The Supreme Court upheld the SBI’s liability to refund ₹94,204.80 to a customer for a fraudulent transaction. Emphasizing vigilance, the Court directed banks to utilize advanced technology to prevent fraud and reminded customers not to share sensitive details.
On January 6, 2025, the Supreme Court upheld the State Bank of India's (SBI) liability to refund the amount involved in fraudulent and unauthorized transactions reported by a customer. The Court emphasized the responsibility of banks to safeguard customers' accounts using advanced technology and reiterated the need for account holders to exercise caution while handling sensitive information like OTP and M-PIN.
Case Overview
Background
- A fraudulent transaction totaling ₹94,204.80 was reported from the Respondent-Customer’s account after he received a call from a fraudster posing as customer care.
- The fraudster tricked the Respondent into downloading a mobile app, leading to unauthorized transactions.
- SBI denied liability, arguing that the customer had shared sensitive information, which made the transactions authorized.
- The Respondent claimed no such information was shared and attributed the fraud to a data breach on the retailer’s website.
Lower Courts’ Decisions
- The Single Bench held SBI liable, a decision upheld by the Division Bench of the Gauhati High Court.
- Referring to Clauses 8 and 9 of the Reserve Bank of India’s Circular dated July 6, 2017, the High Court noted that the customer held "zero liability" since the unauthorized transaction was promptly reported.
Supreme Court Appeal
SBI filed a Special Leave Petition (SLP) before the Supreme Court challenging the High Court’s decision.
Supreme Court’s Observations
Banks’ Responsibility
- The Court stressed that banks must remain vigilant and utilize the best technology to prevent fraudulent activities.
- “The Bank has the best of the technology available today to detect and prevent such unauthorized and fraudulent transactions.”
- It cited RBI guidelines that impose zero liability on customers if the fraud arises from a third-party data breach and is promptly reported.
Customer’s Role in Fraud Prevention
- The Court acknowledged that customers must also act responsibly by not sharing sensitive data.
- “We expect customers to remain vigilant and ensure that OTPs are not shared with third parties.”
Rejection of SBI’s Defense
- The Court dismissed SBI’s argument that the bank was not liable, noting that the customer reported the transaction within 24 hours.
- “We also take notice of the fact that within 24 hours of the fraudulent transaction, the customer brought it to the notice of the Bank.”
Key Legal Principles
- The Court upheld that a well-reasoned judgment from the High Court did not warrant interference.
- It reiterated that negligence by banks in preventing fraud cannot shift liability to customers in cases of third-party breaches.
Significance of RBI Circular (July 6, 2017)
Clauses 8 and 9
- Establish zero liability for customers if unauthorized transactions result from third-party breaches and are promptly reported.
- Mandate banks to compensate victims of fraud while ensuring robust cybersecurity measures.