The Bombay High Court has ordered HDFC Bank to refund ₹38.04 lakh to a Pune-based businessman who was defrauded through cyber means. The court emphasized that the account holder was not at fault and highlighted the bank’s responsibility in protecting customers from unauthorized online transactions.
The significant ruling was delivered by a division bench of Justices Bharati Dangre and Manjusha Deshpande, who noted that the businessman, Subodh Korde, was entitled to zero liability under the Reserve Bank of India’s (RBI) guidelines. The fraud occurred on July 15, 2021, when Korde lost the substantial sum through eight unauthorized online transactions executed within a short span of 41 minutes. Prior to these transactions, three unknown beneficiaries had been added to his account, and his daily transaction limit was inexplicably increased from ₹4 lakh to ₹40 lakh on the preceding day.
Korde maintained that he had not authorized these transactions nor had he received any One-Time Passwords (OTPs) for them. However, HDFC Bank contested this, asserting that OTPs and SMS alerts had been sent to the account holder. The High Court, in its order dated April 6, relied on established police findings and RBI guidelines, underscoring that the modus operandi involved SIM swapping or cloning. This technique allows fraudsters to duplicate a customer’s mobile number, thereby intercepting OTPs and other sensitive information necessary to authorize fraudulent transactions.
The court found that the burden of proof lay with the bank to demonstrate customer negligence, a burden HDFC Bank failed to meet. The bench observed that Korde had not been careless and had not shared his password with anyone. Therefore, the bank was directed to refund the full amount, along with interest at the rate of 6 percent, which would increase to 8 percent if the payment was not remitted within eight weeks.
The incident sheds light on the increasing sophistication of cyber fraud in India and the critical role of banks in safeguarding customer assets. The court’s decision reinforces the principle that customers who act diligently and report fraudulent activity promptly are often protected under existing regulations, provided they have not contributed to the loss through gross negligence.
This case follows a pattern of judicial pronouncements holding financial institutions accountable for customer protection in the digital age. Recent reports indicate other instances where individuals, including a Bombay High Court judge, have been targeted by sophisticated online scams involving fake customer care numbers and fraudulent applications, resulting in significant financial losses. These cases underscore the persistent threat of cybercrime and the need for enhanced security measures by both banks and consumers.
The Chenab Times News Desk