Delhi HC Says Customers Clicking Suspicious Links Cannot Automatically Blame Banks
Delhi High Court Says Customers Clicking Suspicious Links Cannot Automatically Blame Banks for Cyber Fraud Losses
SociapaHQ
The Delhi High Court has held that bank customers cannot automatically hold banks liable for financial losses suffered due to cyber fraud, if they click on suspicious links despite repeated security warnings.
This was noted while hearing an appeal filed by the State Bank of India (SBI) in a case related to a customer who lost Rs 2.6 lakh in a phishing-related fraud. The Court explained that customer negligence in digital banking is not only restricted to sharing One-Time Passwords (OTPs) or login credentials but may also include clicking on suspicious links that jeopardise account security.
A Division Bench of Chief Justice Devendra Kumar Upadhyaya and Justice Tejas Karia noted that the Reserve Bank of India’s 2017 framework on unauthorised electronic banking transactions does not restrict negligence to instances where customers share passwords or OTPs. The Court has said that negligence can also be termed as clicking on unknown or suspicious links despite repeated advisories from banks and regulators, Story Board 18 reported.
Also Read: Puma, Zomato, Myntra Among Brands Reacting To RCB’s IPL Title Win
SBI Wins Appeal:
The case came about after an academic received messages and calls to click on a link to avoid disruption of banking services. Upon opening the link, two unauthorised transactions took place from his SBI account and he lost Rs 2.6 lakh. Later the customer argued that he did not share any OTPs and hence the bank should be held liable for the fraud.
Earlier, a single-judge bench had admitted the plea and directed SBI to refund the entire amount with interest. SBI challenged the order before a Division Bench stating that there was no evidence of any failure in the bank’s security systems.
The Division Bench agreed with the SBI and said that the issues relating to compromised credentials, malware attacks, OTP interception and system vulnerabilities need detailed technical and forensic examination. Such questions, the Court said, cannot be finally settled by writ proceedings alone.
Also Read: Plum BodyLovin’, Myntra Beauty Roll Out ‘Summer On Wheels’ In Mumbai
The Court also noted that no evidence was brought on record to prove that SBI violated security protocols prescribed by RBI. Without such materials, the entire responsibility could not be put on the bank.
The High Court accordingly set aside the earlier judgement and allowed the appeal of SBI.
The ruling emphasises the importance of customer vigilance in digital banking, while also highlighting that users have a responsibility to protect their accounts against emerging cyber threats.
