In a significant ruling linked to digital payment frauds, the Uttarakhand State Consumer Disputes Redressal Commission has granted major relief to Punjab National Bank (PNB) and Google Pay, holding that banks and payment platforms cannot be held liable if financial losses arise due to a customer’s own negligence.
The case involved Haridwar resident Sachin Kumar, who alleged that he attempted to transfer ₹25,000 via Google Pay in November 2020. Although the transaction reportedly failed, the amount was debited from his account. Soon after, he began receiving suspicious messages, and over the next two days multiple withdrawals were made from his bank account. In total, ₹1,06,500 was debited.
Kumar first approached the bank and later filed a complaint before the district consumer commission, which ruled in his favour and directed PNB to refund the disputed amount. Challenging the order, the bank moved the State Consumer Commission.
During the appeal hearing, transaction records revealed that all disputed payments had originated from the complainant’s own mobile phone and were authorised using valid UPI PIN credentials. The Commission observed that platforms such as Google Pay do not permit transactions without correct authentication.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
In its order, the State Commission underlined that safeguarding mobile phones, OTPs, passwords and UPI PINs lies entirely with the consumer. If a customer fails to protect these sensitive credentials or shares them—knowingly or unknowingly—with third parties, the resulting financial loss cannot be attributed to the bank or the digital payment application.
The Commission further noted that the district forum had failed to properly evaluate technical evidence and transaction logs. On these grounds, it set aside the lower court’s order and ruled in favour of PNB and Google Pay.
The Commission also clarified that when transactions are executed using valid UPI PINs from the customer’s registered device, it must be presumed that the payments were carried out with the account holder’s knowledge. Consequently, liability cannot be shifted to service providers in the absence of system failure or proven security breaches.
Bank representatives argued that PNB’s digital banking framework follows prescribed security protocols and that all transactions in the case were processed through standard authentication mechanisms. Officials said the ruling sends a strong message to digital users about exercising caution while conducting online transactions.
In a statement, the bank maintained that while its systems are robust, customers must remain vigilant. Any losses arising from sharing confidential information or complying with instructions from unknown callers or third parties cannot be fastened on banks.
Legal experts believe the verdict could serve as an important precedent for similar cyber fraud disputes. The Commission has made it clear that in digital payment cases, responsibility will be determined based on whether the customer exercised due care in protecting personal financial credentials.
Authorities have once again urged the public not to share OTPs, UPI PINs or banking details with anyone, to avoid engaging with suspicious calls or messages, and to immediately report unusual transactions to their bank and the national cyber helpline 1930.
About the author – Ayesha Aayat is a law student and contributor covering cybercrime, online frauds, and digital safety concerns. Her writing aims to raise awareness about evolving cyber threats and legal responses.
