SC Upholds SBI’s Liability In Fraudulent Transactions Case; Highlights Banks' Responsibility To Protect Customers
The Supreme Court has upheld the State Bank of India’s (SBI) liability for fraudulent and unauthorized transactions reported by a customer, emphasizing the duty of banks to safeguard their customers' accounts.
The Bench of Justice JB Pardiwala and Justice R Mahadevan dismissed SBI's appeal against the Gauhati High Court’s decision, which directed the bank to refund Rs. 94,204.80 to the customer who fell victim to a fraud.
The Court also urged account holders to remain vigilant and ensure OTPs and sensitive information are not shared with third parties. "We expect the customers, i.e., the account holders also to remain extremely vigilant and see to it that the O.T.Ps. generated are not shared with any third party. In a given situation and in the facts and circumstances of some case, it is the customer also who could be held responsible for being negligent in some way or the other. In view of the aforesaid, we see no good reason to disturb the impugned order passed by the High Court. The Special Leave Petition is, accordingly, dismissed," the Court ordered.
AOR Sanjay Kapur appeared for the SBI, and AOR Anil Shrivastav appeared for the respondent.
The customer had attempted to return an online purchase and, upon following instructions from a fraudster posing as customer care, downloaded a mobile app that facilitated unauthorized transactions from his account.
SBI argued that the customer shared sensitive information such as OTPs and M-PINs, thereby authorizing the transactions. However, the customer denied this claim, attributing the fraud to a data breach on the retailer’s website, which was beyond his control.
The Court agreed with the High Court’s reliance on clauses 8 and 9 of the Reserve Bank of India’s (RBI) Circular dated July 6, 2017. These provisions impose “zero liability” on customers for unauthorized transactions resulting from third-party data breaches if reported promptly. The Court noted that the customer had reported the fraud within 24 hours, satisfying the criteria for zero liability.
“All transactions relating to the account of the Respondent No. 1—herein maintained with the petitioner—Bank were found to be unauthorized and fraudulent. It is the responsibility of the bank so far as such unauthorized and fraudulent transactions are concerned,” the Bench stated, emphasizing that banks must utilize the best available technology to detect and prevent fraud.
While affirming SBI’s liability, the Court also reminded customers to exercise caution, stating, “We expect the customers, i.e., the account holders, to remain extremely vigilant and ensure that OTPs generated are not shared with any third party.”
The Court dismissed SBI’s appeal, reiterating that banks cannot abdicate their responsibility to protect customers from unauthorized transactions, particularly when reported promptly. "The Bank should remain vigilant. The Bank has the best of the technology available today to detect and prevent such unauthorized and fraudulent transaction. Further, clauses 8 and 9 respectively of the RBI’s Circular dated 6-7-2017 make the position further clear," the Bench said.
Cause Title: State Bank of India v. Pallabh Bhowmik and Ors. [Special Leave to Appeal (C) No. 30677/2024]
Appearance:-
Petitioner: Advocates Sanjay Kapur (AOR), Surya Prakash, Arjun Bhatia, Shubhra Kapur, Mahima Kapur
Respondent: AOR Anil Shrivastav
Click here to read/download the Order