Companies should shun RTGS accounts

The recent fraud in Mumbai where Rs 2.41 crore was siphoned off from RPG group’s account through RTGS is a repetition of many such frauds which are happening on a regular basis in India.

While we continue to debate that Banks are responsible for making good the amount immediately, Banks continue to use their money power and influence to prevent or postpone such claims on one ground or the other.

Banks go to any extent including misrepresenting facts to Courts to confuse un-informed judicial persons that money lost belongs to the customer and he should file a police complaint and pursue the police to recover the money from the beneficiaries. They claim that they are doing a great service by cooperating with the police in the investigation but refuse to take the responsibility for the fraud.

I have discussed this in many forums and would like to reiterate here that

a) Banker Customer relationship is one of debtor and creditor. Money lost in the account is that of the Bank and not that of the customer. Hence it is the Bank which should file a police complaint and pursue and not the customer.

b) The compromise of the password may occur due to many reasons including negligence of the customer, ignorance of the customer, collusion of the Banker, vulnerabilities in the Bank’s systems, Virus, Trojans etc. In any such event, what occurs is a “Forgery” and the customer should not be held responsible for such forgeries.

c) Banks are using password based access systems instead of the digital signature systems recommended in law and by RBI because this saves them some cost. using such systems which are not legally accepted is exposing the public to risks where the Banks are doing a disservice to the community. Technology introduction cannot be at the cost of security and insecure E banking is against the Banking license norms.

d) I have so far seen three Banks namely Punjab National Bank, Axis Bank and ING Vysya Bank who are arguing that in Internet Banking frauds customer should only file litigation in the place where the server is kept. In effect they are saying that I will open a branch in your city, take your deposits, collect interest on loans etc., but when it comes to dispute resolution, you have to come to Delhi (PNB), or Mumbai (Axis Bank and ING Vysya Bank) where our servers are located. Tomorrow if my servers are in Timbaktu, you will have to come there and file a case. This is a serious violation of the Banking license terms and I have already raised the issue of cancellation of Branch license in places outside Delhi for PNB if they insist on this condition. The same now applies to Axis Bank of ING Vysya.

e) The so called Internet Banking terms which permit the Bank to use passwords of access and hold the customer resposnbile for phishing is ultra vires. In most cases no valid contract for Internet Banking exists on record.

f) There are already many judicial decisions in India and abroad holding Banks liable for phishing even when he has answered phishing mails out of ignorance.

g) RBI has categorically stated that Banks should shoulder the liability for phishing.

I would like legal professionals all over India to take note of the above points and file Adjudication applications in the respective States to protect their customers. I will be able to provide further assistance and guidance in this regard if required.

In the meantime the Bankers instead of improving their security are trying to close down the Adjudication system and the Cyber Appelate Tribunal. They are trying to take the litigation to conventional civil courts where it is expensive and frustrating for public to litigate.

Many of the Courts either out of ignorance or because a senior counsel appears for the Bank are accepting whatever contention is made by the Bank and issuing stay orders on the functioning of the Adjudicators.  We have already gone through one such case in Chennai.

First of all it is difficult to convince IT Secretaries of different States that they are “Adjudicators” under ITA 2008 and they are judicial authorities having exclusive powers under ITA 2008. Then to convince them of the legal position that Banks are responsible and not the customer even through the name of the Bank is big and the lawyer appearing for the bank is a big lawyer is even more difficult. Even then there are forces at work preventing a few of the judicially active IT Secretaries. Today there are only one or two IT Secretaries in India who are prepared to accept adjudication application and conduct the required proceedings.

Mr PWC Davidar of Chennai was one such person who was transferred by Jayalalitha in a routine manner after she took charge and since then Tamil Nadu adjudication is dead. Presently Maharashtra adjudicator Mr Rajesh Aggarwal is the only other IT Secretary who is prepared to entertain cases.

Under the circumstances my advise to Bank customers particularly the Companies who keep large funds in the account to disable their RTGS accounts immediately. Whenever they need to transfer funds online, they should issue paper based instructions or digitally signed electronic instructions to the Banks to execute the RTGS like issue of DDs. Since Companies have the manpower to depute a person to visit the branch if required, they are not constrained like individuals who need such services as a matter of convenience.

Individual also need to ensure that they maintain low balances in accounts where NEFT/RTGS facilities are available and donot link such accounts to other deposits with auto debit features.

I think there is a need to declare a war for safe  Banking. I have personally pursued this mission for the last several years and I invite others to participate in this crusade and strengthen my hands.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Bank, Cyber Crime, ITA 2008, RBI. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.