The Delhi High Court has directed the State Bank of India (SBI) to compensate a customer, Hare Ram Singh, who lost Rs 2.6 lakh due to a phishing attack. The court identified SBI’s negligence in handling Singh’s complaint and its failure to prevent the fraudulent transactions, emphasizing the bank’s duty of care in such situations.
Singh, a victim of cyber fraud, promptly notified SBI’s customer care and branch manager. However, the bank did not provide timely assistance. Months later, SBI rejected Singh’s claim, citing the use of OTPs and Singh’s clicking on a malicious link as reasons for the unauthorised transactions.
Justice Dharmesh Sharma noted the bank’s “glaring service deficiency” in responding to the complaint. The court emphasized that SBI‘s failure to act swiftly and block the suspicious transactions amounted to a breach of its duty of care. The court stated, “It has to be presumed that it is on account of the failure on the part of the bank to put in place a system which prevents such withdrawals, that the petitioner suffered monetary losses.”
The court also highlighted SBI’s non-compliance with the Reserve Bank of India’s (RBI) guidelines on digital payment security. It ruled that the transactions fell under the “zero liability” category, making SBI liable for the loss.
Consequently, the court ordered SBI to reimburse Singh the lost amount with interest and pay a token compensation of Rs 25,000.
Also read: Rajasthan Acts to Protect Bikaner House
This judgment underscores the importance of banks taking proactive measures to protect their customers from cyberattacks. It also serves as a reminder that banks have a responsibility to act swiftly and efficiently in responding to such incidents.