⚖️ Supreme Court Decisions

ICICI Bank v. Official Liquidator of APS Star
Supreme Court
2012 | Civil Appeal
Facts: Question arose regarding bank's duty of care in electronic fund transfers and whether banks can shift burden of proof entirely to customers in fraud cases.
Held:

Banks owe a fiduciary duty to customers. In electronic transactions, banks have heightened obligation to ensure security. Banks cannot simply disclaim liability by pointing to customer's access to internet banking. The bank must demonstrate it took adequate security measures.

Key Takeaway: Established that banks have heightened duty of care in electronic banking; burden of proving customer negligence lies on bank.

⚖️ High Court Decisions

Cosmos Cooperative Bank Cyber Heist
Pune
2018 | ₹94 Crore Fraud
Facts: Hackers breached Cosmos Bank's ATM switch and SWIFT system. In a coordinated attack, they withdrew ₹94 crore through 14,000+ ATM transactions across 28 countries and fraudulent SWIFT transfers to Hong Kong.
Held:

Bank's core banking system was compromised. The attack exploited vulnerabilities in the ATM switch and bypassed normal authentication. Bank held responsible for system security failures. Demonstrated need for robust cyber security infrastructure.

Key Takeaway: Banks must ensure end-to-end security. Third-party vendor/system failures don't absolve bank's liability to customers.
Punjab National Bank Scam
Multiple Forums
2018 | ₹14,000 Crore
Facts: Bank employees issued unauthorized Letters of Undertaking (LoUs) through SWIFT system without recording them in the Core Banking System. The fraud continued for 7 years undetected.
Held:

Massive internal control failure. Bank's systems should have flagged mismatches between SWIFT messages and CBS records. Employee fraud at senior level indicates failure of supervision and audit mechanisms.

Key Takeaway: Banks responsible for internal control failures; audit and reconciliation systems must be robust.

⚖️ Consumer Forum Decisions

Citibank Gurgaon Fraud
NCDRC
2015 | ₹300+ Crore
Facts: Citibank's relationship manager Shivraj Puri siphoned off ₹300+ crore from HNI customers through forged signatures and unauthorized fund transfers over several years.
Held:

Bank vicariously liable for employee fraud. Failure to implement adequate checks on large transactions and failure to verify customer authorization. Bank directed to compensate affected customers.

Key Takeaway: Banks are vicariously liable for employee misconduct; KYC and transaction verification duties are non-delegable.
SBI v. Customer (OTP Fraud)
Consumer Forum
2020
Facts: Customer received call from sophisticated fraudster impersonating bank official. Under pressure, customer shared OTP for "blocking suspicious transaction." Bank argued customer negligence.
Held:

While sharing OTP is generally customer negligence, context matters. The sophistication of social engineering and whether bank had adequate customer education programs are relevant factors. Partial liability allocated.

Key Takeaway: OTP sharing doesn't automatically mean full customer liability; sophistication of fraud and bank's awareness programs matter.
M/s Manmohan Machines v. Citibank
Delhi State Commission
₹38 Lakh Fraud
Facts: Multiple unauthorized fund transfers from company account. Bank failed to implement velocity checks or flag unusual transaction patterns. Company had basic internet banking access.
Held:

Bank liable for ₹38 lakh. Customer's mere access to internet banking doesn't absolve bank's duty to implement fraud detection. Bank should have flagged unusual patterns and verified with customer.

Key Takeaway: Banks must implement velocity checks and anomaly detection; unusual patterns should trigger verification.

📋 Key Legal Principles Established

📌 Principles from Case Law
  • Fiduciary Duty: Banks owe heightened fiduciary duty in electronic transactions
  • Burden of Proof: Bank must prove customer negligence, not vice versa
  • Vicarious Liability: Banks liable for employee fraud and misconduct
  • System Security: Banks responsible for end-to-end system security
  • Context Matters: Customer "negligence" must be evaluated in context of fraud sophistication
  • Detection Duty: Banks must implement fraud detection and alert systems
  • Non-Delegable Duty: Security obligations cannot be contracted away or delegated

📝 Part 11.7 Quiz

Q1: Cosmos Bank heist amount:

Q2: PNB scam amount was approximately:

Q3: ICICI Bank v. Official Liquidator established:

Q4: Citibank Gurgaon case established:

Q5: In fraud cases, burden of proof lies on:

Q6: Cosmos Bank attack exploited:

Q7: PNB fraud involved unauthorized:

Q8: M/s Manmohan v. Citibank highlighted need for:

Q9: Bank's security obligation is:

Q10: Customer sharing OTP in sophisticated fraud: