Customer Being Victim Of Cyber-Crime Has No Liability In Respect Of Unauthorized Transactions From His Bank Account: Gauhati HC
Finding that certain transactions taken place from the account of the petitioner vide his ATM Card were unauthorized and fraudulent in nature as born out from the investigation carried out by the State CID, the Gauhati High Court held that the petitioner has no liability in respect of such transactions as reflected in the statement of his bank account, and at the same time, directed the respondents to reverse the said amount in the savings bank account of the petitioner.
A Single Judge Bench of Justice Kalyan Rai Surana observed that “The respondent nos. 4 and 5 had not disclosed when the 19-digit ATM card no. 6220180537700030332 was issued to the petitioner, the date when it was activated for e-commerce and/or internet transaction. The respondent nos. 4 and 5 have also not pleaded that since the issuance of ATM-cum-debit card, the petitioner had been using it for e-commerce and/or internet transaction even before the disputed transactions done between 08.05.2012 and 17.05.2012”.
Therefore, in this case, “35 (thirty-five) transactions take place between the short period from 08.05.2012 to 17.05.2012. Out of these transactions, the State CID had been able to locate 12 IP addresses in Thane District, out of which 2 (two) IP addresses are fake. Therefore, the preponderance of probability is that the petitioner is a victim of cyber-crime. The respondent nos. 4 and 5 have not been able to show that any sms alerts were issued to the petitioner for all these transactions disputed by the petitioner”, added the Bench.
Advocate S. Banik appeared for the Petitioner, whereas Advocate P. Hazarika appeared for the Respondent.
The brief facts of the case were that the petitioner had claimed that an ATM–cum- Debit Card was issued to him by the Panjabari Branch of SBI without e-commerce facility. It was projected that although subsequently e-commerce facility was provided to the petitioner by providing a 16-digit ATM–cum-Debit Card, but without informing him and without providing the CVV number. Alleging that without CVV, e-commerce or on-line transaction cannot be done through the said ATM –cum- Debit Card, the petitioner did not create ‘3D’ password, which is mandatory for making online transaction through SBI secured gateway. It was contended that between the period from May 08, 2012 and May 17, 2012, a sum of Rs.4,44,699.17 was swindled out of his account through illegal on-line transactions, however, without any SMS alert being received in his registered mobile number. When the petitioner lodged a complaint before the bank branch (fifth respondent) and the CID, a case was registered under section 420 IPC read with sections 66 and 66(d) of the Information Technology Act, 2000. Thereafter, the petitioner moved the Banking Ombudsman by filing a complaint, which was rejected. Hence, the petitioner approached the High Court praying for an enquiry into the matter as to why SMS alerts for on-line transaction did not reach the petitioner’s registered mobile number and for directing the refund of the sum of Rs.4,44,699.17 along with applicable interest.
After considering the submission, the Bench found that the 19-digit ATM-cum-debit card was a ‘shopping’ card and that as per the SBI’s RTI reply, the said card had e-commerce facilities and that the elaboration was given in the manual supplied by the card vendor along with the kit.
As per the stand of the CID, Assam, the Bench found that during their investigation carried out in CID PS Case registered under section 420 IPC read with sections 66 and 66(d) of the Information Technology Act, 2000, they could trace out that crime of the case had originated from Thane District of Maharashtra and that the Investigating Officer had visited Maharashtra in connection with the case but the name and address of the suspect was found to be fake.
Further, the Bench noted that out of 12 IP addresses, the Investigating Officer found that two address related to one Sarala Subhash Vanjari of Central Police Station area of Ulhas Nagar, Thane, Maharashtra, but the address of the suspect was found fake.
“The CID could not trace out the remaining 10 IP addresses. The Nodal Officer, CID, Assam had informed the Investigating Officer that the internet service provider keeps log details for 6 (six) months and that IP details of more than 6 (six) months could not be provided. The CID neither seized the petitioner’s mobile nor collected the CDR of the SIM for the period between 08.05.2012 and 17.05.2012”, added the Bench.
Therefore, the Bench observed that there is no scope to verify the truthfulness of the version of the petitioner to establish whether he had received SMS alert or not and there is less scope for tracing out the accused of the case in near future.
The Bench also pointed that the respondents have not produced any record to show that SMS alert against alleged fraudulent transactions were generated and sent from their computer system.
“The petitioner had reported to the call centre number of the State Bank of India about unauthorized withdrawal and therefore, on 17.05.2012, the petitioner’s 19 (nineteen) digit ATM card was blocked. But the respondent nos. 4 and 5 did not preserve their record of having sent sms alert to the petitioner regarding e-commerce/ internet use of his ATM card”, added the Bench.
Accordingly, the High Court directed the respondent to deposit a sum of Rs.4,44,699.17 in the bank account of the petitioner with liberty to recover the said from the persons to whose account said money or part thereof were siphoned off.
Cause Title: Jyoti Bezbarua Goswami and Ors. v. State of Assam and Ors.