Bank Email ID Hacking Case: Suppose a customer’s registered e-mail id is hacked and he informs about it to the bank. But the bank fails to stop accepting any request from the hacked id despite receiving complaint from the customer. Can the bank escape penalty in such a case? In a similar case this week, the National Consumer Disputes Redressal Commission (NCDRC) ruled against the bank and upheld the decision of the State Commission, which had returned the lost amount to the customer along with interest.
At a time when bank fraud cases are being reported daily, this is an interesting case decided by the apex consumer body. Here’s a look at the case:
Vijayakumaran Raghavan, an expatriate businessman settled in Qatar, had lost around Rs 48 lakh in 2012 due to carelessness of the bank, which failed to act even after he informed them that his registered email-id was hacked. The bank tried to get away by trying to prove that the customer was at fault. However, the State Commission ruled in favour of Raghvan.
Raghavan was a customer of a public sector bank at its Third Opposite Party Branch by having three NRE Accounts. Raghavan used to do his correspondence through e-mail id. On April 4, 2012, he learnt that his e-mail id was hacked by some unknown fraudster. He intimated the bank about it on the next day through another email id and also asked the bank to not entertain any request from the hacked id. The bank received the mail from Raghavan and duly acknowledged it. However, Raghavan later found that US$86,500 (around Rs 48,25,671) was debited from his account by way of closing the NRE fixed deposit. The amount was transferred through the NRE account to some other bank abroad.
The transaction was allowed by the bank without giving any prior information or instruction to him. Raghavan then asked the bank for an explanation of the discrepancy, to which the bank said that transactions were carried out as per his instructions.
What the bank claimed
The bank had transferred the amounts on the instructions received from the hacked email id. When Raghavan asked the bank to rectify the mistake and return the transferred amount, the lender responded by acknowledging it had received intimation regarding the hacked email id. However, it claimed, the hacked id remained the registered email id in bank records as the alternative e-mail id was not registered.
In its statement, the bank claimed to be unaware about the hacking of his e-mail id by unknown fraudster. On 27.04.2012, it received an e-mail from the customer through another email id, informing them that someone had hacked his registered e-mail id and requested them not to entertain any request from the said e-mail. After receiving the e-mail, the Bank had telephonically contacted the Complainant and requested him to send a written confirmation. However, such written confirmation was not received by the Bank. The bank said, “Complainant did not register any alternative e-mail id with the Bank and thus the Bank was well within its right to act upon the communication received from registered e-mail id and Bank acted upon the instructions received from the said registered e-mail id in the normal course of prudent banking transactions.” On receiving information about the disputed transactions, the bank had reported the matter to police.
The NCDRC said that the bank should have taken due care and caution after being informed by the bank that his email-id was hacked. ” Having obtained the request from the Complainant who is an NRI and whose transactions are done normally with instructions from an e-mail and the Complainant had specifically instructed on 27.04.2012, the Bank ought to have communicated to the Complainant and take steps and exhibited due care and caution in adhering to the instructions given by the Complainant, when there is an admission that the e-mail has been received by the Bank.”