DCRDC Holds SBI Liable For Failing To Prevent Unauthorized Transactions From FD Account

DCRDC Holds SBI Liable For Failing To Prevent Unauthorized Transactions From FD Account

Orders it to compensate the customer    

The Bangalore Urban, Karnataka, bench of the Additional District Consumer Disputes Redressal Commission (DCDRC)-III has held the State Bank of India (SBI) liable for deficiency in services for failing to safeguard a customer’s fixed deposit (FD) account, resulting in Rs.25,000 unauthorized transactions.

The complainant received a message, prompting him to update his PAN Card. He provided the OTP under the impression that it came from the head office of the SBI, Hyderabad.

The same day, between 6 pm-7 pm, he discovered three transactions totaling Rs.64,000 (Rs.25,000, Rs.20,000 and Rs.19,000) from his Savings Bank’s FD account.

Due to bank holidays, he was able to approach the bank after a few days, submitting a copy of the complaint lodged with the cybercrime branch of police.

Despite multiple visits to the bank for over six months, he did not receive a satisfactory response. Aggrieved by the result, the complainant approached the DCDRC.

The bank contended that the complainant was provided with the YONO app service (a customer-friendly platform that allows logins with existing INB credentials via the web portal). The app facilitates YONO cash withdrawals through ATMs upon OTP receipt and subsequent authentication with a unique reference number and temporary PIN.

The SBI contended that the transaction limits were Rs.40,000 daily and Rs.20,000 per transaction. Since the complainant shared the login credentials and OTP, the bank had no responsibility for service deficiency.

However, the Coram of Shivarama K (President) and Rekha Sayannavar (Member) reviewed the photo prints showing CCTV footage taken by the cyber-crime police. They observed that the culprits behind the fraudulent transactions were identified and investigations to trace them, were ongoing.

The judges noted that the complainant took prompt measures by blocking his ATM card and bank account and registered complaints with the Customer Care department and the cybercrime police.

The DCRDC stated that there was negligence on the part of the bank in safeguarding the complainant's FD account.

It cited the Reserve Bank of India (RBI) guidelines (DBR No. Leg.BC.78/09.07.005/2071-18 dated 06.07.2017), specifically 7(i), which stipulates that in case of customer negligence such as sharing payment credentials, the customer bears the initial loss until reporting it to the bank. The subsequent losses were the bank’s responsibility if they occurred after reporting.

The Commission ruled that the complainant did not share his credentials but Rs.25,000 were siphoned off from his FD account. So, while the bank was not liable for the losses from the SB account, it was responsible for transactions from his FD account.

The DCRDC thus ordered the bank to pay the complainant Rs.25,000 for the FD account loss, with 9 percent interest per annum. The bank was also directed to pay a compensation of Rs.10,000 for the mental agony and Rs.10,000 as litigation costs to the complainant.