A customer has zero liability when an unauthorized transaction occurs due to a third-party breach where the deficiency lies neither with the bank nor the customer but somewhere in the system, the Bombay High Court ruled on Thursday. The court directed Bank of Baroda to refund ₹76 lakh fraudulently debited from a company’s bank account.
Justices Girish Kulkarni and Firdosh Pooniwalla heard a petition by Jaiprakash Kulkarni and Pharma Search Ayurveda Private Limited challenging the Banking Ombudsman’s refusal to order the refund. Citing a July 2017 Reserve Bank of India (RBI) circular and the bank’s Consumer Protection Policy, the court asserted that customers have zero liability in such cases.
The HC emphasized the rising incidence of cyber fraud, stating, “Both as per the RBI circular and the policy of the bank, a customer has zero liability when unauthorized transactions occur due to a third-party breach where the deficiency lies neither with the bank nor with the customer but elsewhere in the system.”
On October 1, 2022, beneficiaries were added to the petitioner company’s bank account without any OTP sent to the registered mobile number. The next day, ₹76 lakh was transferred to various unknown individuals. The petitioners promptly lodged a complaint with the Cyber Cell and informed the bank manager.
Despite the complaint, the Banking Ombudsman rejected their claim, stating the transactions were conducted using valid credentials. However, cyber cell reports confirmed no OTPs were sent to the petitioners. The court found no negligence or collusion on the petitioners’ part.
The court concluded that both the bank and the petitioners were victims of third-party fraudsters. As per the RBI circular, the petitioners were entitled to a refund. The court directed Bank of Baroda to refund the ₹76 lakh within six weeks, criticizing the Banking Ombudsman for inadequate inquiry.
