The National Consumer Disputes Redressal Commission has upheld an order directing State Bank of India to re-credit ₹1.99 lakh to a Bengaluru cyber fraud victim, ruling that banks cannot escape liability for unauthorised electronic transactions merely by alleging negligence on the part of customers. The commission also upheld compensation of ₹25,000 in favour of the complainant, Prodosh Kumar Banerjee, and relied on the Reserve Bank of India’s 6 July 2017 guidelines on customer liability in digital banking frauds.
Fraud Followed ₹20 Payment Attempt
The case arose after Banerjee received an SMS on 19 July 2022 claiming that his electricity connection would be disconnected unless pending dues were paid immediately. The message contained a mobile number, and when he contacted it, he was allegedly asked to download an application that displayed a Bangalore Electricity Supply Company Ltd-like interface.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
Banerjee initially attempted to pay ₹20 through the application. Soon after, he received a bank alert stating that the password had been entered incorrectly three times. Shortly afterwards, SMS alerts showed that ₹25,000 and then ₹1.99 lakh had been debited from his SBI account, even though no OTP was received or entered for the second transaction.
His mobile phone reportedly stopped working after the transactions, preventing him from contacting the bank immediately. Fearing further losses, he switched off the device and reported the matter through SBI’s unauthorised transaction email service and to cybercrime police, which later registered an FIR in Bengaluru.
Commission Rejects Presumption of Customer Negligence
Banerjee formally informed SBI on 20 July 2022. His account was frozen and ₹25,000 was later credited back to him. He subsequently submitted a detailed complaint with supporting documents, but alleged that no satisfactory resolution was provided for the remaining amount.
The Bengaluru district consumer forum dismissed his complaint in 2023, but the Karnataka State Consumer Disputes Redressal Commission ruled in his favour in 2025 and directed SBI to re-credit ₹1.99 lakh. SBI then challenged the order before the NCDRC.
The NCDRC bench of Air Vice-Marshal J Rajendra, retired, and Justice Anoop Kumar Mendiratta held that Banerjee had initiated only a ₹20 payment, while the larger fraudulent debits occurred after the online software came under the control of a third party. The commission noted that no OTP was received for the two disputed transactions and said the complainant’s complicity could not be presumed merely because he had downloaded the application.
RBI Guidelines Cited on Zero Liability
Referring to the RBI’s 6 July 2017 notification, the commission observed that customers have zero liability in unauthorised electronic banking transactions if the fraud is reported within the prescribed time frame. It said the information about the fraudulent transactions had been shared with the bank within the stipulated period.
The commission also noted that SBI had failed to establish concrete negligence on the part of the customer. It said banks cannot rely on perceived negligence to deny claims and must place reliable material on record to prove that a customer deliberately shared sensitive details such as OTPs, passwords or MPINs.
NCDRC further observed deficiencies in SBI’s response after the fraud was reported. According to the order, despite receiving a written complaint, the bank did not lodge a complaint with cybercrime authorities or initiate a chargeback request with the beneficiary bank. The commission said the bank appeared to have taken no meaningful action to protect the customer’s interests after being informed of the fraud.
The commission upheld the direction requiring SBI to re-credit ₹1.99 lakh to Banerjee’s account and pay ₹25,000 as compensation. It further directed that if the amount is not paid within four weeks, SBI will be liable to pay interest at 8 percent per annum from the date of default until realisation.
