Consumer forum news: The National Consumer Disputes Redressal Commission (NCDRC) has directed the State Bank of India (SBI) to refund Rs 12.93 lakh fraudulently siphoned off from the account of a retired Bengaluru professor in an alleged digital scam, ruling that the customer was entitled to “zero liability” protection under RBI guidelines.A bench comprising Justice A P Sahi (president) and Bharatkumar Pandya (member) was hearing a second appeal filed by SBI against concurrent findings of the district consumer commission, Bengaluru, and the Karnataka State Consumer Disputes Redressal Commission, both of which had ruled in favour of one K P Sreenath, a retired professor of Botany at Bangalore University.“In our opinion, therefore, the conclusions arrived at by the fora below (state and district consumer forums) are essentially on the basis of the facts as established on record and the fora below are absolutely right in their conclusion that the entire liability for the loss lies with the bank in view of para 6(ii) of the RBI circular,” the national consumer commission said on May 15, dismissing SBI’s appeal. Justice A P Sahi (NCDRC president) and Bharatkumar Pandya (member) noted that the RBI’s circular places the burden of proving customer negligence squarely on the bank.2 questions before NCDRCWhile hearing SBI’s second appeal, the NCDRC framed two principal questions: whether the bank could be held liable for third-party fraud and whether such liability was governed by the Reserve Bank of India (RBI) circular dated July 6, 2017.The consumer commission examined paragraphs 6 to 8 of the RBI circular dealing with “zero liability” and “limited liability” of customers in unauthorised electronic banking transactions.The bench observed that paragraph 6(ii) grants complete protection to customers where the deficiency lies neither with the bank nor with the customer, but elsewhere in the system, provided the customer reports the unauthorised transaction within three working days.The national consumer commission also noted that paragraph 12 of the RBI circular places the burden of proving customer negligence squarely upon the bank.Rejecting SBI’s submissions, the NCDRC held that the bank had failed to produce any documentary evidence, technical logs or system records establishing that the complainant had shared OTPs or payment credentials with fraudsters.It further held that sharing Aadhaar details could not automatically be equated with sharing payment credentials and that the complainant had promptly reported the fraud after discovering it.Holding that the case squarely fell within paragraph 6(ii) of the RBI circular, the NCDRC dismissed SBI’s appeal and upheld the directions requiring the bank to refund the entire fraud amount with interest and compensation.Fraudulent withdrawals from retirement corpusAccording to the complaint, Professor Sreenath retired in November 2017 and received retirement benefits amounting to nearly Rs 25 lakh, which were credited to his SBI savings account maintained at the Nagarabhavi branch in Bengaluru.Also Read | Woman’s left kidney removed instead of right, her family gets Rs 1.5 croreOn March 11, 2019, he approached the bank seeking a transfer of the amount to another bank account through Real-Time Gross Settlement (RTGS) and paid the required charges. However, the transfer was allegedly never executed, and the bank also failed to inform him about the unsuccessful transaction.The complainant later discovered during a visit to the branch on April 30, 2019, that Rs 12,93,922 had been fraudulently withdrawn from his account through multiple unauthorised transactions carried out between April 12 and April 30, 2019. Following the discovery, he lodged complaints with the bank authorities, local police, Cyber Crime Police Station and the banking ombudsman.He alleged that the fraud occurred because of weak banking software, inadequate firewall protection and the SBI’s failure to maintain proper security systems to safeguard customer accounts.Story continues below this adClaiming a deficiency in service on the part of the SBI, the retired professor approached the district consumer commission in July 2021 seeking a refund of the fraudulent amount along with interest and compensation for mental agony.Customer negligent, SBI claimedSBI contested the complaint and argued that the fraudulent transactions occurred because the complainant himself had allegedly shared confidential information, such as one-time passwords (OTPs) or Aadhaar-related details, with unknown persons.The bank further contended that SMS alerts regarding the transactions had been sent to the complainant’s registered mobile number, but he failed to take immediate action and delayed reporting the unauthorised withdrawals.SBI claimed that there was no deficiency in service and that the liability had to be borne entirely by the complainant.The bank also relied upon the findings of the banking ombudsman, who had observed that the transactions could not have taken place unless the complainant had shared the OTP required for setting the MPIN.The bank argued that the matter fell within paragraph 7(i) of the RBI Circular dated July 6, 2017, which deals with customer negligence and full customer liability.Also Read | Can authorities seize your property over acquaintance with a ‘gangster’? Uttarakhand High Court answersDistrict commission held SBI liableThe district consumer commission had rejected SBI’s defence and held that mere sharing of Aadhaar details could not have enabled fraudulent access to the complainant’s account. It noted that the bank had failed to produce any cogent evidence showing that Professor Sreenath had shared OTPs, MPINs or other payment credentials with fraudsters.The commission further observed that even the bank’s own internal records described the incident as a fraud committed by an unknown third party. It also held that the complainant became aware of the fraud only on April 30, 2019, and reported the matter to the bank on May 2, 2019, within three working days of learning about the unauthorised transactions.Relying on the RBI Circular titled “Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions”, the district commission concluded that the complainant was entitled to “zero liability” protection under paragraph 6(ii) of the circular.Story continues below this adAlso Read | Excluding wife, kids does not invalidate Will, says Supreme Court: Why ‘natural heirs’ can’t claim property by defaultAccordingly, SBI was directed to refund Rs 12,93,922 along with applicable savings bank interest calculated from the date of each unauthorised debit till full realisation. The bank was also directed to pay Rs 25,000 as compensation for mental agony and Rs 10,000 towards litigation expenses.The Karnataka State Consumer Disputes Redressal Commission later upheld these findings and dismissed SBI’s first appeal, observing that banks could not “wash their hands” of liability merely on technical grounds when the fraudulent transfers had taken place through the banking system itself.