Internet
banking frauds are common place
particularly in India. I often
receive requests for guidance on
this matter from victims from
different parts of India not
knowing what to do.
I am therefore placing these
brief instructions for public
information. What is stated here
is my considered opinion (not to
be construed as legal advice) as
an Ex-Banker and a person
involved in such litigations and
is based on the guidelines
contained in various RBI
guidelines and Information
technology act 2000.
Most of the time the Fraud comes
to light when the customer
observes one fine day that the
balance in the account appears
to be lower than what it should
be. When he checks, he will be
find that there were a a series
of transactions reducing the
balance to near zero. Most of
the time customer would not have
received even the SMS alerts and
even if received it it would be
after the money is gone.
Of late ATM frauds are also
common. Here customer will have
the ATM card safely with him but
money would be drawn through the
ATM and debited to your account.
In all these incidences, when
the customer approaches the
bank, the standard reply is “Our
system is safe. If money has
been withdrawn from the account
through Internet, you must have
given away your password to some
body. If money has been
withdrawn through ATM, some body
might have taken your card
withdrawn the amount and put the
card back in your purse. It may
be your son or your wife. Bank
is not liable. Go and file a
complaint with the Police.”
Sometimes the amount lost would
be small. But there are cases of
losses upto 1.65 cores that has
come to my attention. It is
estimated that approximately
around Rs 6500/- crores is lost
in such frauds in India each
year.
In most of the transactions, the
fraudster would have created new
beneficiaries in the Internet
account and transferred the
amount to them. In one of the
instances in HDFC Bank recently
the fraudster used it to create
virtual payment cards and
encashed them. In one to the
ICICI bank cases the amount was
used to pay credit card
outstandings which were used to
buy Gold. There have been
instances where the SIM card of
the customer has been disabled
and a fresh SIM card obtained by
the fraudulent person to which
the alerts and One Time
Passwords are directed.
In most of the cases, the
beneficiaries will be in the
same Bank but in different
branches. Occasionally it will
involve other banks also.
Victims of such frauds are
normally so shocked that they
donot know what to do. When they
approach the bank, Banks
normally will tell them that
they would do internal
investigations and let them
know. They will always ask one
question. “Have you received any
e-mail asking you to update your
passwords?”. These are called
“Phishing Mails”. In many cases
there would be such mails to
which the victim would have
responded in ignorance. Some
times the mails would have been
received but it would not have
been responded. In some cases no
such mails would have been
received.
In all the above cases it is
necessary for the Victims to
remember that the liability to
pay back the amount lies with
the concerned Bank where the
account is maintained. It is for
the Bank to file a complaint
with the Police and pursue the
case to recover it from other
beneficiaries. It is not
necessary for the victims to
take the trouble of pursuing the
Police complaint against the
beneficiaries though filing a
complaint against them is a duty
of a Citizen.
There is however no legal
compulsion for the victim to
file a complaint with the
Police. On the other hand there
is an RBI mandate on the banks
to file an FIR.
However in practice all Banks
try to bully the victims to tell
him that Bank is not responsible
and customer should file a
complaint with the Police.
If any Bank refuses to file a
complaint and refuses to return
the money immediately, the
customer should file a complaint
with the Police primarily
against the Bank. Police should
register the complaint and then
investigate it further. Where
the Police refuse the register
the FIR against the Bank,
complaint can be made to the DGP
of the State and if this fails,
a direction from a Court can be
sought for an FIR to be
registered by the Police against
the Bank and for investigations
to be made at the Bank.
After registering the FIR, the
customers may approach the
Adjudicator of the State with a
suitable complaint under ITA
2008. Where the amount is small,
a complaint can be made to the
Banking Ombudsman also.
The undersigned normally advises
for an attempt for settlement
with the Bank through mediation.
If this fails there is no option
but to pursue adjudication.
Bank Customers may note that RBI
has time and again advised Banks
that all such frauds in the
Internet banking must be settled
by the Bank immediately and the
liability must be borne by the
Bank as against the victim. The
same applies for ATM frauds as
well. Banks have been advised to
obtain insurance cover at their
costs to recover their losses.
Because the customers are
ignorant of the RBI guidelines
many Banks take advantage and
refuse to repay the money hoping
that the customer will not have
the resources to pursue the
litigation. Some Ombudsmen may
also be unaware of the exact
nature of the issue and refuse
to settle the dispute through
mediation. Hence litigation may
be forced on the customer.
Please note that if you are
successful in your litigation,
you would be able to recover not
only the amount lost but also
interest there on and the
expenditure incurred. However
you need to spend some money and
also be prepared to wait for
litigation process to be
completed.
Banks take advantage of the fact
that the Customer’s resources
are low and he is suffering a
loss in the first place where as
the Bank has a huge resource
with itself and a battery of
lawyers to fight it out.
It will take some time for the
judicial precedences to take
root and Banks start settling
the claims without litigation.
Perhaps at least one case will
go upto the Supreme Court and
establish a precedent. Until
such time there will be a need
for every complaint to go
through the trial at the
Adjudicator’s office and also go
through the appeal at the Cyber
Appellate Tribunal and the State
High Court.
The Adjudication system has been
active in Chennai for the State
of Tamil nadu, in Bangalore for
the State of karnataka. There
are also a few cases settled in
Maharashtra and Gujarat. Other
Adjudicators will also soon
start handling such cases.
The “Adjudicator” for each State
is the IT Secretary of the State
and not the normal Civil Court.
Adjudicators are expected to
settle the cases within 4 months
and the process is simpler than
a normal court. Most of the time
the customer may be able to
handle the complaint on his own.
If necessary guidance can be
sought from legal professionals
who are conversant with Cyber
laws. The undersigned also
provides guidance and assistance
to the victims or other legal
professionals to pursue such
cases.
The undersigned believes that
“Safe E Banking” is the need of
customers in India and Banks are
not taking adequate steps to
keep E Banking safe. RBI has
given necessary guidelines but
Banks keep ignoring them. RBI is
reluctant to punish the errant
Banks and hence there is no fear
of RBI reprisal for the Banks.
Bank customers are therefore at
the mercy of the greedy Banks
who are pushing technology
without security at the expense
of the Customers.
This general guideline is
presented for immediate
information of the public. More
details are available in the
website www.naavi.org as well as
the E Book of Naavi on Cyber
Crimes.
The undersigned calls upon all
the members of the Public
interested in creating a safe E
banking environment to come
together in a common platform
for ensuring that the collective
strength of the E banking
customers can be channelized
towards building a better and
safer banking system in India.