Author-Ridhima, student at Panjab University Regional Centre, Ludhiana
To the point
The ruling is regarded as a landmark in consumer protection within digital banking, reinforcing that banks must proactively protect customers and maintain robust security protocols. It underscores that technological safeguards alone are not enough. Banks must also respond promptly and effectively when fraud is reported. The judgement sets a strong precedent, serving as a wake up call to financial institutions to uphold accountability and customer trust in an increasingly digitalized financial ecosystem.
The case of Hare Ram Singh vs. RBI & others arise from a cyber fraud incident in which the petitioner, Hare Ram Singh, an academician became a victim of a vishing scam, resulting in the unauthorized withdrawal of Rs.2.6 lakhs from his State Bank of India (SBI) account. Despite promptly reporting the fraud and not being negligent in sharing any sensitive information like OTP or passwords, the bank failed to fully compensate him. The case was filed before the Delhi High court, challenging the inadequacy of the bank’s response and invoking the “zero liability” principle laid down by the Reserve Bank of India in its 2017 circular on electronic banking frauds. The judgement became a landmark in enforcing consumer protection in digital banking.
Abstract
On 18 April 2021, Mr. Hare Ram Singh, a 55-year old academician, fell victim to a vishing attack as he received an SMS link prompted by a suspicious call. He clicked it upon instruction from a fraudster and consequently had Rs.260000 withdrawn from his SBI savings account through two unauthorized transactions. He immediately reported the fraud to SBI’s customer care, filed cyber crime and police complaints, lodged grievances via CPGRAMS, and approached the Banking Ombudsman. SBI (Respondent no.2) rejected the complaint, stating that the transactions were conducted through Internet Banking and authenticated with OTPs received by the petitioner. The BO acknowledged the vishing attack and directed SBI to refund only one-third of one transaction, i.e. Rs.33,334 which was credited to Singh’s account, and then closed the grievance. Aggrieved by the non-reimbursement of the remaining Rs.2,27,000, the petitioner filed a writ petition and argued a violation of RBI guidelines on customer liability in unauthorized electronic banking transactions.
Use of legal jargon
This case involves the violation of various fundamental rights provided under the Constitution of India. The petitioner alleged the violation of right to equality under Article 14, right to opportunity under Article 16, right to life and personal liberty under Article 21 and right to property under Article 300A. This act also talks about RBI Master Circular-“Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions”. Clause 6 of this deals with zero liability principle for customers not at fault. Clause 7(b)(i) provides for limited liability in cases where there is some degree of customer negligence. SBI’s actions and the Ombudsman’s interim directions are governed by Banking Ombudsman Scheme, 2006. The legal issue arose under this case was that whether the petitioner’s actions constitute negligence, making him liable, or should respondent no. 2 be responsible under RBI guidelines for unauthorized electronic transactions?
The proof
The petitioner i.e. Hare Ram Singh contended that he immediately reported the fraud and he had not shared any OTPs or sensitive credentials. He said that cyber theft stemmed simply from clicking a malicious SMS link. He invoked Clause 6 of the RBI Master Circular dated July 6, 2017 which mandates zero liability for customers who are not at fault and report fraud promptly. He also contended that SBI failed to implement robust digital safeguards to detect or prevent the fraud or to act swiftly upon notification. He requested the court to quash SBI’s rejection letter and restore the full amount plus interest.
The respondents, i.e. SBI and RBI, argued that the writ petition lacked specific cause of action or reliefs against it and thus was not maintainable. SBI contended that since the transactions were conducted via internet banking using OTP-based 2-FA, it implied some negligence by the petitioner suggesting the OTP might have been shared. Consequently, Clause 7(b)(i) of the RBI circular which permits limited liability for customer negligence should apply.
Case laws
Tony Enterprises v. Reserve Bank of India (2019)
The petitioner relied on this precedent where the court emphasized that banks owe a fiduciary duty to safeguard customers from online fraud, including scenarios like SIM duplication leading to unauthorized withdrawals. The case underlined that banks must have effective fraud detection and prevention mechanisms beyond basic security infrastructure.
Raghabendra Nath Sen v. Punjab National Bank
The court observed that ATM usage by the customer could not lead to bank liability even in cases of card cloning since the bank’s role is limited once the customer authentically uses the card.
State Bank of India v. K.K.Bhalla
This decision emphasized that ATM-cum-debit cards and PINs must be securely retained by the customer, once used by the customer, the bank bears no deficiency in service.
Punjab National Bank v. Shri Sankar Mukherjee
In this case, the customer had shared payment credentials, enabling the fraud, and consequently Clause 7(i) of the RBI circular was considered applicable.
Conclusion
On the issue of whether the petitioner was negligent, the Hon’ble court held that the petitioner’s actions did not constitute negligence, and the responsibility for the unauthorized electronic transactions lies with the respondent no.2 bank as per the RBI guidelines. The evidence demonstrates that the petitioner did not share sensitive financial credentials. Hence, the Hon’ble court allowed the writ petition, set aside the BO’s order and issued a writ of mandamus against the State Bank of India. The court directed Respondent no. 2 to pay Rs.2,60,000 to petitioner with 9% annual interest from the date of the fraud and pay Rs.25,000 towards the cost of legal proceedings.
FAQs
Why and when banks are responsible for frauds or scams?
Banks can be held liable for frauds or scams involving a person mainly because they are trusted custodians of people’s money and have a legal duty to protect it. The responsibility comes from a mix of legal obligations, regulatory requirements and trust based nature of banking. Banks has to take reasonable steps to prevent unauthorized transactions or suspicious activities. Banks must follow anti-fraud and anti-money laundering regulations and reporting suspicious activity to authorities. Since banks control the payment systems, apps, ATMs and online banking platforms, they are responsible for keeping them secure.
