By way of background, Satish Debbarma, a customer of SBI received a fraudulent call on August 19, 2022, which led him to share his One-Time Password (OTP).
Consequently, his account was hacked and over three lakh rupees were debited from his account. He immediately tried to contact the SBI Branch Manager but could not make the call as his phone was also hacked.
Debbarma then rushed to the Branch Manager of SBI and told him about the fraud.
The Branch Manager immediately deactivated all of Debbarma’s accounts at about 7 PM, and averted subsequent attempts made by the hackers to transfer more money. A police complaint was also lodged on the following day.
On August 24, 2022, SBI released a sum of ₹1,96,000 to Debbarma, leaving the balance amount lost due to the fraud as unpaid.
The customer eventually approached the district consumer court seeking a refund of the unpaid amount. After the district forum dismissed his complaint, he filed an appeal before the State consumer forum.
In his complaint, the Debbarma pointed out that after the incident, he had immediately contacted the bank’s system administrator only for the official to reply that he could not do anything before Monday, August 22, 2022.
Notably, the State commission found that the entire amount of money that was hacked was on hold and kept in a parking account of the bank until 12 AM on August 22. Despite this, the system administrator did not do anything to ensure that the money kept on hold was refunded to the bank account of the customer.
The Commission further noted that the bank had a system in place to ensure that all commercial transactions are kept on hold in the system of the bank for at least 48 hours before it is settled.
In this case, the Commission found that the amount sought to be transferred by the hackers was kept on hold for over 96 hours, before only a portion of the amount was debited from the parking account of the SBI.
The Commission observed that the customer had repeatedly urged the system administrator to take steps so that this money is not transferred to the hackers, but that the administrator to not discharge his duty as a bank officer.
“(The system administrator) even did not look after the interest of the Bank, his employer,” the Commission remarked.
It concluded that this was utter negligence on the bank’s part and that the bank had failed to provide the level of service ordinarily expected by its customers.
Source: Barandbench
