LIVE Online Course on NDPS by Riva Pocha and Adv. Taraq Sayed. Starting from 24th May. Register Now!!
LAW Courses

Share on Facebook

Share on Twitter

Share on LinkedIn

Share on Email

Share More

Hormuz Maloo (na)     28 December 2012

Internet fraud

Can somebody please tell me what the law states regarding a bank's liability in case funds are fraudulently transferred out of a bank account via the internet.

Doesl the bank or any other government authority indemnify the account holder or will the account holder have to bear the loss.

Thanks and regards,


 7 Replies

Kumar Doab (FIN)     28 December 2012

There are rules, guidelines, and laws to fix the responsibility on banks and there are decisions by courts of law, lawful authorities.

Another interesting thread on the same subject is continuing at the following link:


Discussion > Civil Law > Consumer Protection > Fradulent transaction from my bank account

You may go thru it.

Attached herewith are many of the informative threads and articles and court judgments in cases similar to you.

You may go thru the attachments. The courts and banking Ombudsman in case of bank of India have delivered judgments/decisions and have provided relief to customers.

The banks like ICICI bank have remained defiant while BOI agreed to compensate the customer.

Morale of the story is stay away from these banks, withdraw cash from salary a/c and deposit in other bank. Do not opt of net banking and if at all you require opt for viewing only e.g. in case of PNB, obtain certified copy of document that you sign and submit to the bank.

The excerpts from some of them are:

“Violation of RBI guidelines is negligence under Sec 85 of ITA 2008.  Hence Bank and its CEO are liable for both civil and criminal aspects of ITA 2008.

Adjudicator of your state (IT Secretary) under Information Technology Act and include the Bank, its branches, and unknown employees as respondents. You should also add the Chairman of the Bank as a respondent under Section 85.

Log on to

for lots of information e.g.

Liability on Banks for Phishing

Judgment of the Adjudicating Officer under IT Act 2000

1.S.Umashankar vs ICICI Bank
 2.K.J Jeevaka Arasu vs ICICI Bank
3.D. Nandagopal vs ICICI Bank 
4. Thomas Raju vs ICICI Bank


Nikhil Futan Vs HDFC “The Mumbai District Consumer Dispute Redressal Forum directed HDFC Bank on March 26 to pay Santacruz resident Nikhil Futan the money he had lost with 8 per cent interest, his legal expenses as well as Rs 25,000 for the “mental agony“ it had caused.”


“Cyber Law Hacking”

“Cyber Law In India”

Are enclosed.


Forward your comaplint to MD and CEO of the bank and make him a party.

However let a competent and experienced cyber crime lawyer or a lawyer specializing in consumer cases structure and draft your representations.

Attached File : 600037044 phishing attacks in banks judgemenst and downloaded: 214 times
1 Like

Prasun Chandra Das (Banker)     28 December 2012

I have not read the judgements and believe that in case deficiency in service is proved, banks are liable to compensate customers for the loss incurred. However, what I object to is Kumar Doab's advice to not use internet banking. Internet banking is safer than before, since now fund transfers etc have to be authenticated by passwords as well as PIN sent to customer's registered mobile no./email id. The fraudster has to know user id, login password, transaction password, and has to have the customer's mobile hand to carry out a fraud. This is 1 in a million case.


Frauds cannot be ruled out even with the best of technology. Frauds can happen in cheques, ATMs, internet banking, mobile banking. But it is not correct to not use these technologies. Of course all precautions are to be taken by the customer. 

Hormuz Maloo (na)     28 December 2012

Mr P. C. Das,

"in case deficiency in service is proved" is a statement that puts all the liability on the customer. How is an account holder supposed to prove deficiency of service? Will the bank give him full access to their servers and logs to enable him to prove the same? Even if given full access, which customer will have the knowledge and resources to do a full investigation of this sort? It is precisely such false guarantees that I am afraid of. 

Yes, the pin sent to customer's mobile number is an added secuity feature. But probably, all this means is that an employee of the bank and an employee of the mobile company have to be in cahoots to carry out the crime. Besides, banks insist that the transaction passwords be changed at regular intervals. This makes the passwords impossible to remember. Most people will have their passwords written somewhere or the other - which is another security lapse that is forced on the customer due to faulty requirements. 

All in all, I tend to agree with Mr Doab's views.  It does seem to me that the account holder is bearing all the risk in these transactions. It is surprising that the RBI has not issued guidelines insisting that the banks reimburse their customers. The banks can insure themselves for such losses. 

Nadeem Qureshi (Advocate/     30 December 2012

Dear querist

in this regard you should contact or search RBI Guidlines

Kumar Doab (FIN)     14 January 2013


This is an interesting discussion.

By now the members who have visited this thread must have gone thru the articles/judgments/opinions/publications attached in this thread and would have made up their mind on how to proceed in similar situations.

Heartfelt thanks are offered to all members and contributors who have taken the discussion further.

The following is heartfelt opinion only. The citizens must unite and adopt strategies to minimize the risk and loss, maximize the convenience and benefit.

It is felt that citizens/customers need to unite and build big bargaining power to deal with corporate entities on today’s world. The business organizations understand the business language only and isolated and lone individuals are harassed with impunity.

We have amongst our Mohalla/community/society/club/welfare society/association.. etc….united members and we ensure that any bank which has to set shop in our locality has to provide services to our level of expectation and serve us. All communications are issued in writing and banks have to issue acknowledgment on the spot. All members are advised to avail internet option for viewing only and mention it in the form and obtain certified copy. BM has to write on each acknowledgment of each and any document under his original seal and signature by hand with date that ”Received in original and accepted”.

Our united community has amongst it elders, aged, female, housewives, students,……. from all class and strata of life and all are being protected and defended. At times we have gone to the extent of announcing to the bank/bankers that we shall lift the money from bank equal to the amount of loss caused to the customer and whole of the event shall be video graphed and then bank may go to police or court to recover. This resolves the situation 100% of the times. The regional/circle head/HO of the bank is appraised and if BM does not resolve he has to look for posting somewhere else.

Any bank/banker which has objections can take his shop elsewhere or bring customers from their village/native.

Banks were created and nationalized in Independent India to free the citizens from the clutches of Sahukaar{Moneylender} and Lathait {Muscleman}.

At least we are determined that we shall not allow any bank to pose/operate/behave like Sahukaar{Moneylender} and Lathait {Muscleman} with our community.

The onus of phishing fraud is on the bank.

Despite the protest of Prasun Chandra Das we shall continue to spread awareness on rights of the customer and propagate and disperse on how to get best possible services from banks without landing into slightest of the inconvenience/problem/difficulty/loss of time or funds/and litigation.

A senior banker in HDFC mentioned that his bank earnings are contributed from internet operations, and that bank earn from internet hits.

This is but obvious that banks, promote, advertise, and push internet related services.

In case of one customer the BM of HDFC bank virtually cried that he is not able to authorize new a/c as the customer was refusing for phone banking/net banking, in a/c opening form and mentioned that if he allows this new a/c he hall be questioned.

“it is heartening to note that Bank of India has set a precedence by accepting liability for Phishing in one the cases filed in Bangalore and repaying the amount along with interest to the customer who was a victim of a Phishing fraud.”

While banks like ICICI bank Ltd, HDFC Banks have been putting the customers to inconvenience despite having penalized and punished in similar cases.

It is any body’s guess to what proportions these banks contribute to the burden of litigation on citizens of our country.

Would it be wrong to term them a habitual Offender and next time they push a customer to bear the burden of litigation, to demand exemplary punishment, from Courts of Law.

After all courts are “Parens patriae”.

“Courts are parent to the nation”.

If one ward of the parent does not reform despite warnings/penalties/punishments parent does and should throw such ward out. It is lawful. Police is also given power for TADIPAAR.

The nation knows George Fernandes ordered American multinationals IBM and Coca Cola to leave the country, due to investment violations. He was a defence minister in the National Democratic Alliance (NDA) Government (1998–2004), when the Kargil War broke out between India and Pakistan, and India conducted its nuclear tests at Pokhran.

At time you yearn for such leaders with such nerves and guts.


It is well established that if employee is asked to execute an illegal/unlawful order employee has to stand up and refuse his employer. If a banker/BM is more than willing to execute unlawful/wrong/discriminatory decision that shall adversely affect the consumer/customer/citizen it won’t be out of place to demand exemplary punishment to the BM/banker as well. Such bold stand of the litigant and bold decisions by the courts of law shall act as deterrent and shall provide reprieve and relief to citizens.


Rajinder Singh Bhalla (Proprietor)     22 January 2013

Mr. Kumar Doab

You are very much right that people should avoid internet banking to the extent possible. I avoided internet banking for first years. But then paying bills on line was a good facility.

I would like to seek your guidance - about the safety aspect of the transactions in view of passwords being sent on mobile numbers. Is it possible to get the passwords sent on others mobile and then stop the password from reaching the original account holder.

These days I do not limited internet banking for payment of bills etc with limited amount taking calculated risk. But I would appreciate if I can take some more precaution.

The idea of customers uniting is very good. I tried to do the same in our society as well but did not succeed. People are very suspicious these days. Every business including govt sector banks adopt unfair business practices.

Kumar Doab (FIN)     22 January 2013

In case of connivance it can be possible.

Would any bank write on its walls in all branches that it is fully equipped to thwart scams, frauds, and it shall display a list of all employees who have been punished by it till date pan India? Leave apart in branches it won’t display on its web site.

Kindly continue to follow your style of calculated risk.

Even if you choose to change your mobile phone number you may do so by letter and obtain acknowledgment under original seal and signature with date.

If you avail internet banking obtain certified copy of the form, printed version of terms and condition for compliance and change the passwords frequently.

You may find the attachment “Precaution to be taken by Bank for internet banking“ and others already attached in this thread useful.

The valuable advice of learned experts/members on inputs on precautions to be taken is sought.

Leave a reply

Your are not logged in . Please login to post replies

Click here to Login / Register  

Recent Topics

View More

Related Threads

Start a New Discussion Unreplied Threads

Popular Discussion

view more »

Post a Suggestion for LCI Team
Post a Legal Query