Allahabad High Court: In a writ petition seeking directions to the Bank of Baroda (‘the Bank’) and Reserve Bank of India (‘RBI’) to restore the illicitly embezzled fund of Rs.38,78,000 inclusive of penal interest at the rate of 24 per cent, the Division Bench of Shekhar B. Saraf* and Praveen Kumar Giri, JJ., rejected the petition, holding that there appeared to be gross negligence by the petitioners and the case of a third-party hacking into their accounts was not conclusively proved.
Background
The petitioners, proprietors of their business of transformer fabrication, opened two accounts with the Bank.
In 2022, petitioner 1 transferred Rs 37.85 Lakhs into the account of petitioner 2, and thereafter, the said amount was transferred to an unknown account. Aggrieved, petitioner 2 lodged an FIR, and petitioner 1 filed a complaint with the Bank regarding the said embezzlement.
Aggrieved by the inaction of respondents, the petitioners filed the present writ petition.
Analysis and Decision
After perusal of the Debit/Credit details as well as IP Address details, the Court stated that evidently, the petitioners were not the victims of cyber fraud as the alleged transaction was done diligently by the petitioners themselves, after logging into the internet banking account and transferring the amount in two parts within the span of 5 minutes. The Court noted that the petitioners also generated the one-time password and changed the password. The amount that was allegedly transferred unauthorizedly was originally transferred to the accounts that were added as beneficiaries by petitioner 2.
The Court further noted that, admittedly, the petitioners received a text regarding the withdrawal of money in two denominations, but abstained from reporting the issue immediately. They filed the complaint on the cybercrime portal on the next day and lodged an FIR the day after. The delay in reporting the issue to the Bank and lodging the FIR depicted that it was an afterthought and a concocted story.
Upon perusal of the RBI Circular (‘the Circular’) dated 06-06-2017 titled “Customer Protection-Limiting Liability of Customers in Unauthorised Electronic Banking Transactions”, the Court noted that the burden of proving the customer’s liability in case of unauthorized electronic banking lay upon the bank. The petitioners contended application of Clause 6(ii) of the Circular which stated that a customer’s entitlement to zero liability shall arise where the unauthorised transaction occurs in a case where the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system, and the customer notifies the bank within three working days of receiving the communication from the bank regarding the unauthorised transaction. However, the Court stated that the record showed that the transaction was deliberate and was done by the petitioners themselves.
The Court noted that the Bank placed the passbook, documents showing beneficiary addition by petitioner 2, IP Address details of petitioner 2, time and debit transfer details from the internet bank account of petitioner 2, and a document showing password modification by petitioner 2, to discharge its burden. From the perusal of the aforesaid record, the Court stated that it could be discerned that there was no embezzlement of funds, as every transaction was within the knowledge of the petitioners. Therefore, the defence taken by the petitioners was not fathomable in the eyes of the law.
Thereafter, the Court stated that the Circular also did not provide shelter to the petitioners for garbing personal transactions as cyber fraud. The Court added that the Circular was to cover aspects of customer protection, including the mechanism of creating customer awareness on the risks and responsibilities, and customer liability arising in specific scenarios of unauthorized electronic transactions. The purpose of the Circular is to act as a shield for customers from fraudulent transactions and not as a sword in the garb of personal transactions.
Accordingly, the Court held that neither the RBI circular nor the judgments cited by the petitioners applied to the present case. The Court further held that there appeared to be gross negligence by the petitioners, and the case of a third-party hacking into their accounts was not conclusively proved.
Hence, the petition was dismissed.
[Suresh Chandra Singh Negi v. Bank of Baroda, Writ(C) No. 24192 of 2022, decided on 17-07-2025]
*Judgment authored by: Justice Shekhar B. Saraf
Advocates who appeared in this case :
For the petitioner: Aniket Gupta and Prem Chandra
For the respondent: Namit Srivastava
