In a landmark ruling reinforcing consumer protection in banking fraud cases, the National Consumer Disputes Redressal Commission has directed that banks must refund money withdrawn fraudulently from a customer’s account within 10 working days if the account holder is found to be not negligent.
The apex consumer body clarified that when unauthorised transactions occur without any fault of the customer, and there is no evidence of sensitive details such as OTPs being shared, the entire financial liability rests with the bank. The ruling relies on the Reserve Bank of India’s 2017 circular on customer liability in digital and electronic banking fraud.
The Commission said such cases fall under “zero liability,” making it mandatory for banks to restore the full amount within the prescribed time limit.
The order was passed by a Bench led by the Commission’s President along with a member, while dismissing a bank’s appeal against an earlier decision of the State Consumer Disputes Redressal Commission. The Bench upheld the rulings of both the State and District Consumer Commissions in favour of the customer.
No proof of OTP sharing
In its order, the Commission noted that the bank failed to provide credible proof showing that the customer had shared her OTP or confidential banking details with any third party.
“In the absence of proof of customer negligence, the present case squarely falls under Clause 6(a) of the RBI circular, which mandates zero liability on the part of the account holder,” the Commission observed.
It added that banks act as custodians of customer funds and are responsible for maintaining strong systems to prevent unauthorised access. Any loss caused by system failure, technical gaps, or cyber intrusion cannot be shifted to the customer.
Unusual transaction timings
The Commission also flagged the timing of the disputed transactions. Withdrawals took place around 7 pm and later between 12 am and 1 am, which were considered unusual hours for routine banking activity.
The Bench said this pattern supported the view that the transactions were not initiated by the customer. It also noted that the customer had informed the bank promptly after noticing irregularities, yet the bank failed to secure the account.
Case details
The case involved a Bengaluru-based account holder of IndusInd Bank, who reported that ₹9.52 lakh was fraudulently withdrawn from her savings account and fixed deposit. She stated that the withdrawals were made without her consent and that she had not shared OTPs, clicked suspicious links, or responded to fraudulent calls.
The District Consumer Forum ruled in her favour, a decision later upheld by the State Commission. The bank’s appeal before the National Commission was dismissed due to lack of supporting evidence.
The ruling is seen as a key precedent, reinforcing that consumer cannot be penalised for systemic failures and that banks must ensure timely redressal to maintain trust in the digital banking system.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
