Madras High Court
Bhushan Goyal vs The Banking Ombudsman on 23 September, 2025
Author: M.Dhandapani
Bench: M.Dhandapani
W.P.No.28100 of 2022
IN THE HIGH COURT OF JUDICATURE AT MADRAS
DATED : 23.09.2025
CORAM
THE HONOURABLE MR.JUSTICE M.DHANDAPANI
W.P.No.28100 of 2022
And
W.M.P.Nos.27377 and 27380 of 2022
Bhushan Goyal ... Petitioner
Vs.
1 The Banking Ombudsman
C/o.Reserve Bank of India
Fort Glacis,
Chennai – 600 001.
2 Indian Bank
Rep. by its Branch Manager,
Ethiraj Salai Branch,
Ethiraj Salai,
Egmore,
Chennai – 600 008.
3 The Governor,
Reserve Bank of India,
New Delhi. ... Respondents
Prayer:
Petition filed under Article 226 of the Constitution of India to
issue a Writ of Certiorarified Mandamus calling for the records of the
first respondent dated 25.07.2022 in complaint Number:
N202223006007331/2022-23 closing the complaint filed by the
petitioner, and quash the same and consequently direct the second
1/33
https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm )
W.P.No.28100 of 2022
respondent to refund the amounts to the tune of Rs.7,50,085/-
relating to unauthorized transaction carried out through Current A/c
No.859708801, along with interest at SBI rate for cash credits from
the date the amounts were withdrawn, 24.02.2016, till the date of
credit of the amounts into the account of the petitioner.
For Petitioner : Mr.Surya Narayanan N &
Mr.Vishnu Manoharan P
for M/s.Rahul Balaji
For Respondents : M/s.T.Poornam for R1
Mrs.Rita Chandrasekar for R2
for M/s.Aiyar & Dolia
ORDER
This writ petition has been filed seeking issuance of Writ of Certiorarified Mandamus calling for the records of the first respondent dated 25.07.2022 in complaint Number: N202223006007331/2022-23 closing the complaint filed by the petitioner, and quash the same and consequently direct the second respondent to refund the amounts to the tune of Rs.7,50,085/- relating to unauthorized transaction carried out through Current A/c No.859708801, along with interest at SBI rate for cash credits from the date the amounts were withdrawn, 24.02.2016, till the date of credit of the amounts into the account of the petitioner.
2/33https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022
2.The learned counsel appearing for the petitioner submitted that the petitioner is the customer of the second respondent Bank holding current account in the name of M/s.Chanda Softy Icecreams bearing a/c no.85978801 and the petitioner is having mobile no.+91 98410 69000 and it is the registered mobile number with the Bank for the purpose of communication. On 23.02.2016, at around 4.00 p.m., his mobile phone lost connectivity abruptly and was unable to send or receive any messages or make or receive any calls. Hence, the petitioner called his network provider Aircel at around 12.10 p.m. on 24.02.2016 to register a complaint after which a new SIM card was issued to the petitioner at around 2.00 p.m. on the same day. After restoration of the petitioner's mobile connectivity, the petitioner found that a sum of Rs.7,50,085/- was fraudulently transferred from his bank account to unknown person's bank account.
3.The learned counsel appearing for the petitioner further submitted that immediately, the petitioner approached the second respondent Bank and informed about the same and also gave a written complaint. Thereafter, the petitioner also lodged a complaint with the Central Crime Branch, Vepery, Chennai and also filed Crl.O.P.No.7116 3/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 of 2016 seeking a direction to register his complaint dated 24.02.2016 and the same was allowed by this Court dated 04.04.2016.
Thereafter, the petitioner issued legal notice dated 21.04.2016 calling upon the second respondent Bank to credit the aforesaid amount and since there was no response, filed W.P.No.28273 of 2016 and this Court vide order dated 17.02.2020 directed the second respondent Bank to consider the petitioner's complaint dated 24.02.2016 in the light of RBI circulars issued on 06.07.2017 and 04.01.2019 as well as in the light of the decision of the Kerala High Court reported in 2019 SCC Online Ker 5366, pursuant to which the petitioner received the Bank's letter dated 29.03.2022, wherein the Bank refused to grant refund of the amount and aggrieved by the same, the petitioner preferred complaint before the first respondent and the said complaint was closed on 25.07.2022 and challenging the same, the petitioner has filed this writ petition.
4.The learned counsel appearing for the petitioner further submitted that this Court has already considered similar issue in W.P.No.413 of 2024 dated 12.06.2025 [M/s.Dadha Pharma LLP Rep.
by its Authorised Signatory Mr.D.Rahul Bafna Vs. Reserve Bank of 4/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 India and others], wherein, this Court issued direction to the third respondent therein to act upon the circular issued by the Reserve Bank of India and restore / recredit the amount which was siphoned from the current account of the petitioner therein. The learned counsel further submitted that the Hon'ble Division Bench of the High Court of Gauhati in the decision reported in 2024 SCC OnLine Gau 1519 [State Bank of India Vs. Pallabh Bhowmick and others] has observed that the Banks cannot absolve themselves of the liability towards losses suffered by the customers on account of unauthorized electronic transactions based on perceived negligence of the customers. The learned counsel further submitted that the said decision of the Hon'ble Division Bench of the High Court of Gauhati was challenged before the Hon'ble Apex Court in SLP.No.30677 of 2024 and the said SLP was dismissed by the Hon'ble Apex Court on 03.01.2025.
5.Per contra, the learned counsel appearing for the second respondent adopted the counter affidavit filed by the second respondent in W.P.No.28273 of 2016 during January, 2020 and would submit that the petitioner is seeking for refund of Rs.7,50,085/- on the premise that a customer is entitled to zero liability where the unauthorized transactions occurs due to contributory fraud/ 5/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 negligence/ deficiency on the part of the Bank for third party breach where the deficiency lies neither with the Bank nor with the customer but lies elsewhere in the system. The prerequisite for entitlement of zero liability is that the customer notifies the Bank within 3 working days of receiving the communication from the Bank regarding unauthorised transaction. In the instant case, admittedly the transaction had taken place by using OTP. In transactions of such kind the account holder is expected not to divulge or share the details of OTP. The fact that the amount belonging to the petitioner is transferred to third party accounts, knowingly or unknowingly would only indicate that the petitioner has shared the details of the OTP.
Therefore, the same had happened on account of negligence on part of the petitioner and the same is not attributable to the second respondent. Therefore, on all probabilities the petitioner cannot seek refund of the amount by placing reliance on the zero liability of a customer.
6.The learned counsel appearing for the second respondent further submitted that for the very same transaction, already the petitioner lodged complaint before the Central Crime Branch, Vepery, Chennai and investigation is still pending and only after completion of 6/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 investigation, if the investigation reveals that there is no fault on the part of the customer/ petitioner, on the basis of the final report and on the basis of the RBI circular, the amount will be refunded to the petitioner.
7.The first respondent has filed counter affidavit, wherein in paragraph no.4 it is stated as follows:
“4.It is submitted that this answering respondent has no objection, if this Hon'ble Court is satisfied on the merits in petitioner's case and the relief as sought in prayer (c) is granted.”
8.Heard the arguments advanced on either side and perused the materials available on record.
9.Admittedly, the petitioner is the customer of the second respondent Bank holding current account in the name of M/s.Chanda Softy Icecreams bearing a/c no.85978801 and the petitioner is having mobile no.+91 98410 69000 and it is the registered mobile number with the Bank for the purpose of communication. On 23.02.2016, at around 4.00 p.m., his mobile phone lost connectivity abruptly and was 7/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 unable to send or receive any messages or make or receive any calls.
Hence, the petitioner called his network provider Aircel at around 12.10 p.m. on 24.02.2016 to register a complaint after which a new SIM card was issued to the petitioner at around 2.00 p.m. on the same day. After restoration of the petitioner's mobile connectivity, the petitioner found that a sum of Rs.7,50,085/- was fraudulently transferred from his bank account to unknown person's bank account.
Immediately, the petitioner approached the second respondent Bank and informed about the same and also gave a written complaint.
10.There is no dispute with the fact that the said complaint has been made within three days from the date of transaction as per RBI circular. The petitioner claims that he did not share any OTP with the third party and in the absence of mobile network, by using duplicate SIM card, third party has transferred the amount from the petitioner's account to third party accounts and hence, the petitioner is entitled for refund of the amount from the second respondent.
11. Different High Courts had dealt with the very same issue and it will be relevant to take note of the same.
8/33https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 11.1.The Delhi High Court in the case of Hare Ram Singh Vs. Reserve Bank of India and Others reported in MANU/DE/8030/ 2024 had an occasion to deal with a very similar case and it was held as follows:
“32. In the light of the aforesaid regulations, it is evident that the security protocols such as '2FA' or OTP verification had been breached by a simple 'malware' deployed by the cyber fraudsters. Evidently, the online banking service of the petitioner was linked with his mobile number, which was being used to authenticate his banking transactions, and the security apparatus of the respondent Bank failed to detect any unusual logging activity from a different Internet Protocol Address that was being used by the fraudsters. It has to be presumed that it is on account of the failure on the part of the bank to put in place a system which prevents such withdrawals, that the petitioner suffered monetary losses.
33. Lastly, it is well established under the Common Law, that funds in a bank account belong to the bank, but the bank acts as an agent for the principal (the customer).
Consequently, the bank cannot refuse to process an online transfer if it appears to be 9/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 authorized by the customer, however, upon detecting fraud, the bank has an implied duty to exercise reasonable care and take prompt action. Unhesitatingly, there was patent deficiency in services on the part of the bank, inasmuch as the response of the bank was lukewarm, defective, and not prompt. The respondent No. 2 i.e., SBI failed to take immediate measures to take up the issue with the other REs to whom the online payment had been remitted.” 11.2.The Kerala High Court also had an occasion to deal with the similar issue in the case of Tony Enterprises and Others Vs. Reserve Bank of India and Others reported in MANU/KE/4164/2019. The relevant portions are extracted hereunder:
“12. The Reserve Bank of India issued a master circular dated 6.7.2017 protecting customers in unauthorised electronic banking transactions. The circular states that a customer has zero liability in the following events:
WPC 28823/2017 & 28824/2017 "(i)
Contributory fraud/negligence/deficiency on
the part of the bank (irrespective of whether or 10/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 not the transaction is reported by the customer)
(ii) Third party breach whether deficiency lies neither with the bank nor with the customer but lies elsewhere in the system and the customer notifies the bank within three working days of receiving the communication from the bank regarding the unauthorised transaction". The events referred therein are only illustration. It cannot be said the list as above is exhaustive. The circular proceeds based on assumed facts and circumstances. It refers to contributory fraud, negligence deficiency etc. It does not indicate about liability when there is a dispute to the events as above. In that background, the question also arises as to the remedy of the bank to recover the amount under the 'disputed transaction'.
13. Banking transaction is both contractual and fiduciary. The bank owes a duty to the customer. Both have a mutual obligation to one and another. The bank, therefore, is bound to protect the interest of the customer in all circumstances. The technology as adverted has its own defect. Online transactions are vulnerable. Though the bank might have 11/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 devised a secured socket layer connection for online banking purpose WPC 28823/2017 & 28824/2017 which is encrypted(1), this security encryption can be hacked using different methods. The welknown hacking modes are phishing, trojans, session hijacking, key logger, etc. The public WiFi is the easiest target for hackers. NORTON, a leading cyber security provider in its web page refers to the risk of using public WiFi. The unencrypted network in public WiFi allows hackers to collect data easily. WiFi snooping (2) using software allows hackers to access everything online while the user is active in online. The possibilities of fetching data relating to the banking account while the customer using online transaction, by the hackers, cannot be overruled in banking transaction. The bank can identify fraud risk and also devise mechanisms to protect customers. There are counter technologies to identify location behaviour of operators also. It is for the bank to secure the safety of online banking transactions.
14. Defining a 'disputed transaction':
A 'disputed transaction' in this context has to be understood as a transaction prima facie tainted by fraud. Classifying transaction as 12/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 such would depend upon the nature of allegations and investigation carried out in this regard. "No man is bound by a bargain into which he has been induced by fraud to enter, because assent is necessary to a valid contract." (See KERR On the Law of Fraud and Mistake 7 th Edition). The author further states that the transaction so induced is not void but only voidable at the election of the party defrauded.
Classification of such transaction must be with reference to the events identified by the RBI. That means the very validity of the transaction is at stake. A mere challenge made by the customer would not be sufficient. If such a challenge is supported by the report of an independent investigation pursued by the Police or other such agencies, that would prima facie establish that it is a 'disputed transaction'. If the report indicates that the online transaction was carried out by some other person other than the customer or on his behalf, that has to be treated as a 'disputed transaction'.
15. Remedy of the Bank:
The bank has a remedy by way of filing a civil suit for claiming the loss suffered in the 13/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 transaction and to recover it from the person responsible. In common law jurisdiction fraud is a tort and considered as a civil wrong. It is also a penal offence under the relevant statutory provisions. The circular of the RBI presumes in such circumstances, 'zero liability' to the customer. A recent circular issued by the RBI, RBI/2018-19/101, dated 4.1.2019, limits the liability of the customer. It reads thus:
"Limited liability of a customer: A customer's liability arising out of an unauthorised payment transaction will be limited to:
Customer liability in case of unauthorised electronic payment transactions through a PPI S.No. Particulars Maximum Liability of Customer
(a) Contributory fraud / negligence / deficiency Zero on the part of Zero the PPI issuer, including PPI-MTS issuer (irrespective of whether or not the transaction is reported by the customer)
(b) Third party breach where the deficiency lies neither with the PPI issuer nor with the customer but lies elsewhere in the system, and the customer notifies the PPI issuer 14/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 Customer liability in case of unauthorised electronic payment transactions through a PPI regarding the unauthorised payment transaction. The per transaction customer liability in such cases will depend on the number of days lapsed between the receipt of transaction communication by the customer from the PPI issuer and the reporting of unauthorised transaction by the customer to the PPI issuer -
i.Within three days Zero
ii.Within four to seven days# Transaction value
or ?10,000/- per
transaction,
whichever is
lower
iii.Beyond seven days# As per the Board
approved policy
of the PPI issuer
(c) In cases where the loss is due to negligence
by a customer, such as where he / she has shared the payment credentials, the customer will bear the entire loss until he / she reports the unauthorised transaction to the PPI issuer. Any loss occurring after the reporting of the unauthorised transaction shall be borne by the PPI issuer.
(d) PPI issuers may also, at their discretion, 15/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 Customer liability in case of unauthorised electronic payment transactions through a PPI decide to waive off any customer liability in case of unauthorised electronic payment transactions even in cases of customer negligence.
# The number of days mentioned above shall be counted excluding the date of receiving the communication from the PPI issuer.
The above shall be clearly communicated to all PPI holders." The circular as above does not foreclose the remedy of the bank to proceed against the fraudsters and also against customers or any other persons or entity involved. It also does not prevent a customer from proceeding against the bank through a civil suit if he was unable to lodge complaint within the time as provided in the circular. Civil rights of the parties if otherwise available are not lost based on the circular, though the circular has statutory backing. The circular only indicates the nature of the action to be taken by the bank when there are complaints relating to an unauthorised payment transaction. The bank WPC 28823/2017 & 28824/2017 also cannot recover the amount from the customer 16/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 stating that the customer was negligent in protecting his personal details. If such personal details were exposed due to the laches on account of the action on the part of the customer, it can at the best be treated as negligence. To what extent the customer can be made responsible for such negligence is a matter of probe and adjudication through a civil suit.
16. It is profitable to refer to the observations of the House of Lords in London Joint Stock Bank, Limited v. Macmillan and Arthur [1918 AC 777] which is as follows:
"As the customer and the banker are under a contractual relation in this matter, it appears obvious that in drawing a cheque the customer is bound to take usual and reasonable precautions to prevent forgery. Crime, is indeed, a very serious matter, but everyone knows that crime is not uncommon. If the cheque is drawn in such a way as to facilitate or almost to invite an increase in the amount by forgery if the cheque should get into the hands of a dishonest person, forgery is not a remote but a very natural 17/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 consequence of negligence of this description."
....
20. Thus, it is clear that the bank cannot claim any amount from the customer when a transaction is shown to be a 'disputed transaction'. The bank can recover from the customers only when it can unequivocally prove that the customer was responsible for such WPC 28823/2017 & 28824/2017 transaction, independently through the civil court. The RBI guidelines is a clear mandate to exonerate a customer in such 'disputed transaction'. RBI circular presumes the innocence of the customer in such given circumstances. However, this innocence can be controverted. The onus falls on the bank to prove otherwise.
21. In the present case, the police investigation prima facie established that fraud has been committed. The beneficiaries hail from West Bengal. There is nothing on record to establish any connivance on the part of the petitioners. The police investigation also would reveal that the accused obtained duplicate SIM cards by using fake identity cards. It was also brought out that the beneficiaries immediately 18/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 withdrew the money from their bank accounts at West Bengal. In such circumstances, the transactions can be treated as 'disputed transactions'. These transactions would fall within the sweep of zero liability as referred to in RBI Circular. The remedy of the bank in such circumstances is to approach the civil court and recover the amount from the persons who were responsible for such transactions. WPC 28823/2017 & 28824/2017
22. As have come out of the pleadings, amounts have been debited from the loan account of the petitioners. The petitioners cannot be held responsible for such debit without establishing through the civil court that they are responsible for such withdrawal from the loan account. If any amount deposited by the petitioners also have been transferred, in the same manner, that shall be restored to the petitioners without any delay at any rate within two weeks from the date of receipt of a copy of this judgment. These directions are issued without prejudice to the bank to proceed against the persons who are responsible for these transactions through civil court. These writ petitions are disposed of accordingly. No costs.” 19/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 11.3. This Court also had an occasion to deal with the similar issue in the case of ICICI Bank Limited and Others Vs. Uma Shankar Sivasubramanian and Others reported in MANU/TN/8173/2022. The relevant portions are extracted hereunder:
“20. In a judgment of the Kerala High Court reported in MANU/KE/4164/2019 [Tony Enterprises, -Vs- Reserve Bank of India, and others (W.P(C) No.28823 of 2017) and Cherian C.Karippaparampil Vs. Reserve Bank of India, (W.P(C) No.28824 of Vs. Reserve Bank of India, (W.P(C) No.28824 of 2017)] a learned Single Judge of the Court was considering a case of a SIM swapping fraud to gain access to bank accounts of the petitioners therein and to withdraw money from their bank accounts. The customers who were the victims of this fraud had moved the Court seeking a declaration to the effect that they have zero liability to the Bank in the light of the Circular issued by the Reserve Bank of India. The petitioners in both these Writ Petitions had availed the online banking facility offered by the Bank. The respondent-Bank had taken a defence that the login ID, password and telecom number are only known to the petitioners and that without 20/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 laches on their part, fraudsters would not gain access to their accounts. In the course of the discussion, the learned Judge has discussed the master circular dated 06.07.2017 protecting customers in unauthorised electronic banking transactions. The circular states as follows:-
"12. The Reserve Bank of India issued a master circular dated 6.7.2017 protecting customers in unauthorised electronic banking transactions. The circular states that a customer has zero liability in the following events:
“(i) Contributory fraud/negligence/ deficiency on the part of the bank (irrespective of whether or not the transaction is reported by the customer)
(ii) Third party breach whether deficiency lies neither with the bank nor with the customer but lies elsewhere in the system and the customer notifies the bank within three working days of receiving the communication from the bank regarding the unauthorised transaction.” The learned Judge observed that the banking 21/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 transaction is both contractual and fiduciary and discussed the obligation cast upon a Bank qua its customer.
"14. Banking transaction is both contractual and fiduciary. The bank owes a duty to the customer. Both have a mutual obligation to one and another. The bank, therefore, is bound to protect the interest of the customer in all circumstances. The technology as adverted has its own defect. Online transactions are vulnerable. Though the bank might have devised a secured socket layer connection for online banking purpose which is encrypted , this security encryption can be hacked using different methods. The welknown hacking modes are phishing, trojans, session hijacking, key logger, etc. The public WiFi is the easiest target for hackers. NORTON, a leading cyber security provider in its web page refers to the risk of using public WiFi. The unencrypted network in public WiFi allows hackers to collect data easily.
WiFi snooping using software allows hackers to access everything online while the user is active in online. The possibilities of fetching data relating to the 22/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 banking account while the customer using online transaction, by the hackers, cannot be overruled in banking transaction. The bank can identify fraud risk and also devise mechanisms to protect customers. There are counter technologies to identify location behaviour of operators also. It is for the bank to secure the safety of online banking transactions. Defining a ‘disputed transaction’:
15. A ‘disputed transaction’ in this context has to be understood as a transaction prima facie tainted by fraud.
Ultimately, the learned Judge held that the amounts withdrawn from the petitioner's account has to be restored to them without prejudice to the bankers right to proceed against the persons who are responsible for the disputed transactions through a civil court.
21. The Hon'ble Supreme Court in the judgment reported in (2021) SCC Online SC 124 [Amitabha Dasgupta Vs. United Bank of India and Others] was considering a case where the Bank had broken open the locker of 23/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 the appellant therein for non-payment of rents and subsequently, the locker had been reallocated to another customer. The appellant therein had filed a consumer complaint before the District Consumer Forum ('District Forum'). The District Forum had allowed the complaint and this was confirmed in part by the State Commission. The revision against the order of the State Commission was dismissed and the National Commission accepted the State Commission's finding on the limited jurisdiction of the Consumer Forum to adjudicate on the recovery of the contents of the locker. Therefore, the customer had moved the Hon'ble Supreme Court. The learned Judges had in very great detail discussed the duty and care that a Bank has to exercise with regard to Locker Management and the kind of records that have to be maintained. The learned Judges had set out some of the procedures that have to be followed by the Bankers while allocating and operating the lockers. The learned Judges found fault with the Bank for having opened the locker without any prior notice to the customer. They had observed as follows:-
"breaking open of the locker was in blatant 24/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 disregard to the responsibilities that the bank owed to the customer as a service provider"
and had made the following observations regarding a Bank's duty in the light of the advancing technology in conclusion:-
"55. Before concluding, we would like to make a few observations on the importance of the subject matter of the present appeal. With the advent of globalization, banking institutions have acquired a very significant role in the life of the common man. Both domestic and international economic transactions within the country have increased multiple folds.
Given that we are steadily moving towards a cashless economy, people are hesitant to keep their liquid assets at home as was the case earlier. Thus, as is evident from the rising demand for such services, lockers have become an essential service provided by every banking institution. Such services may be availed of by citizens as well as by foreign nationals. Moreover, due to rapid gains in technology, we are now transitioning from dual keyoperated lockers to electronically operated lockers. In the latter system, 25/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 though the customer may have partial access to the locker through passwords or ATM pin, etc., they are unlikely to possess the technological know-how to control the operation of such lockers. On the other hand, there is the possibility that miscreants may manipulate the technologies used in these systems to gain access to the lockers without the customers' knowledge or consent. Thus the customer is completely at the mercy of the bank, which is the more resourceful party, for the protection of their assets."
In the instant case, the Bank even after coming to know that the account of the complainant has been tampered / manipulated and a fraudulent transaction has taken place did not take any steps to independently lodge a complaint against the 5th respondent into whose account the money had been transferred. In this age of advancement in technology where predators are waiting in the wings in the virtual world as the whole world is connected through digitalization, the role of the Bank towards protecting the interests of its customer assumes greater significance. A strong cyber security is therefore the order of 26/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 the day and Banks should not only provide it but educate its customers on the potential threats. In a country like ours where the bulk of the citizenry are illiterate, this becomes all the more necessary. In an article “Cyber world:
Advantages and its Emerging Threat” the writer has quoted from the National Crime Records Bureau to state that in the year 2020- 2021 alone 50,030 cyber crimes were reported and in India more than 2200 cyber – attacks are committed per day. The figures are mind boggling which makes it imperative for the Banks offering online banking facilities to enhance their cyber security and rush to take steps to mitigate the loss that a customer may suffer on account of such cyber attacks. In the case on hand unfortunately the Bank has sadly failed to take steps in this regard.
22. Therefore, from the above discussion, there is a clear breach of trust as well. The authorities below have at length discussed the manner in which the complainant had been deprived of his money and why the respondent-Bank should be held responsible. I see no reason to overturn this 27/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 decision and consequently, the civil miscellaneous appeal is dismissed. No costs.”
12.It is useful to extract hereunder the relevant portion of the decision of the Hon'ble Division Bench of the High Court of Gauhati reported in 2024 SCC OnLine Gau 1519 [State Bank of India Vs. Pallabh Bhowmick and others]:
40. Undoubtedly, it is correct that if a customer is negligent in handling his or her account and discloses sensitive information such as, password, OTP, MPIN, Card Number etc., resulting into fraudulent transaction, the Bank cannot be held liable for loss, if any suffered by the customer. However, in such cases, negligence on the part of the customers must be cogently established by the Bank by bringing reliable materials on record. The Banks cannot absolve themselves of the liability towards losses suffered by the customers on account of unauthorized electronic transactions based on perceived negligence of the customers. In the present case, having considered the facts and circumstances of case and the materials available on record, we concur with the view of the learned Single Judge, that the appellant 28/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 has failed to establish negligence on the part of the respondent no. 1/petitioner leading to the fraudulent transactions. Thus, the learned Single Judge has rightly directed the appellant to deposit an amount of Rs. 94, 204.80/-
(Rupees Ninety-four thousand two hundred four and Eighty Paisa) only, in the bank account of the respondent no. 1/petitioner.
[Emphasis supplied]
13.It is clear from the above decisions, that when there is no negligence on the part of the customer or on the act of the petitioner to commit any fraud, it is the duty of the Bank to re-credit the amount that was unauthorisedly transferred from the account of the customer.
14.From the aforesaid decisions, it transpires that where the siphoning off of the funds is not attributable to the customer and that there is no negligence on the part of the customer and there is no act of the customer to defraud the bank, then necessarily, as per the circular issued by RBI, it is the duty of the bank to recredit the amount back to the account of the customer, which has been unauthorisedly transferred from the account of the customer.
29/33https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022
15.In the present case, it is the specific case of the petitioner that he had not shared the OTP with any third party. The transaction had been done while there was no network in his mobile and the complaints filed by the petitioner reveals the steps taken by the petitioner when he lost mobile network connectivity, which resulted in replacement of the SIM by the petitioner and only upon replacement it came to his knowledge about the fraudulent transactions that had taken place in his account. Immediately upon noting the same, the petitioner had raised the complaint with regard to the unauthorised transactions not only with the bank, but also with the cyber wing of the law enforcing agency. This clearly shows the diligent act on the part of the petitioner.
16.The case of the second respondent is premised on the presumption that the petitioner would have unknowingly shared the OTP with some third party resulting in the unauthorised transaction.
However, there is no material to substantiate the same. The diligent acts of the petitioner clearly show that he had taken all the necessary steps upon coming to know of the unauthorised transactions. In the absence of the Bank failing to cogently establish through reliable materials that the petitioner had not acted diligently or that he had 30/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 partaken in the unauthorised activity even though unknowingly, the liability to cover the loss squarely falls on the Bank and the Bank cannot make the petitioner to suffer the loss towards the unauthorised electronic transactions based on perceived negligence of the customers. There being no credible material to substantiate the perceived negligence on the part of the petitioner, as per the RBI circular, the Bank is bound to recredit the amount back to the account of the petitioner.
17.In the light of the above discussions, this Court directs the second respondent to act upon the circular issued by the Reserve Bank of India and restore/recredit the amount to the tune of Rs.7,50,085/-
which was siphoned from the current account of the petitioner, within a period of four weeks from the date of receipt of a copy of this order.
18.After the Central Crime Branch, Vepery, Chennai completes the investigation on the complaint given by the petitioner, if the accused is identified, liberty is granted to the second respondent Bank to retrieve the amount from the accused in the manner known to law.
19.The writ petition is allowed on the above terms. No costs.
31/33https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 Consequently, connected miscellaneous petitions are closed.
23.09.2025 pri Index: Yes/ No Speaking Order: Yes/ No NCC: Yes/ No To 1 The Banking Ombudsman C/o.Reserve Bank of India Fort Glacis, Chennai – 600 001.
2 Indian Bank Rep. by its Branch Manager, Ethiraj Salai Branch, Ethiraj Salai, Egmore, Chennai – 600 008.
3 The Governor, Reserve Bank of India, New Delhi.
M.DHANDAPANI,J.
pri 32/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm ) W.P.No.28100 of 2022 W.P.No.28100 of 2022 And W.M.P.Nos.27377 and 27380 of 2022 23.09.2025 33/33 https://www.mhc.tn.gov.in/judis ( Uploaded on: 16/10/2025 08:39:41 pm )