Burden Of Proving Customer's Liability In Unauthorized Transactions Is On Bank: Allahabad High Court

A Division Bench comprising Justice Shekhar B. Saraf and Justice Praveen Kumar Giri held, “A careful perusal of the aforesaid circular would show that the burden of proving the customer's liability in case of unauthorized electronic banking, lies upon the bank.”

Advocate Aniket Gupta appeared for the Petitioners and Advocate Namit Srivastava appeared for the Respondents.

A writ petition was filed by a father-son duo who alleged embezzlement of funds from their bank accounts. The petitioners, proprietors of separate firm,s had executed a transfer of ₹37.85 lakh from the father's account to the son's, which was subsequently transferred to a third-party account. The petitioners claimed the transaction was unauthorized and fraudulent, and lodged an FIR. With no action taken by law enforcement, they approached the High Court seeking a direction to Bank of Baroda and the RBI to restore the disputed amount along with penal interest.

The Court analyzed the RBI’s 2017 circular in detail, particularly Clause 12, which deals with customer liability in the case of unauthorized transactions. According to the circular, customers are considered to have "zero liability" if they notify the bank within three working days of the unauthorized transaction. The circular also makes it clear that it is the bank’s responsibility to prove whether the customer is liable in such cases.

Despite this framework, the Court found, “The burden of proving customer liability lies upon the bank and the bank, in its counter affidavit has placed passbook, documents showing beneficiary addition by petitioner no. 2, I.P. Address details of petitioner no.2, time and debit transfer details from the internet bank account of the petitioner no.2, a document showing password modification by the petitioner no.2 to discharge its burden.”

Further, the bank submitted documentary evidence in its counter-affidavit to discharge its burden of proof, including the account passbook, the details of the third-party beneficiary added by petitioner No.2, IP address logs, the timing of the transfers, and records showing that petitioner No. 2 had modified the internet banking password. These facts, the Court held, indicated that the petitioners were fully aware of the transactions and had not been defrauded.

The Bench emphasized that the RBI Circular is intended as a consumer protection measure—to shield genuine victims of cyber fraud, not as a means to dispute personal financial transactions under the guise of fraud. It stated, “RBI circular is to cover aspects of customer protection, including the mechanism of creating customer awareness on the risks and responsibilities, and customer liability arising in specific scenarios of unauthorized electronic transactions. The pupose(Sic) of this circular is to act as a shield for customers from fraudulent transactions and not as a sword in the garb of personal transactions.”

Concluding that the hacking allegations were unsubstantiated and that the petitioners were negligent, the Court held there was no case of embezzlement or cyber fraud and dismissed the writ petition accordingly.

Cause Title: Suresh Chandra Singh Negi & Anr. v. Bank of Baroda & Ors., [2025:AHC:115460-DB]

Appearance:

Petitioners: Advocates Aniket Gupta and Prem Chandra

Respondents: Advocate Namit Srivastava