News Updates

Bank Liable For Fraudulent Online Transaction If Account Holder's Fault Not Proved : NCDRC

Akshita Saxena
9 Jan 2021 4:56 AM GMT
Bank Liable For Fraudulent Online Transaction If Account Holders Fault Not Proved : NCDRC

The National Consumer Disputes Redressal Commission (NCDRC) recently held that in case of fraudulent transactions leading to withdraw of money from a person's bank account, the concerned bank shall be responsible for the loss, not the customer, if it is not proven that the fraudulent transaction had taken place due to account holder's fault.

The ruling was made by Presiding Member C. Viswanath, who opined that in today's digital age, the possibility that the credit card was hacked or forged cannot be ruled out.

The NCDRC stated that in a case where the Bank has been unable to prove that the impugned fraudulent transaction had taken place due to account holder's fault, for example loss of credit card, the Bank shall be made liable for the unauthorized transactions, as it is deemed that there was a security lapse in the electronic banking system through which the transactions had taken place.

"Bank cannot rely on arbitrary terms and conditions to wriggle out of its liability towards customers and any such terms and conditions must be in conformity with the directions issued by the RBI which is responsible for safekeeping of the Banking Systems and maintaining checks and balances in the same," the Commission said.


In the present case, the Commission was hearing a Revision petition filed by the HDFC Bank against dismissal of its appeal by the State Commission, thereby upholding the order directing the Bank to compensate the customer for fraudulent transaction from her account.

The Complainant-customer had stated that the credit card was in her possession when the disputed transactions had taken place. She further stated that the transactions had taken place remotely, several miles away from her actual location and therefore, the reason for the fraudulent transactions must be forgery/hacking of the card or some other technical and/or security lapse in the electronic banking system through which the transactions had taken place.

The Bank had on the other stated that the Credit Card must have been stolen and that it is due to the Card Holder's negligence that she lost safe custody of her card.


The Court noted that the Bank had failed to produce any evidence to substantiate its averment that the credit card was stolen or that the Complainant had resorted to any fraud/forgery.

"In the absence of any evidence that the credit card was stolen, I hold the Bank for the unauthorized transactions," Presiding Member C. Viswanath said.

The Commission relied on a RBI circular as per which, zero liability will rest with the customer, where the deficiency lies in the banking system.

As per Circular dated 6 July 2017:

A customer's entitlement to zero liability shall arise where the unauthorised transaction occurs in the following events:

  • Contributory fraud/ negligence/ deficiency on the part of the bank (irrespective of whether or not the transaction is reported by the customer).
  • Third party breach where the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system, and the customer notifies the bank within three working days of receiving the communication from the bank regarding the unauthorised transaction.

In the facts of the case, the Commission noted,

(i) The first unauthorized transaction took place on the 15.12.2008.

(ii) The said transactions were observed by the Bank on 15.12.2008 itself.

(iii) The Complainant's father was contacted only on 18.12.2008.

(iv) On 20.12.2008, within three days of receiving information form the Bank, the Complainant's father notified the Bank that the transactions were unauthorized.

"In such circumstances, therefore, even if the deficiency was not with the Bank, but elsewhere in the system, the Bank will be held liable for all the 29 unauthorized transactions which were effected from 15.12.2008 till the card was hotlisted, i.e. till 20.12.2008," the Commission said.

Reliance was also placed on Punjab National Bank & Anr. v. Leader Valves II, (2020) CPJ 92 (NC), where the Commission while addressing the question of liability of a Bank in case of unauthorized and fraudulent electronic banking transactions, had observed:

"The first fundamental question that arises is whether the Bank is responsible for an unauthorized transfer occasioned by an act of malfeasance on the part of functionaries of the Bank or by an act of malfeasance by any other person (except the Complainant/account-holder). The answer, straightaway, is in the affirmative. If an account is maintained by the Bank, the Bank itself is responsible for its safety and security. Any systemic failure, whether by malfeasance on the part of its functionaries or by any other person (except the consumer/account-holder), is its responsibility, and not of the consumer."

Case Title: HDFC Bank & Anr. v. Jesna Jose

Related : Banks Cannot Recover From Customers The Amount Lost By Them Through Online Fraud : Kerala HC [Read Judgment]

Banks Liable For Unauthorised Withdrawals Even If Customers Did Not Respond To 'SMS Alerts': Kerala HC [Read Judgment]

Next Story
Share it