Internet banking frauds are common place particularly in India. I often receive requests for guidance on this matter from victims from different parts of India not knowing what to do.

I am therefore placing these brief instructions for public information. What is stated here is my considered opinion (not to be construed as legal advice) as an Ex-Banker and a person involved in such litigations and is based on the guidelines contained in various RBI guidelines and Information technology act 2000.

Most of the time the Fraud comes to light when the customer observes one fine day that the balance in the account appears to be lower than what it should be. When he checks, he will be find that there were a a series of transactions reducing the balance to near zero. Most of the time customer would not have received even the SMS alerts and even if received it it would be after the money is gone.

Of late ATM frauds are also common. Here customer will have the ATM card safely with him but money would be drawn through the ATM and debited to your account.

In all these incidences, when the customer approaches the bank, the standard reply is “Our system is safe. If money has been withdrawn from the account through Internet, you must have given away your password to some body. If money has been withdrawn through ATM, some body might have taken your card withdrawn the amount and put the card back in your purse. It may be your son or your wife. Bank is not liable. Go and file a complaint with the Police.”

Sometimes the amount lost would be small. But there are cases of losses upto 1.65 cores that has come to my attention. It is estimated that approximately around Rs 6500/- crores is lost in such frauds in India each year.

In most of the transactions, the fraudster would have created new beneficiaries in the Internet account and transferred the amount to them. In one of the instances in HDFC Bank recently the fraudster used it to create virtual payment cards and encashed them. In one to the ICICI bank cases the amount was used to pay credit card outstandings which were used to buy Gold. There have been instances where the SIM card of the customer has been disabled and a fresh SIM card obtained by the fraudulent person to which the alerts and One Time Passwords are directed.

In most of the cases, the beneficiaries will be in the same Bank but in different branches. Occasionally it will involve other banks also.

Victims of such frauds are normally so shocked that they donot know what to do. When they approach the bank, Banks normally will tell them that they would do internal investigations and let them know. They will always ask one question. “Have you received any e-mail asking you to update your passwords?”. These are called “Phishing Mails”. In many cases there would be such mails to which the victim would have responded in ignorance. Some times the mails would have been received but it would not have been responded. In some cases no such mails would have been received.

In all the above cases it is necessary for the Victims to remember that the liability to pay back the amount lies with the concerned Bank where the account is maintained. It is for the Bank to file a complaint with the Police and pursue the case to recover it from other beneficiaries. It is not necessary for the victims to take the trouble of pursuing the Police complaint against the beneficiaries though filing a complaint against them is a duty of a Citizen.

There is however no legal compulsion for the victim to file a complaint with the Police. On the other hand there is an RBI mandate on the banks to file an FIR.

However in practice all Banks try to bully the victims to tell him that Bank is not responsible and customer should file a complaint with the Police.

If any Bank refuses to file a complaint and refuses to return the money immediately, the customer should file a complaint with the Police primarily against the Bank. Police should register the complaint and then investigate it further. Where the Police refuse the register the FIR against the Bank, complaint can be made to the DGP of the State and if this fails, a direction from a Court can be sought for an FIR to be registered by the Police against the Bank and for investigations to be made at the Bank.

After registering the FIR, the customers may approach the Adjudicator of the State with a suitable complaint under ITA 2008. Where the amount is small, a complaint can be made to the Banking Ombudsman also.

The undersigned normally advises for an attempt for settlement with the Bank through mediation. If this fails there is no option but to pursue adjudication.

Bank Customers may note that RBI has time and again advised Banks that all such frauds in the Internet banking must be settled by the Bank immediately and the liability must be borne by the Bank as against the victim. The same applies for ATM frauds as well. Banks have been advised to obtain insurance cover at their costs to recover their losses.

Because the customers are ignorant of the RBI guidelines many Banks take advantage and refuse to repay the money hoping that the customer will not have the resources to pursue the litigation. Some Ombudsmen may also be unaware of the exact nature of the issue and refuse to settle the dispute through mediation. Hence litigation may be forced on the customer.

Please note that if you are successful in your litigation, you would be able to recover not only the amount lost but also interest there on and the expenditure incurred. However you need to spend some money and also be prepared to wait for litigation process to be completed.

Banks take advantage of the fact that the Customer’s resources are low and he is suffering a loss in the first place where as the Bank has a huge resource with itself and a battery of lawyers to fight it out.

It will take some time for the judicial precedences to take root and Banks start settling the claims without litigation. Perhaps at least one case will go upto the Supreme Court and establish a precedent. Until such time there will be a need for every complaint to go through the trial at the Adjudicator’s office and also go through the appeal at the Cyber Appellate Tribunal and the State High Court.

The Adjudication system has been active in Chennai for the State of Tamil nadu, in Bangalore for the State of karnataka. There are also a few cases settled in Maharashtra and Gujarat. Other Adjudicators will also soon start handling such cases.

The “Adjudicator” for each State is the IT Secretary of the State and not the normal Civil Court. Adjudicators are expected to settle the cases within 4 months and the process is simpler than a normal court. Most of the time the customer may be able to handle the complaint on his own. If necessary guidance can be sought from legal professionals who are conversant with Cyber laws. The undersigned also provides guidance and assistance to the victims or other legal professionals to pursue such cases.

The undersigned believes that “Safe E Banking” is the need of customers in India and Banks are not taking adequate steps to keep E Banking safe. RBI has given necessary guidelines but Banks keep ignoring them. RBI is reluctant to punish the errant Banks and hence there is no fear of RBI reprisal for the Banks. Bank customers are therefore at the mercy of the greedy Banks who are pushing technology without security at the expense of the Customers.

This general guideline is presented for immediate information of the public. More details are available in the website as well as the E Book of Naavi on Cyber Crimes.

The undersigned calls upon all the members of the Public interested in creating a safe E banking environment to come together in a common platform for ensuring that the collective strength of the E banking customers can be channelized towards building a better and safer banking system in India.