Mumbai: The Bombay high court, invoking a 2017 circular of the Reserve Bank of India (RBI), has directed HDFC Bank to remit Rs 38 lakh to a customer’s account, which he lost in a cyber fraud in 2021 for no fault of his.The whole purpose of a July 6, 2017, RBI circular is to provide a buffer to a customer who is diligent and is not responsible for negligence or contributes to the fraud by sharing OTP, said Justices Bharati Dangre and Manjusha Deshpande in an April 6 ruling.The petitioner, Pune consultant Subodh Korde, said he sought a new SIM card once due to issues. The service provider said there were four SIM changes within two days, and the HC said it was a case of ‘SIM swapping’ — a form of sophisticated identity theft — and the bank’s OTPs must have gone to the cloned SIM.The HC did not find Korde to be careless as he informed the bank on noticing the debits, and held that HDFC Bank failed to establish any negligence of the customer. Korde was a victim of cyber fraud, the HC said.“Surprisingly,” the bank never took any serious steps and its stand was of having discharged its obligation by sending OTPs. The HC said the customer is entitled to the ‘zero liability’ benefit. Despite clear directions from the RBI, HDFC Bank denied him the benefit, the HC held and directed remittance to his account within eight weeks with interest.Korde had filed a writ petition in the HC. On July 14, 2021, within 41 minutes, Rs 38 lakh was illegally withdrawn via online transactions from two of his HDFC Bank accounts in Pune, he said. Senior counsel Sharan Jagtiani, arguing his case, submitted that sans any OTP received from the bank, three new unknown beneficiaries were added to his account and his permissible banking limit was enhanced from Rs 4 lakh to Rs 40 lakh. The bank had manually approved the addition of the beneficiaries, the petition said.HDFC Bank, represented by senior counsel Prateek Seksaria and advocate Ishwar Nankani, raised a preliminary objection to the petition’s maintainability against the bank, which is a private entity. The HC said the bank, a scheduled bank, was under RBI control and its guidelines were meant to protect customers from frauds, showcasing a public element.The Banking Ombudsman, whom the customer first approached, found no deficiency of service by HDFC Bank. But the HC said the RBI circular significantly casts the burden of proving the customer’s liability in illegal e-transactions on the bank.HDFC Bank also said an account holder is strictly governed by terms of contract and HC cannot compel authorities to remedy an alleged breach of contract on a disputed question of facts.The HC said: “A public authority is not necessarily an authority established under the statute, but if it is the authority which performs duties and carries out transactions for the benefit of public, it would fall within the purview of ‘public authority. There is no general definition of a ‘public authority’ or ‘public action’ and facts of each case would decide whether the authority is a public authority.”
