Kerala High Court rules-Not responding to SMS does not clear the Bank’s Liability

Posted on February 1, 2019 by 98410spice

State Bank of India Vs P.V.George (Kerala High Court, 9th January 2019, RSA 1087 of 2018) will be a landmark judgement on determining liabilities in Digital Banking frauds,  much like the S.Umashankar Vs ICICI Bank in the adjudication under ITA 2000.

In a highly significant verdict, Kerala High Court has ruled that even when the Customer does not respond to the SMS alerts related to a fraudulent withdrawal, the Bank cannot deny the liability on a fraudulent transaction, despite the limited liability circular of RBI.

Copy of the judgement is here

Honourable Justice Mr P.B. Suresh Kumar delivering his judgement  ruled that the Bank was liable to repay the amount involved in  fraudulent withdrawals through ATM and rejected all the defenses that the Bank put up. (In the instant case, the withdrawals were in Brazil).

Bank defended on the ground that

i) loss was caused not due to any action or inaction of the Bank

ii) loss could not have occurred without the knowledge of the customer

iii) the money could be withdrawn only with the card and PIN known to the customer and hence customer alone is responsible. But this argument was rejected.

iv) When amount is withdrawn by international fraudsters, from ATM counters in a foreign country, Bank cannot be held liable.

v) Customer should have set the criminal law in motion in the foreign country for redressal of his grievance

vi) SMS alerts were given by the Bank to the Customer and the Customer failed to request for blocking of the account.

All the contentions of the Bank were rejected.

The judgement addressed several key issues relevant for Banking which the undersigned has repeatedly been impressing on different judicial authorities such as

a) The relationship between the Banker and Customer even in the digital banking scenario is that of the debtor and creditor and is determined by the contract.

b) Duties of care is an accepted implied term in the contractual relationship between the Banker and Customer. Though it cannot be exhaustively defined, Banks owe a duty to exercise reasonable care to protect the interests of the customer including prevention of unauthorized transactions.

c) It is the obligation of the Banks to create a safe electronic banking environment to combat all forms of malicious conducts resulting in loss to their customers.

d) Bank cannot contend that it is not liable in cases where the unauthorized access was caused by fraudsters abroad or insist that the customer has to pursue criminal case abroad.

e) SMS alerts cannot be the basis for determining the liability of the customer.

The Court therefore confirmed the decree with interest and costs payable by the Bank to the customer.

The judgement is extremely pleasing as it clarifies many issues which I have been personally arguing in the case of S.Umashankar Vs ICICI Bank which was recently settled in favour of the customer in TDSAT.

I suppose that this P.V.George Vs SBI judgement will settle the issue once for all that it is the duty of the Bank to compensate the customer in cases of all frauds. (only exception: where the customer has  personally conspired in committing the fraud)

Hopefully the principles enunciated here becomes the norm for other judicial fora also.

Naavi

 

Posted in Cyber Law | Leave a comment

Banking Ombudsman for Digital Payments

Posted on February 1, 2019 by 98410spice

Presently the RBI scheme for ombudsman covered the resolution of disputes regarding Bank transactions.

A Notification dated January 31, 2019 has been issued for this purpose.

The scheme has been launched under Section 18 of the Payment and Settlement Systems Act 2007 to cover disputes arising due to the deficiency in customer services in digital transactions conducted through non bank entities regulated by RBI.

Complaints related to the digital transactions conducted through banks will continue to be handled under the Banking ombudsman scheme as at present.

The details of the scheme are available here.

Naavi

 

Posted in Cyber Law | Leave a comment

Lawyer booked for fabricating legal documents. Bar Council needs to Bring Back Ethics in the profession.

Posted on February 1, 2019 by 98410spice

In a very significant development, a well known Cyber lawyer has been booked along with a Notary and two others,  in Thane for fabricating documents submitted in the Court. According to information available, a document was notarized on behalf of a client  and submitted in a Court proceeding though the executant was not even in India at the time of the purported execution of the documents.

In 2016, in a similar incident, an woman lawyer also in Thane had been arrested for fabricating legal documents for securing her clients.

In a related development, the law firm Cyril Amarchand Mangaldas withdrew its 2016 report that had given a cleanchit to former ICICI Bank chief executive Chanda Kochhar with regard to nepotism allegations against her. Now that the Justice Srikrishna enquiry had indicted her in the Videocon case, the law firm has retracted their earlier report in a self admission of their guilt.

These incidents indicate the alarming tendency of the advocates going to any extent to win a case even if it borders on illegality.

The charging of the professional advocate Prashant Mali for falsification of documents follows the recent trends where Chartered accountants have been criminally indicted for either falsifying audit reports or providing illegal advises to the clients to cheat the Government on taxes.

The immediate reaction could be to sympathize with the professionals because the basic motive behind these actions was to promote their professional services and unfortunately, they forgot that there was something called “Ethics” in business/profession.

But when these professionals adopted unethical practices and transgress into the domain of illegality,  they are actually stealing  justice from their opponents who were innocent parties to a litigation and perhaps deserved the support of the judiciary. Hence we need to take objection to such practices.

The advocate Mr Prashant Mali involved in the recent case is known to have recorded many significant achievements in Cyber Law cases. He is a prominent conference speaker also and is well known in professional circles. He may also be resourceful enough to get himself cleared of the charge.

But this incident underscores the fact that “Advocates” are increasingly becoming abetters in crime by adopting unethical shortcuts to reach their objectives.

This must stop.

We therefore welcome the Thane Police for taking up this issue and wish it would be pursued to the logical end in the interest of preserving the integrity of the judicial system in India.

Pursuing the complaint which actually constitutes multiple offences such as forgery, conspiracy to create falsified documents and misleading a Court through perjury is essential. It would be good for the community of honest advocates who in trying to be ethical, often lose clients to the dishonest and crooked lawyers.

Integrity of the Judicial System needs to be preserved

Citizens who hold the Courts in high esteem, look upon the Courts as temples where justice is delivered. Justice often is delayed and some times, justice based on a bad law may not be good justice. However, within the limitations of the law as drafted and as interpreted and as supported by evidences, justice is dispensed by Courts in good faith.

In a large measure, Judges discharge their duties in good faith and honestly and hence public still have some confidence in the system. However, we often hear of corruption in the Judicial system and ideological leanings of judges. These are aberrations with which the society has to live.

Hopefully the culture of the country like India where there is still respect for traditions based on Ramayana and Mahabharata etc., ..the so called  “Hindu Culture” has instilled some sense of duty in most people born in India even if they belong to non Hindu religion. In the recent days, there may be an attempt to change this traditional mindset of “being honest”, “Being truthful” etc. as the society chases money. But largely the foundation of honesty and the fear of “Karma” is in place and this is what is holding up the Indian Judicial system from crumbling.

But the bane of the Indian judiciary has long been the advocates who are actually expected to be “Servants of the Court” and duty bound is to assist the Court in rendering justice, but often turn out to be the persons responsible for misguiding the clients as well as the Courts. In a bid to win cases, Advocates advice their clients to lie on oath as a standard part of tutoring the witnesses. (Prosecution may not be far behind this practice of making witnesses lie on oath but this does not justify the corruption of the legal profession by abandoning of ethics).

Advocates are also the main conduit for corrupting the judiciary and bench hunting that happens in Courts is part of the manifestation of this trend.

Where the fault lies

Our legal education system appears to have failed in its duty to inculcate “Ethics” as part of the culture with which advocates leave the educational institutions and join practice.

The Bar Council also has failed in instilling the ethical principles in the functioning of their members.

The Judiciary also does not  take corrective action  on the advocates who are proved to be making false statements both orally and in the affidavits they make their clients to sign.

Thus all of these three institutions have to share the blame and look for what they can do to clean up the system of such unethical legal practice. When these types of lawyers become judges in due course, they will definitely corrupt the judiciary also.

Bring Back Ethics in the profession of  Advocates

It is therefore time that we bring some ethics into the profession of advocates and boost the profession of ethical advocates against the not so ethical.

The Bar Council has to take the lead in this by taking disciplinary action against erring advocates when such incidents surface, by suspending their practice until at least the charges are cleared if not permanently. But such advocates should be permanently black listed for future appointment to any judicial positions.

If Mr Hardik Pandya and K.L.Rahul can be suspended from playing cricket because of inappropriate statements, there is no reason why the Bar Council cannot take punitive action in case of proven falsification of documents as it appears to have occurred in this incident.

Thane Police and Judiciary will be on watch

Public will be watching what further action is taken by the Thane police and the relevant Court. Will they be persuaded into overlooking a fraud? or take such action that would make other advocates to think hundred times before embarking on such practices?…only time will tell.

I am sure that such incidents do happen in all Courts and hence the right action taken here will set an example across the country.

Naavi

Posted in Cyber Law | Tagged , | 2 Comments

Open Door Policy of State Bank of India!

Posted on January 31, 2019 by 98410spice

If we want to enter a branch of SBI, we may have to encounter a guard, half closed gate. In secure rooms, there may be even an access controlled doors. But it is a surprise to know that the server which houses the “Customer data” which is as valuable as the entire deposit of the customers, was not secured even by a password let alone a robust encryption.

This is the revelation made by a security researcher (Refer article in india today) based on which it appears that millions of customer’s account data has been kept open for anyone to view and perhaps download. It is not known as to how long the server was left in that condition.

The security researcher was reportedly able to track transaction details in real time. In fact, the media report states the researcher was able to witness 3 million messages on Monday alone.

It is said that the leak has now been plugged.

This is indicative of the information security that the biggest of the Banks follows. Probably other Banks are worse off. We have pointed out in the past that some how SBI appeared to lead the Banks on which fraudulent phone calls for phishing was the highest. (Refer here).

We have also pointed out earlier that Axis Bank and Punjab National Bank besides ICICI Bank are notorious for phishing frauds. When we confront these Banks in judicial fora, they always come up with a ISO 27001 certificate stating that their system security is the best in the world. But the reality is that even the bigger Banks which donot have the dearth for funds to hire the best talents in the country are woefully short of security at the implementation level.

One estimate is that around 740 million sets of data might have been compromised in this incident. Had there been PDPA 2018 in place and it is imposed as strictly as GDPR on FaceBook etc., SBI would have to run a liability of Rs 100+ crores. SBI is fortunate that the data breach has occurred now before the PDPA 2018 has become a law.

SBI-Adhaar Enrolment fraud

Just two days back, there was another report in which SBI had allowed  its systems to be misused in the Aadhaar enrollment scheme and tried to blame UIDAI for lack of security. (See report here).

In this case, SBI had used an outsource partner for Aadhaar enrolment unlike many other Banks which have trained their own officers for the purpose. The employee of the outsource partner (Mr Vikram) had with the help of his operator ID,  used to generate Aadhaar cards using fake documents between November 9 and November 17, 2018. He had managed to generate bogus Aadhaar cards using “multiple station IDs” in his name.

According to one report in Moneycontrol.com,  SBI had outsourced its Aadhaar enrolment work to two vendors FIA Technology Services Pvt Ltd and Sanjivini Consultants Pvt Ltd – in the Chandigarh region to reach its Aadhaar enrolment target. Probably Vikram was an employee of one of these sub contractors. (It appears that these firms were empannelled by UIDAI). He was fined Rs 33 lakhs by UIDAI.

The Bank has come out with a strong defense in support of Mr Vikram (See report here) . An internal investigation by the SBI and its vendor gave a clean chit to Vikram against the UIDAI charges. The bank has also requested the UIDAI to remove the penalty and allow him to return to work, it added. The bank has also urged the UIDAI to offer an explanation on the incident and the creation of multiple station ids.

Legally, Mr Vikram being an agent of SBI and using the ID on behalf of the Bank, the Bank is fully liable for the incident. We can always debate if UIDAI could have some enhanced security to identify if one operator was using multiple station IDs. But the primary responsibility has to be boarne by SBI.

The strong counter posed by the Bank indicate that the Bank wants to protect Mr Vikram and this gives room for suspicion if any other person in the Bank was also involved in a larger fraud.

This incident is an eye opener to judicial authorities who some times get enamored by a Bank making a statement that “Our Security is the Best and if any fraud has happened it is only because of the customer’s negligence.

The above two incidents indicate a serious lapse in the information security status in SBI and there is a need for some heads to roll.

Naavi

 

Posted in Cyber Law | Tagged , , | Leave a comment

Product pricing in E Commerce and Consumer interests

Posted on January 30, 2019 by 98410spice

The new FDI guidelines applicable to E Commerce will be coming into operation from 1st February 2019. The copy of the revisions in the FDI policy is available here.

The guidelines provide that 100%FDI through automatic route is subject to certain conditions, one of which is that a vendor in whom the market place has ownership or controlling interests shall not generate more than 25% of its sales through the market place.

If any vendor does more than 25% of its sales through a single market place, it will trigger an inventory model and the e-commerce entity will not be considered as a market place. The inventory based model of e commerce is not eligible for FDI.

The vendors like cloudtail operating on Amazon or WSRetail on Flipkart  used to offer deep discounts and quick deliveries. There was no doubt that this was hurting the offline vendors who were charging more for the same product because they had to bear higher costs of physical presence.

The offline traders are therefore happy  and this is considered an advantage in political terms to BJP.

Though there are some optimistic statements from the E Commerce giants that they will rework their contracts so that the discounts etc may continue, it looks possible that the good days of competitive pricing on e-commerce platforms for computer products, mobiles and consumer household goods are over. The “efficiencies” of e-commerce which was expected to bring benefits would reduce.

The market movement to offline vendors would re-open the use of black money for purchase of consumer goods and part of the digitization benefits would also be lost.

It is possible that non FDI dependent platforms, one of which may be the Ambanis could replace Amazons and Flipkarts and possibly continue to provide the kind of discounts that has become a norm for E Commerce sales.

Where is  Consumer Interest?

It is however necessary to flag the fact that this move to render e-commerce platforms supported by FDI stop selling at the prices which they do now will only mean that consumers will have to pay more and suffer the inefficiency of the local vendors.

It is necessary for us to realize that what is being called a “Deep Discount” by the e-commerce players is a combination of trading of the dealer discount and the savings achieved because of higher volume of sales. The greedy nature of the offline merchants is also one of the reasons why there is a huge difference between the local vendors and e-commerce vendors.

The local vendors by virtue of their physical contact could have scored over the e-commerce merchants through better consumer service, better product assurance etc. But they have so far not shown any initiatives to make consumers feel that their neighborhood sellers are better from long term relationship. The warranties and service are provided only by the manufacturers and the local vendors donot add any value of their own to the product.

From the consumer’s perspective, what matters is the price paid by him for acquiring the product and the distribution of profits between the wholesaler, retailer etc are of no concern to him. If therefore a product X is available at Rs 2000 on line and the same product is available at Rs 3000/- in the local store, there is no reason why he should not opt for the convenience of online shopping where he can compare prices, search across brands, read reviews etc., without moving out of his work place or home.

In case of small purchases, E Commerce purchases are the only option since it is unlikely that the buyer would take the time to go out to a shopping mall and buy an electronic product which costs a couple of hundred rupees or less. In fact by not moving out he would decongest the roads and save his productive time.

I recently pointed out how offline vendors are making usurious profits in a specific instance and wonder why we should not take consumer action against the company for cheating the offline consumers by over pricing the product in the offline selling point.

I have explained this in greater detail in the article “Stop this Day light robbery from Shell India Marketing“.

Essentially I have pointed out that Shell India is selling a 4 liter lubricant oil can in its authorized show rooms at Rs 4980/- as against the online price of Rs 2299/-.

I am not able to believe that this is a deep discount given by the e-commerce merchant. it is in my opinion, an exploitation by the offline merchant.

In fact, I want some consumer action group to take up this matter and demand that Shell India stops this exploitative sale in their authorized show rooms and let the online merchants do the sale.

This is just one example of a product being over priced offline. It happens in case of consumer goods like Mixers, TVs etc., where there is a heavy dealer discounts passed on by the manufacturers which the dealers keep it to themselves and not pass on to the consumers., citing the “MRP” on the product package.

The E Commerce Guidelines may therefore be good for offline merchant intermediaries but certainly is anti-consumer. If products are sold at higher prices, Government will get better tax revenue and hence there is a vested interest in the Government to allow exploitation of the consumer.

Can the Consumer interests be protected? 

It is time for the Government to find some innovative solutions to ensure that the offline merchants are able to preserve their sales at a lower marketing costs so as to be competitive with the online sellers.

One thought could be to provide the convenience of online marketing  by creating a national network of offline merchants and providing an exclusive free online platform.  This could work like a cooperative federation for which Government can pass on exclusive tax concessions.

Let the neighborhood merchant sell the products on par with the online merchants and get the benefit of lower taxes, lower inventory movement costs, shared promotional costs etc so that his profits are retained even if he sells at the dealer’s price. The scheme could run like the “Duty Drawback Scheme” for promotion of exports and can be made specific to the objectives of achieving social justice through differential rates of drawback on different products.

Will the Government give a thought to such an idea?

Naavi

Also refer

Copy of the revisions in FDI policy

Refer article in livemint.com

Refer Article in hindustantimes

Can the “e-Janata Bazaar” carve out the future of Digital India?

Posted in Cyber Law | Tagged , | Leave a comment

Intermediary Guidelines..Time for Public Comments ends in 2 days

Posted on January 29, 2019 by 98410spice

The extended time for public comments to be submitted for the proposed changes in the Intermediary Guidelines is ending on 31st January 2019.

Naavi has already added his views in the comments submitted by the Foundation of Data Protection Professionals in India, a copy of which is found here…. Comments of FDPPI

Mr Rajeev Chandrashekar, MP has also published the comments submitted by him, a copy of which is available here….Comments of Mr Rajeev Chandrashekar

Mr Chandrashekar, who was also a member of the standing committee which went into an in depth discussion on “Intermediary Liabilities” which ended up with the amendments of 2008, has recalled the observations made by the Standing Committee in his comments.

A copy of the standing committee report is available here… Standing Committee Report of 2006-2008

Essence of Mr Chandrashekar’s Comments

Mr Rajeev Chandrashekar has basically suggested that there is a need to regulate the intermediaries and make them liable for misuse. He has however pointed out that there are different categories of intermediaries and one size fits all kind of approach should be avoided. He has basically identified 5 types of intermediaries namely the ISPs, Data Processing and web hosting companies, Search engines, E Commerce  and social media companies.

Mr Chandrashekar has expressed a strong opinion that technology companies must proactively prevent misuse of their platforms.

An important point that Mr Chandrashekar has made is that today intermediaries are not “mere conduits”. Profiling of users by a study of the information passed through is the order of the day. Hence there is no logic in these intermediaries putting up an excuse that such a requirement would either be infeasible or a burden on them.

Naavi agrees with this view and has strongly advocated for a long time that “Intermediaries” cannot simply make money by purveying information that is used for committing crimes. In the recent days the political parties have taken the fake news to a different level. The trust of the internet as a media has been destroyed by the fake news factories. Hence regulating the social media has become inevitable and the ready instrument available is the social media.

The Intermediary guidelines will soon end up with the Supreme Court and it will do its bit to confuse the matters.  Unfortunately, the Courts in India at the Supreme Court level have repeatedly failed to raise above the politics and in recent days yielded to the pressures created by the politician lawyers and the anti-Government PIL lawyers to the extent that the credibility of the institution as a neutral judicial authority has turned shaky.

The Court is unlikely to look at the good intention behind the proposal and  will be amenable to be influenced by the advocate’s aura and political ideologies. The Court will be happy to stamp its authority by rejecting what the Government proposes even if it is on flimsy technical grounds without looking at the larger consequences and this will be fodder for the opposition political parties during the election time.

Hence the Government has to be careful in drafting the guidelines.

Naavi

 

Posted in Cyber Law | Leave a comment