Research & Opinion
PNB Lost Case Before Adjudicating Authority, Ordered To Compensate Cyber Victim For Security Flaw
By Bivas Chatterjee in KOLKATA: The world is developing every day and we standing in this 21st century is entirely dependent upon the cyber virtual world. Therefore, it is the most essential stage to protect this cyber world against the unauthorised explorations and use of systems, networks, devices and many more like this.
In recent days, I had come across a case where an individual on the behalf of his company used to handle a bank account. In 2015, the victim on the behalf of his company had acquired a cash credit loan of ₹20 Lakhs in his Cash Credit bank account of Oriental Bank Commerce which is now Punjab National Bank (PNB). It was fraudulently drained out from the respective bank account through 4 RTGSs of ₹5 Lakhs without any concerned permission of the account holder (victim), since he had not received any certain OTP for these 4 fraudulent transactions in the respective registered mobile number of that bank account. After noticing these fraudulent transactions, the victim had approached the Banking Authorities for the fixation of these fraudulent transactions.
Every time, he had to return to the bank only with disappointment. Without getting any permanent and reliable solution from the respective Banking Authorities, the victim approached the police and finally filed a case after various trials of solving this matter on his owners consulting the bank himself in several attempts.
Considering the matter as negligible and the victim fully responsible for it, the banking officials of the respective bank totally neglected the issue and refused to take effective actions of proper investigation, they shifted the liability of these fraudulent transactions on the victim, setting themselves free. And this kind of actions by the bank is totally unacceptable. We, the Indian Citizen is totally dependent on these financial institutions for our economic issues and safety security of our crucial banking data and if these institutions response in such a neglecting manner, then one and only most important question will arise i.e., “whom the Indian Citizen can rely entirely upon for their economic issues?”
After the investigation team of the Cyber Police Station had filed a FRT, one crucial point had come in notice that the OTP’s of these fraudulent transactions had arrived at the fraudster’s Mobile Number instead of the victims.
Lastly, the victim customer filed a complaint before the Cyber Adjudicator, West Bengal constituted under section 46 of Information Technology Act. This is a forum seemingly quasi-judicial in nature but have power to resolve the dispute upto Rs. Five crores whether any person has violated any of the provisions of Information Technology Act, rendering him liable to pay penalty or compensation.
This case is paradigm of a huge cyber security lapse of the bank and it is also not justified that the common people (citizen) would have to bear all the liabilities of such illegal activities. Same issue had occurred in this case as well where the Banking Authorities had considered the victim liable for all the mishappened event and had also charged interest of amount more than 7 Lakhs from the victim. As every dark night gets over with a bright sunrise, here in this case as well the victim had got justice after these long years where it is held that the bank is liable and set the victim free from the liability of the repaying the interest in respective of cash credit loan of ₹20 Lakh as well as the bank is directed to repay already incurred loan amount more than ₹7 Lakh to the victim customer. Besides all these, the victim will also receive an amount of ₹40 Thousand as the penalty amount of this harassment.
The Cyber Adjudicator, West Bengal had clearly ordered that “No interest will count over 20 Lakhs by the respondent bank on said cash credit loan account of the complainant, will effect from this date of order and the money that has been collected till the date as an interest from the said account of the complaint, will be returned to the complaint’s account by the respondent bank forthwith after calculation of the interest till the date”.
In my humble opinion, as the data security or privacy has taken a very bad shape in various organisations, only such type of judgement can only make the Banking Authorities responsible with their activities and actions, because one will never become responsible if it is not aware of the reactions of their actions.