IN THE HIGH COURT OF KERALA AT ERNAKULAM

PRESENT

THE HONOURABLE MR. JUSTICE A.MUHAMED MUSTAQUE

FRIDAY, THE 11TH DAY OF OCTOBER 2019 / 19TH ASWINA, 1941

WP(C).No.28823 OF 2017(C)

PETITIONER/S:

1 TONY ENTERPRISES
A SOLE PROPRIETORSHIP HAVING REGISTERED
NUMBER:32ADCPD4497P1Z9, AND ADDRESS AT 37/2154A,
DAVIES TOWER, KATHRIKADAVU JUNCTION, K.K.ROAD,
ERNAKULAM, COCHIN-682017,REPRESENTED BY ITS
PROPRIETOR, SRI.TONY DAVIES, AGED 56 YEARS,
S/O.E.A.DAVIES, RESIDING AT EDATHURUTHIKKARAN
HOUSE, ORIENT PARK, POPULAR ROAD, VADUTHALA,
ERNAKULAM-682023.

2 TONY LITES
A PARTNERSHIP FIRM REGISTERED UNDER THE PARTNERSHIP
ACT,1932, BEARING NO:32AAHFT4801H1ZG, WITH ADDRESS
AT 31/2154A, DAVIES TOWER, KATHRIKADAVU
JUNCTION,K.K.ROAD, ERNAKULAM, COCHIN-682017,
REPRESENTED BY ITS AUTHORIZED PARTNER,SRI. SANJAY
DAVIS TONY.

BY ADVS.
SRI.S.SREEKUMAR (SR.)
SRI.R.GITHESH
SRI.P.MARTIN JOSE
SRI.MANJUNATH MENON
SRI.P.PRIJITH
SRI.THOMAS P.KURUVILLA

RESPONDENT/S:

1 RESERVE BANK OF INDIA

BAKERY JUNCTION SERVICE ROAD, NANDAVANAM,
VAZHUTHACAUD, THIRUVANANTHAPURAM,KERALA-695033,
REPRESENTED BY ITS REGIONAL DIRECTOR.

2 THE ORIENTAL BANK OF COMMERCE

NATIONALIZED BANK, PLOT NO.5, INSTITUTIONAL AREA,
SECTOR-32,GURGAON-122001, REPRESENTED BY ITS
GENERAL MANAGER.

3 THE ORIENTAL BANK OF COMMERCE

NATIONALIZED BANK, CHITTOOR RD,IYYATTIL JUNCTION,
NEAR HOTEL KAVITHA INTERNATIONAL,KARIKKAMURI,
 SHENOYS, ERNAKULAM, KERALA-682011,REPRESENTED BY
ITS BRANCH MANAGER.

4 ADDL.R4.M/S.VODAFONE IDEA LIMITED,

V.J.TOWER, VYTILLA P.O., ERNAKULAM - 682 019,
REPRESENTED BY ITS GENERAL MANAGER, TELECOM.

5 ADDL.R5.M/S.VODAFONE IDEA LIMITED,

CASINO COMPLEX, KOKKALAI, THRISSUR - 680 021,
REPRESENTED BY ITS GENERAL MANAGER, TELECOM.

6 ADDL.R6.UNION OF INDIA,
DEPARTMENT OF TELECOMMUNICATIONS (MINSTRY OF
COMMUNCIATIONS), SANCHAR BHAVAN, 20 ASHOKA ROAD,
NEW DELHI, INDIA - 110 001, REPRESENTED BY
SECRETARY, TELECOMMUNICATIONS.

7 ADDL.R7.TELECOM REGULATORY AUTHORITY OF INDIA,

MAHANAGAR DOORSNCHAR BHAWAN (NEXT TO ZAKIR HUSSAIN
COLLEGE), JAWAHARLAL NEHRU ROAD (OLD MINTO ROAD),
NEW DELHI - 110 002, REPRESENTED BY ITS CHAIRMAN. -
ARE IMPLEADED AS ADDL.R4 TO R7 AS PER ORDER DATED
06/03/2019 IN I.A.NO.1/2019 AND I.A.NO.2/2019 IN
WP(C)NO.28823/2017.

R1-2 BY SRI.SAJI P.JOSEPH, SC, ORIENTAL BANK OF

COMMERCE
R4-5 BY ADV. SRI.P.SATHISAN

ADV. SHRI.P.VIJAYAKUMAR, ASG OF INDIA

SRI.MATHEWS K.PHILIP,SC, BSNL

THIS WRIT PETITION (CIVIL) HAVING BEEN FINALLY HEARD ON 01-

07-2019, ALONG WITH WP(C).28824/2017(C), THE COURT ON 11-10-2019
DELIVERED THE FOLLOWING:
 IN THE HIGH COURT OF KERALA AT ERNAKULAM

PRESENT

THE HONOURABLE MR. JUSTICE A.MUHAMED MUSTAQUE

FRIDAY, THE 11TH DAY OF OCTOBER 2019 / 19TH ASWINA, 1941

WP(C).No.28824 OF 2017

PETITIONER/S:

1 CHERIAN C.KARIPPAPARAMPIL
AGED 51,S/O.LATE SRI.K.C.CHERIAN,FLAT NO.401,AKARIA
ARCADE,CHITTOOR ROAD,AYYAPPANKAVU,ERNAKULAM,KERALA-
682018.

2 MINDSTRONG HR SOLUTIONS
A PARTNERSHIP FIRM REGISTERED UNDER THE PROVISIONSM
OF THE INDIAN PARTNERSHIP ACTM,1932,BEARING
NO:3018/2015M,AND HAVING ITS REGISTERED ADDRESS AT
FLAT NO.401,AKARIA ARCADE,CHITTOOR
ROAD,AYYAPPANKAVU,ERNAKULAM,KERALA-
682018,REPRESENTED BY ITS MANAGING PARTNER
MR.CHERIAN C.KARIPPAPARAMBIL.

BY ADVS.
SRI.S.SREEKUMAR (SR.)
SRI.P.MARTIN JOSE
SRI.P.PRIJITH
SRI.THOMAS P.KURUVILLA
SMT.RAAGA R.RAMALAKSHMI

RESPONDENT/S:

1 THE RESERVE BANK OF INDIA

BAKERY JUNCTION SERVICE
ROAD,NANDAVANAM,VAZHUTHACAUD,THIRUVANANTHAPURAM,KER
ALA-695033,REPRESENTED BY ITS REGIONAL DIRECTOR.

2 THE SOUTH INDIAN BANK LIMITED

HEAD OFFICE,T.B.ROAD,MISSION QAURTERS,THRISSUR-
680001,KERALA,INDIA,REPRESENTED BY ITS GENERAL
MANAGER.

3 THE SOUTH INDIAN BANK LIMITED

COLLECTORATE JN.BRANCH,OPPOSITE
COLLECTORATE,KOTTAYAM-KUMILY RD,KOTTAYAM,KERALA-
686002,REPRESENTED BY ITS BRANCH MANAGER.

4 THE HOUSING DEVELOPMENT FINANCE CORPORATION HDFCLTD

HDFC HOUSE,1ST FLOOR,C.S.NO.6/242,SENAPATI BAPAT
 MARG,LOWER PAREL,MUMBAI-400001,REPRESENTED BY ITS
GENERAL MANAGER. [CORRECTED] [THE NAME 'THE HOUSING
DEVELOPMENT FINANCE CORPORATION (HDFC) LTD' SHOWN
IN THE CAUSE TITLE OF R4 CORRECTED AS 'HDFC BANK
LIMITED']

5 THE HOUSING DEVELOPMENT FINANCE CORPORATION

HDFCLTD.
MKS TOWERS,SAHODARAN AYYAPPAN RD,KADAVANTHRA
JUNCTION,KADAVANTHRA,ERNAKULAM,KERALA-
682020,REPRESENTED BY ITS BRANCH MANAGER.
[CORRECTED] [THE NAME 'THE HOUSING DEVELOPMENT
FINANCE CORPORATION (HDFC) LTD' SHOWN IN THE CAUSE
TITLE OF R4 AND R5 IS CORRECTED AS 'HDFC BANK
LIMITED'] AS PER ORDER DATED 31/10/2017 IN
IA.1695/2017.]

6 ADDL.R6 THE SUPERINTENDENT OF POLICE

ECONOMIC OFFENCES WING, CRIME BRANCH (C.B.C.I.D),
ERNAKULAM-683574. (ADDL.R6 IS IMPLEADED AS PER
ORDER DATED 22/11/2018 IN IA.NO.03/2018)

7 ADDL.R7.M/S.BHARAT SANCHAR NIGAM LIMITED,

BSNL OFFICE, BSNL BHAVAN, KALATHIPARAMBIL ROAD,
NEAR SOUTH RAILWAY STATION, KOCHI - 682 016,
REPRESENTED BY ITS GENERAL MANAGER, TELECOM.

8 ADDL.R8.M/S.BHARAT SANCHAR NIGAM LIMITED,

BSNL OFFICE, T.B.ROAD, PALAKKAD - 678 014,
REPRESENTED BY ITS GENERAL MANAGER, TELECOM.

9 ADDL.R9.UNION OF INDIA,
DEPARTMENT OF TELECOMMUNICATIONS (MINISTRY OF
COMMUNICATIONS), SANCHAR BHAVAN, 20 ASHOKA ROAD,
NEW DELHI, INDIA - 110 001, REPRESENTED BY
SECRETARY, TELECOMMUNICATIONS.

10 ADDL.R10.TELECOM REGULATORY AUTHORITY OF INDIA,

MAHANAGAR DOORSANCHAR BHAWAN (NEXT TO ZAKIR HUSSAIN
COLLEGE), JAWAHARLAL NEHRU ROAD (OLD MINTO ROAD),
NEW DELHI - 110 002, REPRESENTED BY ITS CHAIRMAN. -
ADDL.R7 TO R10 IS IMPLEADED AS EP R ORDER DATED
06/03/2019 IN I.A.1/2019 AND I.A.2/2019 IN
WP(C)NO.28824/2017.

R2 BY ADV. SRI.SAJU N.A.

R2 BY ADV. SMT.P.J.FLONY
R2 BY ADV. SMT.DHANYA V.PAVANA
R2 BY ADV. SMT.G.LEKHA
R2 BY ADV. SMT.UMA.G.KRISHNAN
R2-3 BY ADV. SRI.K.K.CHANDRAN PILLAI (SR.)
R2-3 BY ADV. SRI.K.S.DILIP
R2-3 BY ADV. SMT.S.AMBILY
 R4-5 BY SRI.T.RAJESH, SC, HDFC BANK LTD.
R5 BY ADV. SRI.V.M.KURIAN
R6 BY GOVERNMENT PLEADER
R6, R9 BY ADV. SHRI.P.VIJAYAKUMAR, ASG OF INDIA
R8 BY SRI.MATHEWS K.PHILIP,SC, BSNL

THIS WRIT PETITION (CIVIL) HAVING BEEN FINALLY HEARD ON 01-

07-2019, ALONG WITH WP(C).28823/2017(C), THE COURT ON 11-10-2019
DELIVERED THE FOLLOWING:
WPC 28823/2017 & 28824/2017 “C.R.”

JUDGMENT

Dated this the 11th day of October, 2019

The banking sector has adopted technology for the efficiency of

the banking business and also for faster and hassle-free customer

service. Technology enables the service provider to offer customers and

clients a plethora of benefits that allow them to dispense with their

physical presence for banking transactions. The growth of the banking

sector by use of technology has also given rise to a new form of fraud

using counter technologies against the bank. Technology provides

services without boundaries. Geographical location is no longer a

constraint due to the onset of the use of technology. The convenience of

service without boundaries and access to service from anywhere is the

aim of any business. Criminals and fraudsters also have grown at the

same pace as that of the growth of technology. Criminals are also now

able to disguise their location and operate from anywhere in the world.

The use of technology has resulted in the dissemination of personal

data. Data can no longer be stored as done in a brick and mortar

WPC 28823/2017 & 28824/2017
-:2:-

system. Data is bound to be exposed in different forms depending upon

the nature of the service provided. Technology has its own set of

advantages and pitfalls. Data theft in Cyber Law means stealing another

person's confidential or personal information without his consent or

authority. The online banking service of a customer is linked with his

email and mobile number. This is essentially used to authenticate

banking transactions of the customers. Fraudsters having knowledge

about this authentication method, have devised fraud using SIM cards

and email. These two cases before me depict a case of SIM swapping

fraud to gain access to bank accounts of the petitioners and to withdraw

money from their bank accounts. The petitioners allege fraudulent

transactions by the third parties to withdraw money from their accounts

online. Since the point of law involved in both these writ petitions is

one and the same, it is appropriate to dispose of both these writ

petitions by way of common judgment.

2. W.P.(C).No.28823/2017 has been filed by Tony Enterprises and

Tony Lites, a proprietary firm and a partnership firm respectively, both

of which have a cash credit account at Chittoor Road branch of Oriental

WPC 28823/2017 & 28824/2017
-:3:-

Bank of Commerce. The petitioners had also availed the online banking

facility of the Bank, the alerts in respect of which would be sent and

were linked to the mobile number of one Mr.Tony Davies, the sole

proprietor of the first petitioner and the Manager of the second

petitioner. On 8th June, 2017, Mr.Tony Davies came to realize that a

total amount of Rs.16,25,000/- had been unauthorizedly transferred

from the accounts of the petitioners by way of online transactions

effected through the online banking app of the Bank. The registered

mobile number of Mr.Tony Davies had become dysfunctional on 6 th

June 2017 and he had approached the service provider, M/s. Idea

Cellular on 7th June 2017 to enquire regarding the same. He was told

by the representative of M/s.Idea Cellular that his number had become

dysfunctional as a duplicate SIM card had been issued in respect of the

number on 6th June 2017 upon the request of a person who had

fraudulently represented himself as Mr.Tony Davies. Upon subsequent

restoration of network services after re-issuance of a duplicate SIM, he

reaslised that such amounts had been unduly transferred to several

accounts from the bank accounts of the petitioners.

WPC 28823/2017 & 28824/2017
-:4:-

3. W.P.(C).No.28824/2017 has been filed by one Mr.Cherian

C.Kariparambil and a partnership firm called MINDSTRONG HR

Solutions. The first petitioner has overdraft facility account with South

Indian Bank and the second petitioner has a current account with

HDFC Bank. The petitioners had also availed the online banking

facility of the Bank, the alerts in respect of which would be sent and

were linked to the mobile number of the first petitioner who is also the

Managing Partner of the second petitioner-firm. On 28 th April 2017,

Mr.Cherian came to realize that a total amount of Rs. 23,00,000/- had

been unauthorizedly transferred from the accounts of the petitioners by

way of online transactions effected through the respective online

banking apps of the Bank. Mr.Cherian's registered mobile number had

become dysfunctional on 25th April 2017 and he had approached the

service provider, M/s BSNL Telecom on 27th April 2017 to enquire

regarding the same. He was told by the representative of M/s BSNL

Telecom that his number had become dysfunctional as a duplicate SIM

card had been issued in respect of the number on 25th June 2017 upon

the request of a person who had fraudulently represented himself as

WPC 28823/2017 & 28824/2017
-:5:-

Mr.Cherian by furnishing ID proofs belonging to him. Upon

subsequent restoration of network services after re-issuance of a

duplicate SIM, he realized that such amounts had been unduly

transferred to several accounts from the bank accounts of the

petitioners.

4. The petitioners in both these writ petitions approached this

Court with similar prayers. They seek a declaration to the effect that

they have zero liability in the light of the Circular issued by the Reserve

Bank of India. The petitioners also sought a direction to the bank to

make good the loss suffered by them.

5. The Bank entered appearance and filed a counter affidavit.

They have taken the stand that the login ID, password and telecom

number are only known to the petitioners and that without laches on

their part, others cannot operate their account. The Bank further states

that all the transactions were initiated and completed upon proper

validation of customer credentials. It is their case that a one time

password was generated through the mobile number linked with the

account and that the transaction was validated upon furnishing the one-
WPC 28823/2017 & 28824/2017
-:6:-

time password (OTP) so generated through the system. It is also stated

that all fund transfers were authenticated through the OTP which was

also sent to the email addresses of the petitioners as well.

6. These writ petitions were originally filed without

impleading the Mobile Service Provider. Their role is crucial in

understanding the modus operandi of the transfers so effected. This

Court, therefore, directed the petitioners to implead the service

providers. In W.P.(C).No.28824/2017, the Bharat Sanchar Nigam

Limited (BSNL) was impleaded as an additional respondent and, in

W.P.(C).No.28823/2017, M/s.Vodafone Idea Ltd was also impleaded as

an additional respondent.

7. In the counter affidavit filed by BSNL, it is stated that an

individual claiming to be Cherian C.Karippaparampil the writ petitioner

in W.P.(C).No.28824/2017 approached the office of BSNL on

27.4.2017 for replacement of SIM. The individual concerned

apparently also produced his original driving licence and handed over

the Xerox copy of the driving licence to obtain the duplicate SIM card.
WPC 28823/2017 & 28824/2017
-:7:-

8. Tony Davies, the first petitioner in W.P.(C).No.28823/2017

and Cherian C.Karippaparampil, the writ petitioner in W.P.

(C).No.28824/2017 have registered complaints with the local police

who registered FIR under Sections 406 and 420 of the Indian Penal

Code. The investigation was later transferred to the Crime Branch

Crime Investigation Department's Organized Crime Wing (CBCID

OCW) at Ernakulam. A Detective Inspector of the CBCID OCW-II

pursued the investigation thereon and after examination of several

witnesses and obtaining statements from them, came to the conclusion

that the amounts had been transferred to several bank accounts in West

Bengal and Maharashtra by fraudsters based in West Bengal. The

reports of the investigating officer were made available before this

Court. It is stated therein that the investigating officer registered a

crime against persons hailing from West Bengal. He has also stated in

his reports that the fraudsters followed the same modus operandi in the

case of accounts of both the petitioners to transfer the amounts by

acquiring duplicate SIM cards belonging to Mr.Tony Davies and

Mr.Cherian by means of fraudulent misrepresentation and using it to

WPC 28823/2017 & 28824/2017
-:8:-

generate OTPs which would give them unauthorized access into the

petitioners' online banking facilities. By verifying the IP address of the

accused, the Detective Officer came to the conclusion that the accused

illegally logged into the bank account of the complainants and

transferred the amount from the complainants' accounts. It is also stated

that the transferred amounts were immediately withdrawn from the

beneficiary accounts at West Bengal and Maharashtra. The

investigation reveals a case of SIM swapping and identity theft.

9. For deciding the issue in hand, this Court has to go through

SIM swap fraud in banking transactions:

9.i. SIM Swap Fraud: SIM swap fraud is a fraud using a

duplicate SIM card issued by the mobile service provider against the

registered mobile number. Using the duplicate SIM card provided by

the mobile service provider, one time passwords generated through the

banking system are obtained by fraudsters to operate another person's

bank account. Fraudsters also commit fraud on mobile service

providers by providing fake identity cards to obtain duplicate SIM

cards.
WPC 28823/2017 & 28824/2017
-:9:-

9.ii. In the website of HDFC Bank, SIM swap is narrated as

follows:

9.iii. SIM Swap Fraud is identity theft. Identity theft in

cyberspace means fraudulent means of using another person's name and

personal details in order to gain the benefit of financial advantage. The

person, whose identity is the subject of the theft would suffer loss.

Under Section 66 of Information Technology Act, identity theft is a

penal offence. It states that whoever fraudulently or dishonestly uses an

WPC 28823/2017 & 28824/2017
-:10:-

electronic signature, password or any other unique identification of any

other person is liable to be punished with imprisonment.

10. This Court, while considering the matter under public law

remedy must confine its inquiry to the action of the Bank on the basis

of public law parameters. This Court cannot adjudicate the dispute in

like manner as done in civil adjudication. The Court has to tread a

cautious path while considering a matter under Article 226 of the

Constitution. If any attempt is made to find out the liability based on

the available records placed before this Court, it would amount to

acting beyond the power under Article 226 of the Constitution. The

question, therefore, that arises is in what manner public law remedy

could be invoked to deal with the matter invoking allegations of

fraudulent banking transaction. This assumes so much importance in

the wake of the securitisation enactment which gives the Bank a power

to determine and decide the liability in the case of banking transactions.

The SARFAESI Act confers power/right on the Bank to enforce any

security interest created in their favour without the intervention of the

Court or the Tribunal, in accordance with the provisions of Section 3 of

WPC 28823/2017 & 28824/2017
-:11:-

the SARFAESI Act. As per the provisions of the SARFAESI Act, the

onus of discrediting the claim of the Bank lies on the customer who can

do so by filing an appeal against the action taken by the Bank. Before

the enactment of the securitisation act, the Bank would assert claims

only through the adjudication process of the civil court. The civil court

can very well address all issues including the fraudulent transactions or

unauthorised transactions.

11. Enforcement of security interest as referable under the

SARFAESI Act would arise only when a borrower is under the liability

to a secured creditor under a security agreement and when he makes

default in repayment of any such secured debt (See Section 13.2 of the

SARFAESI Act). This liability clearly refers to liability under a

contract. It is based on such contractual obligation that a borrower is

deemed to be proceeded against when a default is committed in

repaying the loan amount. In a matter covered under the contractual

obligation, the onus to disprove the liability under the SARFAESI Act

as adverted above is on the borrower by means of challenging the

action under Section 17 of the SARFAESI Act. However, in cases that

WPC 28823/2017 & 28824/2017
-:12:-

contain allegations of fraud, the matter goes out of bounds of the

SARFAESI Act. The Bank, therefore, is liable to prove its claim against

the persons who have committed fraud. The Bank in such cases cannot

adjudicate their claim and decide against the borrower. The question,

therefore, that arises is whether the Bank can proceed against the

borrower based on an assumed liability or not when there is a serious

challenge to a banking transaction on the ground of fraud. This is a

delicate question. The Court has to weigh the interest of the bank as

well as that of the borrower while deciding the issue. In every

transaction, if it is alleged that there was a fraud, the bank would be

denuded of its power to invoke statutory provisions under the

SARFAESI Act. Therefore, the Court has to consider in what

circumstances, a transaction can be termed as a 'disputed transaction'

that requires independent adjudication.

12. The Reserve Bank of India issued a master circular dated

6.7.2017 protecting customers in unauthorised electronic banking

transactions. The circular states that a customer has zero liability in the

following events:
WPC 28823/2017 & 28824/2017
-:13:-

“(i) Contributory fraud/negligence/deficiency on the part of the bank

(irrespective of whether or not the transaction is reported by the
customer)
(ii) Third party breach whether deficiency lies neither with the bank
nor with the customer but lies elsewhere in the system and the
customer notifies the bank within three working days of receiving
the communication from the bank regarding the unauthorised
transaction”.
The events referred therein are only illustration. It cannot be said the

list as above is exhaustive. The circular proceeds based on assumed

facts and circumstances. It refers to contributory fraud, negligence

deficiency etc. It does not indicate about liability when there is a

dispute to the events as above. In that background, the question also

arises as to the remedy of the bank to recover the amount under the

'disputed transaction'.

13. Banking transaction is both contractual and fiduciary. The

bank owes a duty to the customer. Both have a mutual obligation to one

and another. The bank, therefore, is bound to protect the interest of the

customer in all circumstances. The technology as adverted has its own

defect. Online transactions are vulnerable. Though the bank might have

devised a secured socket layer connection for online banking purpose

WPC 28823/2017 & 28824/2017
-:14:-

which is encrypted(1), this security encryption can be hacked using

different methods. The welknown hacking modes are phishing, trojans,

session hijacking, key logger, etc. The public WiFi is the easiest target

for hackers. NORTON, a leading cyber security provider in its web

page refers to the risk of using public WiFi. The unencrypted network

in public WiFi allows hackers to collect data easily. WiFi snooping (2)

using software allows hackers to access everything online while the

user is active in online. The possibilities of fetching data relating to the

banking account while the customer using online transaction, by the

hackers, cannot be overruled in banking transaction. The bank can

identify fraud risk and also devise mechanisms to protect customers.

There are counter technologies to identify location behaviour of

operators also. It is for the bank to secure the safety of online banking

transactions.

_________________________________________________________
(1) Encryption: the process of converting information or data into a code, especially to prevent unauthorized access.
•
(2) Wifi Snooping: stealing data from unsecured WiFi network. Convert (information or data) into a code, especially to

prevent unauthorized access.

WPC 28823/2017 & 28824/2017
-:15:-

14. Defining a 'disputed transaction':

A 'disputed transaction' in this context has to be understood as a

transaction prima facie tainted by fraud. Classifying transaction as

such would depend upon the nature of allegations and investigation

carried out in this regard. “No man is bound by a bargain into which he

has been induced by fraud to enter, because assent is necessary to a

valid contract.” (See KERR On the Law of Fraud and Mistake 7 th

Edition). The author further states that the transaction so induced is not

void but only voidable at the election of the party defrauded.

Classification of such transaction must be with reference to the events

identified by the RBI. That means the very validity of the transaction is

at stake. A mere challenge made by the customer would not be

sufficient. If such a challenge is supported by the report of an

independent investigation pursued by the Police or other such agencies,

that would prima facie establish that it is a 'disputed transaction'. If the

report indicates that the online transaction was carried out by some

other person other than the customer or on his behalf, that has to be

treated as a 'disputed transaction'.

WPC 28823/2017 & 28824/2017
-:16:-

15. Remedy of the Bank:

The bank has a remedy by way of filing a civil suit for claiming

the loss suffered in the transaction and to recover it from the person

responsible. In common law jurisdiction fraud is a tort and considered

as a civil wrong. It is also a penal offence under the relevant statutory

provisions. The circular of the RBI presumes in such circumstances,

'zero liability' to the customer. A recent circular issued by the RBI,

RBI/2018-19/101, dated 4.1.2019, limits the liability of the customer. It

reads thus:

“Limited liability of a customer:

A customer’s liability arising out of an unauthorised payment
transaction will be limited to:
Customer liability in case of unauthorised electronic payment transactions through a
PPI
S. Particulars Maximum Liability
No. of Customer
(a) Contributory fraud / negligence / deficiency on the part of Zero
the PPI issuer, including PPI-MTS issuer (irrespective of
whether or not the transaction is reported by the
customer)
(b) Third party breach where the deficiency lies neither with
the PPI issuer nor with the customer but lies elsewhere in
the system, and the customer notifies the PPI issuer
regarding the unauthorised payment transaction. The per
transaction customer liability in such cases will depend
on the number of days lapsed between the receipt of
transaction communication by the customer from the PPI
issuer and the reporting of unauthorised transaction by
the customer to the PPI issuer -
WPC 28823/2017 & 28824/2017
-:17:-

i. Within three days# Zero

ii. Within four to seven days# Transaction value
or ₹10,000/- per
transaction,
whichever is lower
iii.Beyond seven days# As per the Board
approved policy of
the PPI issuer
(c) In cases where the loss is due to negligence by a customer, such as where he /
she has shared the payment credentials, the customer will bear the entire loss
until he / she reports the unauthorised transaction to the PPI issuer. Any loss
occurring after the reporting of the unauthorised transaction shall be borne by
the PPI issuer.
(d) PPI issuers may also, at their discretion, decide to waive off any customer
liability in case of unauthorised electronic payment transactions even in cases
of customer negligence.
# The number of days mentioned above shall be counted excluding the
date of receiving the communication from the PPI issuer.

The above shall be clearly communicated to all PPI holders.”

The circular as above does not foreclose the remedy of the bank to

proceed against the fraudsters and also against customers or any other

persons or entity involved. It also does not prevent a customer from

proceeding against the bank through a civil suit if he was unable to

lodge complaint within the time as provided in the circular. Civil rights

of the parties if otherwise available are not lost based on the circular,

though the circular has statutory backing. The circular only indicates

the nature of the action to be taken by the bank when there are

complaints relating to an unauthorised payment transaction. The bank

WPC 28823/2017 & 28824/2017
-:18:-

also cannot recover the amount from the customer stating that the

customer was negligent in protecting his personal details. If such

personal details were exposed due to the laches on account of the action

on the part of the customer, it can at the best be treated as negligence.

To what extent the customer can be made responsible for such

negligence is a matter of probe and adjudication through a civil suit.

16. It is profitable to refer to the observations of the House of

Lords in London Joint Stock Bank, Limited v. Macmillan and

Arthur [1918 AC 777] which is as follows:

“As the customer and the banker are under a contractual

relation in this matter, it appears obvious that in drawing a cheque
the customer is bound to take usual and reasonable precautions to
prevent forgery. Crime, is indeed, a very serious matter, but
everyone knows that crime is not uncommon. If the cheque is drawn
in such a way as to facilitate or almost to invite an increase in the
amount by forgery if the cheque should get into the hands of a
dishonest person, forgery is not a remote but a very natural
consequence of negligence of this description.”
The learned Lord Chancellor observed further at page 795 as follows:

“Of course the negligence must be in the transaction itself,

that is, in the manner in which the cheque is drawn. It would be no
defence to the banker, if the forgery had been that of a clerk of a
WPC 28823/2017 & 28824/2017
-:19:-

customer, that the latter had taken the clerk into his service without
sufficient inquiry as to his character. Attempts have often been made
to extend the principle of Young V. Grote (1827) 4 Bing. 253,
beyond the case of negligence in the immediate transaction, but they
have always failed.”
17. Placing reliance on Macmillan's case (supra), the Apex

Court in Bihta Co-operative Development and Cane Marketing

Union Ltd. Vs. Bank of Bihar [AIR 1967 SC 389] held as follows:

“11. “The principle of this case cannot help the respondent

before us. If the signatures on the cheque had been genuine so that
there was a mandate by the customer to the banker but the cheque
was somehow got hold of by an unauthorised person and encashed
by him, the bank might have had a good defence. If the signatures on
the cheque or at least that of one of the joint signatories to the
cheque are not or is not genuine, there is no mandate on the bank to
pay and the question of any negligence on the part of the customer,
such as, leaving the cheque book carelessly so that a third party
could easily get hold of it would afford no defence to the bank...”
18. The Apex Court in Canara Bank vs Canara Sales

Corporation & Ors [AIR 1987 SC 1603], after referring to the

judgments in Macmillan's case (supra) as well the judgment of the

Apex Court in Bank of Bihar [AIR 1967 SC 389] at para 42 held as

follows:
WPC 28823/2017 & 28824/2017
-:20:-

“42. We adopt the reasoning indicated above with great

respect. Unless the bank is able to satisfy the Court of either an
express condition in the contract with its customer or an unequivocal
ratification it will not be possible to save the bank from its liability.
The banks do business for their benefit. Customers also get some
benefit. If banks are to insist upon extreme care by the customers in
minutely looking into the pass book and the statements sent by them,
no bank perhaps can do profitable business. It is common knowledge
that the entries in the pass books and the statements of account sent
by the bank are either not readable, decipherable or legible. There is
always an element of trust between the bank and its customer. The
bank's business depends upon this trust.”
19. A learned Single Judge of this Court in similar circumstances

had held in R.S.A.No.1087/2018 as follows:

“...In short, there is also no difficulty in holding that if a customer

suffers loss in connection with the transactions made without his
junction by fraudsters, it has to be presumed that it is on account of
the failure on the part of the bank to put in place a system which
prevents such withdrawals, and the banks are, therefore, liable for
the loss caused to their customers...”

20. Thus, it is clear that the bank cannot claim any amount

from the customer when a transaction is shown to be a 'disputed

transaction'. The bank can recover from the customers only when it can

unequivocally prove that the customer was responsible for such

WPC 28823/2017 & 28824/2017
-:21:-

transaction, independently through the civil court. The RBI guidelines

is a clear mandate to exonerate a customer in such 'disputed

transaction'. RBI circular presumes the innocence of the customer in

such given circumstances. However, this innocence can be

controverted. The onus falls on the bank to prove otherwise.

21. In the present case, the police investigation prima facie

established that fraud has been committed. The beneficiaries hail from

West Bengal. There is nothing on record to establish any connivance

on the part of the petitioners. The police investigation also would

reveal that the accused obtained duplicate SIM cards by using fake

identity cards. It was also brought out that the beneficiaries

immediately withdrew the money from their bank accounts at West

Bengal. In such circumstances, the transactions can be treated as

'disputed transactions'. These transactions would fall within the sweep

of zero liability as referred to in RBI Circular. The remedy of the bank

in such circumstances is to approach the civil court and recover the

amount from the persons who were responsible for such transactions.
WPC 28823/2017 & 28824/2017
-:22:-

22. As have come out of the pleadings, amounts have been

debited from the loan account of the petitioners. The petitioners cannot

be held responsible for such debit without establishing through the civil

court that they are responsible for such withdrawal from the loan

account. If any amount deposited by the petitioners also have been

transferred, in the same manner, that shall be restored to the petitioners

without any delay at any rate within two weeks from the date of receipt

of a copy of this judgment. These directions are issued without

prejudice to the bank to proceed against the persons who are

responsible for these transactions through civil court. These writ

petitions are disposed of accordingly. No costs.

Sd/-

A.MUHAMED MUSTAQUE, JUDGE

ms
WPC 28823/2017 & 28824/2017
-:23:-

APPENDIX OF WP(C) 28823/2017

PETITIONER'S/S EXHIBITS:

EXHIBIT P1 TRUE COPY OF THE INTERNET BANKING

FACILITY SERVICES AND INSTRUCTIONS
OFFERED BY THE 2ND RESPONDENT ORIENTAL
BANK OF COMMERCE IN ITS WEBSITE.

EXHIBIT P2(A) TRUE COPY OF THE WRITTEN COMPLAINT

PREFERRED BY THE 1ST PETITIONER TO THE
3RD RESPONDENT BANK'S BRANCH OFFICE ON
08.06.2017.

EXHIBIT P2(B) TRUE COPY OF THE WRITTEN COMPLAINT

PREFERRED BY THE 1ST PETITIONER TO THE
3RD RESPONDENT BANK'S BRANCH ON
12.06.2017.

EXHIBIT P3(A) TRUE COPY OF THE WRITTEN COMPLAINT

PREFERRED BY THE 2ND PETITIONER TO THE
3RD RESPONDENT BANK'S BRANCH ON
08.06.2017.

EXHIBIT P3(B) TRUE COPY OF THE WRITTEN COMPLAINT

PREFERRED BY THE 2ND PETITIONER TO THE
3RD RESPONDENT BANK'S BRANCH ON
12.06.2017.

EXHIBIT P4 TRUE COPY OF THE MASTER CIRCULAR

NO.RBI/2017-18/15 DBR.NO.LEG.
BC.78/09.07.005/2017-18 DATED
06.07.2017.

EXHIBIT P5(A) TRUE COPY OF THE COMPLAINT PREFERRED BY

THE 1ST PETITIONER TO THE 3RD
RESPONDENT BANK'S BRANCH OFFICE DATED
07.08.2017.

EXHIBIT P5(B) TRUE COPY OF THE COMPLAINT PREFERRED BY

THE 2ND PETITIONER TO THE 3RD
RESPONDENT BANK'S BRANCH OFFICE DATED
07.08.2017.
WPC 28823/2017 & 28824/2017
-:24:-

EXHIBIT P6 TRUE COPY OF THE RELEVANT PORTION OF

THE NEWSPAPER REPORT PUBLISHED IN
MALAYALA MANORAMA DATED 20.08.2017.

EXHIBIT P7 TRUE COPY OF THE FIR NO.1185 ISSUED BY

THE ERNAKULAM NORTH TOWN POLICE STATION
DATED 09.06.2017.

EXHIBIT P8 TRUE COPY OF THE COMPLAINT FILED BY THE

PETITIONER TO M/S.IDEA CELLULAR TELECOM
DATED 12.06.2017.

EXHIBIT P9 TRUE COPY OF THE REPLY RECEIVED FROM

IDEA CELLULAR TO THE PETITIONER DATED
17.07.2017.

EXHIBIT P10 TRUE COPY OF THE REPRESENTATION

PREFERRED BY THE 1ST PETITIONER TO 1ST
RESPONDENT RBI DATED 28.06.2017.
 APPENDIX OF WP(C) 28824/2017
PETITIONER'S/S EXHIBITS:

EXT P1 TRUE COPY OF THE INTERNET BANKING FACILITY

SERVICES AND INSTRUCTIONS OFFERED BY THE
2ND RESPONDENT SOUTH INDIAN BANK IT IS
WEBSITE.

EXT.P2 TRUE COPY OF THE RTI REPLY FURNISHED BY

M/S.BSNL SANCHAR NIGAM LIMITED,OFFICE OF
THE GENERAL MANAGER TELECOM,PALAKKAD DATED
13.06.2017

EXT.P3 TRUE COPY OF THE WRITTEN COMPLAINT

PREFERRED BY THE 1ST PETITIONER TO THE 3RD
RESPONDENT BANK DATED 17.06.2017.

EXT.P4 TRUE COPY OF WRITTEN COMPLAINT PREFERRED BY

THE 1ST PETITIONER TO THE 2ND RESPONDENT
BANK DATED 17.05.2017

EXT.P5 TRUE COPY OF THE REPLY ISSUED BY THE 3RD

RESPONDENT BANK DATED 19.05.2017

EXT.P6 TRUE COPY OF THE REPLY ISSUED BY THE HEAD

OFFICE OF THE 2ND RESPONDENT SOUTH INDIAN
BANK DATED 25.05.2017

EXT.P7 TRUE COPY OF THE REPLY ISSUED BY THE HEAD

OFFICE OF THE 2ND RESPONDENT SOUTH INDIAN
BANK DATED 25.05.2017

EXT.P8 TRUE COPY OF THE WRITTEN COMPLAINT

PREFERRED BY THE 1ST PETITIONER TO THE 3RD
RESPONDENT BANK DATED 10.07.2017.

EXT.P9 TRUE COPY OF THE REPLY RECEIVED FROM THE

2ND RESPONDENT BANK DATED 31.07.2017

EXT.P10 TRUE COPY OF THE RELEVANT PORTION OF THE

NEWSPAPER REPORT OF A RECENT INCIDENT ON
SIMILAR CIRCUMSTANCES PUBLISHED IN MALAYALA
MANORAMA DATED 20.08.2017

EXT.P11 TRUE COPY OF THE WRITTEN COMPLAINT DATED

02.05.2017 SUBMITTED BY THE 2ND PETITIONER
TO THE 3RD RESPONDENT BANK

EXT.P12 TRUE COPY OF THE WRITTEN COMPLAINT DATED

10.07.2017 SUBMITTED BY THE 2ND PETITIONER
TO THE 5TH RESPONDENT BANK

EXT.P13 TRUE COPY OF THE EMAIL COMMUNICATION ISSUED

 BY THE 5TH RESPONDENT BANK DATED 10.08.2017

EXT.P14 TRUE COPY OF THE FIR NO.0917 ISSUED BY THE

ERNAKULAM NORTH TOWN POLICE STATION DATED
29.04.2017.

EXT.P15 TRUE COPY OF THE REPRESENTATION PREFERRED

BY THE 2ND PETITIONER DATED 13.05.2017 TO
THE 1ST RESPONDENT RESERVE BANK OF INDIA.

RESPONDENT'S/S EXHIBITS:

EXHIBIT R3 (A) COPY OF THE APPLICATION FOR INTERNET

BANKING SUBMITTED BY THE PETITIONER DATED
24.08.2015