Introduction:

The Supreme Court of India, in State Bank of India v. Pallabh Bhowmick & Ors., recently upheld the liability of the State Bank of India (SBI) for fraudulent and unauthorized transactions conducted on the account of a customer, Pallabh Bhowmick. The case originated from a fraudulent transaction wherein the respondent-customer, after attempting to return an online purchase, fell prey to cyber fraud resulting in a loss of ₹94,204.80. The fraud involved a call from a scammer impersonating the retailer’s customer care service, prompting the respondent to download a mobile app, which allowed unauthorized access to his bank account. Despite the petitioner bank’s defense of customer negligence, the Court held SBI responsible, citing provisions from the Reserve Bank of India (RBI) Circular dated July 6, 2017, which ensure “zero liability” for customers who promptly report unauthorized transactions stemming from third-party breaches.

Arguments of Both Sides:

The petitioner, SBI, argued that the transactions were authorized due to the respondent’s alleged sharing of sensitive credentials, such as OTPs and M-PINs. SBI contended that it owed no liability, as the respondent-customer was negligent in securing his banking details. Emphasizing customer responsibility, the bank maintained that vigilance in safeguarding personal banking information was essential in preventing such fraud. On the contrary, the respondent denied sharing any confidential information, asserting that the fraud occurred due to a data breach on the retailer’s website—a matter beyond his control. He also argued that he had promptly reported the fraudulent transaction to the bank, fulfilling his duty under the RBI guidelines. Relying on Clauses 8 and 9 of the RBI’s Circular, the respondent claimed that he was entitled to “zero liability” as the fraud stemmed from a third-party breach, and not from any negligence on his part. The High Court concurred with this view, highlighting the bank’s duty to utilize modern technology to safeguard against such fraud.

Court’s Judgment:

The Supreme Court upheld the Gauhati High Court’s ruling, holding the bank liable for the unauthorized transactions. The Court emphasized that all transactions conducted from the respondent’s account were fraudulent and unauthorized. It underscored the need for banks to remain vigilant and employ state-of-the-art technology to detect and prevent such transactions. Referring to Clauses 8 and 9 of the RBI Circular, the Court reiterated that customers reporting unauthorized transactions due to third-party breaches within the stipulated time are entitled to “zero liability.” The Court observed that the respondent had promptly informed the bank within 24 hours of the fraudulent transaction, thereby fulfilling his obligation. Consequently, it rejected SBI’s claim of no liability, stating that the bank’s arguments were untenable. However, the Court also emphasized the need for account holders to exercise caution by not sharing OTPs or other sensitive information with third parties. It cautioned that customer negligence in some circumstances could lead to shared responsibility for the fraud. Ultimately, the petition filed by SBI was dismissed, with the Court reaffirming the High Court’s directive to reimburse the defrauded amount to the respondent.

Conclusion:

The Supreme Court’s ruling in this case highlights the dual responsibility of banks and customers in safeguarding financial transactions. While banks are obligated to employ advanced technology to prevent unauthorized activities, customers must remain vigilant and protect sensitive information. This landmark judgment reinforces consumer rights, particularly under the RBI guidelines on customer liability, ensuring accountability for unauthorized transactions stemming from third-party breaches. The case serves as a precedent for banks to enhance their fraud detection systems and for customers to be cautious in their financial dealings, fostering a safer digital banking environment.