The National Consumer Disputes Redressal Commission (NCDRC) has directed the State Bank of India (SBI) to refund nearly ₹12.93 lakh lost in a digital banking fraud, ruling that the case falls under the Reserve Bank of India’s (RBI) “zero liability” framework. The commission also upheld compensation and interest in favour of a retired Bengaluru professor whose account was allegedly accessed through unauthorised transactions.
Case background and consumer’s claim
The case was heard by an NCDRC bench, which dismissed SBI’s appeal against concurrent orders of the district and state consumer commissions that had already held the bank liable for the loss.
The complaint was filed by K P Sreenath, a retired professor of Botany from Bangalore University, who alleged that ₹12.93 lakh was withdrawn from his SBI account without authorisation through multiple transactions. He maintained that he had not shared any confidential banking credentials and that the fraud occurred due to systemic security failures.
FCRF’s Flagship Cyber Law Certification Returns With a New Four-Week Cohort
SBI’s defence and why it failed
SBI, however, argued that the transactions took place due to customer negligence. The bank claimed that the complainant may have shared sensitive details such as OTPs or Aadhaar-related information with fraudsters. It also contended that SMS alerts were sent to the registered mobile number and that the customer failed to report the fraud in time, thereby making him liable for the loss.
The NCDRC rejected these arguments, observing that SBI failed to produce any concrete technical records or digital logs proving that the complainant had shared OTPs or other credentials. The commission further noted that merely sharing Aadhaar details cannot be equated with compromising banking authentication credentials.
RBI ‘zero liability’ and burden of proof
Referring to the RBI’s circular on “Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions,” the commission held that the complainant was entitled to “zero liability” protection under Paragraph 6(ii). It reiterated that the burden of proving customer negligence lies with the bank, not the customer.
The commission also observed that the complainant had reported the fraud within the permissible time frame after discovering the unauthorised transactions. This strengthened his eligibility for full protection under RBI guidelines.
Directions to SBI: refund, interest and compensation
The tribunal upheld the findings of the lower consumer forums, which had concluded that the fraud resulted from deficiencies in banking security systems rather than any fault on the part of the customer. It directed SBI to refund the entire amount along with applicable savings bank interest calculated from the date of each fraudulent debit until repayment is completed.
In addition, the bank has been ordered to pay ₹25,000 as compensation for mental harassment and ₹10,000 towards litigation costs.
According to the complaint, the retired professor had deposited nearly ₹25 lakh in his SBI account after retirement in 2017. In March 2019, he attempted to transfer funds through RTGS, which allegedly failed without proper notification. Subsequently, between April 12 and April 30, 2019, multiple unauthorised withdrawals were carried out from his account.
He later discovered the fraud during a branch visit and promptly lodged complaints with the bank, cybercrime authorities, police, and the banking ombudsman.
The ruling is being seen as an important precedent in digital banking security disputes, reinforcing that banks must demonstrate clear evidence of customer negligence to avoid liability. It also strengthens consumer protection in cases involving online banking fraud, where fraudulent actors exploit systemic vulnerabilities rather than direct customer error.
