Kerala High Court rules-Not responding to SMS does not clear the Bank’s Liability

State Bank of India Vs P.V.George (Kerala High Court, 9th January 2019, RSA 1087 of 2018) will be a landmark judgement on determining liabilities in Digital Banking frauds,  much like the S.Umashankar Vs ICICI Bank in the adjudication under ITA 2000.

In a highly significant verdict, Kerala High Court has ruled that even when the Customer does not respond to the SMS alerts related to a fraudulent withdrawal, the Bank cannot deny the liability on a fraudulent transaction, despite the limited liability circular of RBI.

Copy of the judgement is here

Honourable Justice Mr P.B. Suresh Kumar delivering his judgement  ruled that the Bank was liable to repay the amount involved in  fraudulent withdrawals through ATM and rejected all the defenses that the Bank put up. (In the instant case, the withdrawals were in Brazil).

Bank defended on the ground that

i) loss was caused not due to any action or inaction of the Bank

ii) loss could not have occurred without the knowledge of the customer

iii) the money could be withdrawn only with the card and PIN known to the customer and hence customer alone is responsible. But this argument was rejected.

iv) When amount is withdrawn by international fraudsters, from ATM counters in a foreign country, Bank cannot be held liable.

v) Customer should have set the criminal law in motion in the foreign country for redressal of his grievance

vi) SMS alerts were given by the Bank to the Customer and the Customer failed to request for blocking of the account.

All the contentions of the Bank were rejected.

The judgement addressed several key issues relevant for Banking which the undersigned has repeatedly been impressing on different judicial authorities such as

a) The relationship between the Banker and Customer even in the digital banking scenario is that of the debtor and creditor and is determined by the contract.

b) Duties of care is an accepted implied term in the contractual relationship between the Banker and Customer. Though it cannot be exhaustively defined, Banks owe a duty to exercise reasonable care to protect the interests of the customer including prevention of unauthorized transactions.

c) It is the obligation of the Banks to create a safe electronic banking environment to combat all forms of malicious conducts resulting in loss to their customers.

d) Bank cannot contend that it is not liable in cases where the unauthorized access was caused by fraudsters abroad or insist that the customer has to pursue criminal case abroad.

e) SMS alerts cannot be the basis for determining the liability of the customer.

The Court therefore confirmed the decree with interest and costs payable by the Bank to the customer.

The judgement is extremely pleasing as it clarifies many issues which I have been personally arguing in the case of S.Umashankar Vs ICICI Bank which was recently settled in favour of the customer in TDSAT.

I suppose that this P.V.George Vs SBI judgement will settle the issue once for all that it is the duty of the Bank to compensate the customer in cases of all frauds. (only exception: where the customer has  personally conspired in committing the fraud)

Hopefully the principles enunciated here becomes the norm for other judicial fora also.



This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.