM was not functioning.

          Now, the question is why the complainant failed to get the expected amount even after using the ATM machine on two occasions, when he did not get the expected result.

          In this regard, at the time of hearing argument it is learnt as admitted position that the Security Guard was inside the ATM machine room, but Bank Authority has not produced CCTV footage and has not uttered a single word about the existence of Security Guard at that point of time.  If the CCTV Footage would be produced, actual activities of the security guard would be focused before the Forum on departure of the complainant.

          Considering the above fact and also present scientific method as adopted by the hackers, we are convinced somehow or otherwise the ATM machine was controlled by some hackers by adopting the present system of hacking by placing some devices which was invariably within the knowledge of the security and security guard was waiting for the departure of the complainant and with the help of devices the withdrawal was finally processed and no doubt in almost all the ATM machine Room, Security guards are participants in hacking with the hackers who loiters surrounding the ATM Room and particularly in this case simming or malwaring process was adopted by placing such devices and this matter was ventilated in so many judgment by this Forum and now CIDs, West Bengal have also admitted that at the time of investigation of ATM fraud Cases that simming and malwaring are adopted by the hackers in withdrawing customers amount from their account.  But truth is that Bank Authority has failed to control/such hacking by not using anti-devices to check and control such ATM fraud.

          So, in this regard, we want to ventilate the different procedures of hacking and at the same time no use of anti-hacking devices in each ATM is proved beyond any manner of doubt and in present ATM room that anti-devices have not been used in the present ATM Machine for which ATM hacker with the help of security managed to withdraw the said amount.

There is another procedure of hacking that is skimming and an ATM Card skimming is the most prevalent and well known attack against ATMs card skimming are devices used by perpetrators to capture card holder data from the magnetic stripe on the back of an ATM card, these sophisticated devices smaller than a deck of cards and resembling a hand held credit card scanner are often installed factory installed card reader his card into the card reader, the skimmer captures the card information before it passes into ATMs card reader to initiate the transaction.  The transaction continues in a normal fashion, when removed from the ATM, a skimmer allows the download of personal data belonging to everyone who used the ATM.  An expensive, commercially available skimmer can capture and retain account numbers and PINs for more than 200 ATM Card typically, criminals design skimming devices to be undetectable by consumers.

          There are certain kinds of card skimming attack and that generally occasion External Card Skimming – Skimming is made by placing a device over the card reader stop (motorized or dip) to capture consumer data from the magnetic stripe on the card during a transaction.  This is the most common form of card skimming.  There is another procedure i.e. called card trapping or fishing and card trapping and fishing attempt to steal consumer’s card as they are inserted into the card reader during a transaction.  The purpose of this type of attack is to steal the card and use it at a later time to make fraudulent withdrawals from the consumer’s accounts but this type of hacking was not happened in this case.  There is another type of trapping and fishing and currency trapping and fishing is an attempt by perpetrators to capture currency that is dispensed by the ATM during a transaction whether it be in an envelope or as cash that is being deposited by the consumer during a transaction and trapping is made by a false dispenser front placed over the shoulder of the dispenser with adhesive or tape on the inside  to trap the notes before they are dispensed whereas fishing is the methods used are similar to those used to fish or cards, virus proves and hooks that are difficult for the consumer to see are used to prevent cash from being dispensed.  When the unwary consumer leaves the ATM, the perpetrator returns and uses the fishing device to retrieve the currency.  There is another hacking system with malware and with any computer system the purpose of installing malicious software (malware) is to violate the confidentiality, integrity and/or authenticity or data on that computer system.  Designed to collect card holder data and/or dispense card, malware and hacking can occur both locally or remotely.  Local attacks operate by accessing the top hat and down loading the malware using a USB or attacking a USB sniffing device to intercept communication between the card readers and the ATM’s computer. Remote attacks on ATM network occur at some point in the communication with the host or at the backend infrastructure.  Typically, these sophisticated attacks are carried out by well-funded criminal organizations.  As per present global problem of ATM hacking malware threats are of particular concern as they are on the rise and constant by evolving on attempt to stay a head of security measures.  For malware to be installed physical and administrative access to the ATM platform’s operative system is necessary.  There are some other hacking of ATM by the hackers which are collected from some books on the subject the present situation in the global market on the ATM fraud around the world.  But peculiarity is that in all judgements nowhere all these types of hacking are discussed.  But only the simple method is adopted that an unauthorized person cannot withdraw money from ATM without using ATM card and PIN Code, but worldwide computer systems have expressed that there is no necessity to get the card and ATM PIN Code from the customer.  A person having computer knowledge of ATM system can easily trap the ATM card number and ATM by using devices and also the PIN code by playing some process by applying devices and thereafter they use it.  So, the juegement is passed by the different hierarchies have not discussed or considered the total method of hackers of ATM when card skimming is the most prevalent problem and it is the report of the banking sector of India that different types of ATM theft huge loss is being faced by the banking sector.  So, we have gathered that the present ATM card system are not at par scientific method because in the present ATM as being used by the banking authority has no skim resistance chip cards and at the same time the banking authority have their no knowledge of technologies of ATM fleet, but in whole Asia more and more countries in Europe are migrating towards embedded chip cards and FLS in Asia are rapidly expanding their network size, Asia is first becoming a target for ATM fraud.  The most prevalent type of fraud in Asia is card skimming.  It is to be mentioned in this regard if the bank authority does not submit any such document before this Forum that they have adopted devices to check the ATM from card skimming then we are convinced to hold that the op’s version that ATM was quite OK cannot be accepted but truth is that there is no such certificate issued by the bank authority that against the present ATM to check the fraud and card skimming they have expanded their network by migrating towards embedded chip and FLS in India but truth is that Malayasia and Taiwan like a smaller countries have already arranged such devices and most of the FLS in the region are adopting fraud deterrence technologies for their ATM fleet.  All these matters are not in the mind of administration of bank though more and more technologies are being invented by the hackers who are not simple thief but most intelligent and operate the ATM without any PIN code and ATM card and they are engaged in preparing system and devices to capture the customers card and PIN code and in such a manner and in this case that procedure was adopted by the hackers and in absence of ATM card and PIN code they withdrew it.  If anyone or any hacker complete skimming or malware that is sufficient during transaction and it is collected by present such devices and it is impossible to search out by security also that what has been done and subsequently it was preserved in their devices and in their software system and subsequently they use it.  So, practically in this case we have found that the ruling what has been referred by the Ld. Lawyer for the op is found not on the basis of any technologies but more and more studies are required by the Forum and also by the Lawyers to cope up with the present technologies, related to fraud adopted who are handling the ATM fraud to learn how and what manner fraud can be practiced by the hackers by adopting different technologies.  We pointed out two or three technologies but there are thousands of techniques.

          Fact remains in this case similar accident happened but bank is always casual and in their hand there are three or four rulings of National Commission or State Commission and said view are common in all respects but we have failed to understand why even today no such authoritative approach has been adopted by the hierarchy when all over the world ATM fraud is treated as a cyber crime.  So, present technologies must be read daily or at the time of handling such case it shall be dealt with the line of technologies as adopted by the hackers and at the same time anti devices should be used by the authorities of the bank to save their ATMs or online transaction etc.  So, it is the duty of the bank to submit such certificate that anti devices are applied with the ATM. So, question of hacking does not arise, but bank authority has not said so and no such certificate has been submitted by the bank authority but it is the duty of the bank to transact all type of transaction with safety and when bank has fixed ATM for smooth service then smooth security and anti devices must be fixed so that the hacker must not anyway get access by applying the technologies to withdraw the amount.

          After thorough study of different books of ATM fraud and securities and also different types of anti devices which are being used by the Taiwan Indonesia like the poor countries, we are astonished about their thinking for the customers but Indian banks are thinking for their only ruling of State Commission and National Commission to dismiss the case of the complainant but science is progressing technologies are progressing daily but we are lagging behind to go through the books because we are always relying upon some verdict but it is must be kept in our mind when we deal with particular matter, we must have to go through the particular subject also before coming into any conclusion.  So, in this case after thorough study of the entire method of hacking and also the above discussion, we are convinced to hold that the present type of hacking is logical attacks and same are being used in another ATM operating system of the same premises by applying different modes and in the present case, no doubt skimming has been adopted by the hackers and as because there is no anti devices in the ATM to defend the hackers attempt to withdraw money and fact is that the complainant went at the ATM Counter to withdraw Rs.20,000/- but did not receive the money from the ATM, but subsequently he withdrew Rs.5,000/- on the same date and on 08-06-2009 he again withdrew from his savings account Rs.4,000/- and found that Rs.10,000/- each (twice) has been withdrawn fraudulently and his bank balance is lying only Rs.520/-.         

          So considering all the material facts as discussed, we are convinced to hold that bank administration has failed to prove, they applied the system to counter attack and the anti fraud technology was applied for skimming resistance i.e. job cards or FLS.  So, it is proved that bank is no doubt negligent and deficient to give proper protection to the ATM card holder regarding security and safety of the identity of the card and confidential numbers and no such certificate has been submitted by the bank authority that they are using it but in Bangalore, Mumbai and other states same are being applied to check hacking.

          In the light of the above observations, we are convinced to hold that bank authority is negligent and deficient to give protection in respect of the ATM and also to the card holder for which we are convinced to hold that complainant is entitled to get back the amount of Rs.20,000/- with 8 percent interest and the op/bank shall pay and refund the same with interest against the savings bank account of the complainant.  After concluding our judgement we want to say that the bank authority to be more careful in future and their administration who are controlling the entire ATM all over India so that they may apply the present technologies to defend the fraud technology from the ATM fleet.  Otherwise the bank shall be always committed by producing two or three judgements of all the Commissions but truth is otherwise.

          In the result, the case succeeds.

          Hence,                                     

ORDERED

          That the case be and the same is allowed on contest with cost of Rs.5,000/- against the op/Bank.

          Op is hereby directed to pay the amount of Rs.20,000/- only with 8 percent interest from the date of stolen of money by the hackers from the ATM but same shall be refunded to the complainant and be deposited against his bank account within 15 (fifteen) days from the date of this order failing which for non-compliance of the Forum’s order op shall have to pay punitive damages of Rs.10,000/- only to this Forum but even then if it is found that op/Bank is reluctant to comply this order in that case the penal proceedings shall be started for which they may be imposed further penalty u/s 27 of the C.P. Act 1986. 

 

 
 
[HON'BLE MR. Bipin Mukhopadhyay]
PRESIDENT
 
[HON'ABLE MR. Ashok Kumar Chanda]
MEMBER
 
[HON'ABLE MRS. Sangita Paul]
MEMBER

Consumer Court Lawyer

Best Law Firm for all your Consumer Court related cases.

Bhanu Pratap

Featured Recomended
Highly recommended!
5.0 (615)

Bhanu Pratap

Featured Recomended
Highly recommended!

Experties

Consumer Court | Cheque Bounce | Civil Cases | Criminal Cases | Matrimonial Disputes

Phone Number

7982270319

Dedicated team of best lawyers for all your legal queries. Our lawyers can help you for you Consumer Court related cases at very affordable fee.