Authored By: Tanmay Chaudhary
Kle Law College
Case Name: Pallabh Bhowmick v. State Bank of India
CITATION- 2025 Live Law (SC) 22
Date of Order: January 3, 2025
Bench: Headed by Justice J.B. Pardi Wala and Justice R. Mahadevan
Introduction
The case in question is Pallabh Bhowmick v. State Bank of India, where the Supreme Court of India upheld the Guwahati High Court’s decision ordering SBI to refund ₹94,204.80 to a victim of cyber fraud.
Case Background
- Incident: Pallabh Bhowmick, the victim, attempted to return a Louis Philippe blazer purchased online. He was contacted by a fraudster posing as customer service, who convinced him to install a malicious app. This app allowed unauthorized access to his SBI account, leading to fraudulent transactions that drained ₹94,204.80.
- Bank’s Response: Despite being informed within hours, SBI took no action and argued that the transactions occurred via Google Pay, a third-party app not recommended by the bank.
Legal Proceedings
- Guwahati High Court Ruling:
- The High Court criticized SBI for its lack of action despite prompt reporting by the victim.
- It cited RBI guidelines stipulating zero liability for customers in cases of unauthorized transactions caused by third-party breaches.
- SBI was ordered to refund the full amount lost.
- Supreme Court Decision:
- On January 6, 2025, the Supreme Court dismissed SBI’s appeal and upheld the High Court’s ruling.
- The bench, comprising Justice JB Pardiwala and Justice R Mahadevan, emphasized that all transactions linked to Bhowmick’s account were unauthorized and fraudulent.
- The court underscored SBI’s failure to use its technological resources effectively to prevent such fraud.
Key Legal Observations
- Zero Liability for Customers: Under RBI Circular (dated July 6, 2017), banks must refund unauthorized transactions reported within three days unless customer negligence is proven.
- Bank Accountability: The court held that banks are responsible for securing customer accounts and cannot shift blame to third-party apps.
- Customer Vigilance: While banks are liable for preventing fraud, customers must also remain vigilant and avoid sharing sensitive information like OTPs.
Implications
- Bank Responsibility:
- Banks must employ advanced technology and take proactive measures to detect and prevent unauthorized transactions.
- Failure to act promptly on fraud reports can result in legal liability.
- Consumer Protection:
- This judgment reinforces the principle of zero liability for victims of cyber fraud who report incidents promptly.
- It sets a precedent for holding financial institutions accountable for service deficiencies.
- Legal Precedent:
- The case establishes a significant precedent in Indian law regarding cyber fraud, emphasizing both customer rights and bank accountability.
Relevant Case Laws
- Hare Ram Singh v. Reserve Bank of India & Ors.[1]
- Case Summary: The Delhi High Court clarified financial institutions’ duties to protect customers and emphasized the need for banks to balance technological innovation with accountability. The court held SBI responsible for failing to act promptly on a customer’s complaint about unauthorized transactions, highlighting the bank’s fiduciary duty to protect customers3.
- Relevance: This case underscores the responsibility of financial institutions to safeguard customers against cyber fraud and ensure effective communication and assistance in cases of fraud.
- RBI Circular and Legal Provisions[2]
- Section 66C of the Information Technology Act, 2000: Deals with punishment for identity theft, applicable when attackers use victims’ personally identifiable information for fraudulent transactions2.
- Section 66D of the Information Technology Act, 2000: Pertains to punishment for cheating by personation using computer resources, relevant in cases where attackers impersonate victims online2.
- RBI Circular dated 06.07.2017: Specifies customer liability in unauthorized transactions, emphasizing banks’ responsibility to reverse payments if reported within a certain timeframe.
- ICICI Bank Ltd. vs. Pravin Kumar Agarwal[3]
Case Summary: The court ruled that banks must prove customer negligence to avoid liability for unauthorized transactions. This case underscores the principle that banks cannot shift liability without evidence.
Relevance: It reinforces the RBI guidelines on customer liability in unauthorized transactions.
These cases highlight the legal framework and judicial responses to cyber fraud in India, emphasizing the responsibilities of both banks and customers in preventing and addressing unauthorized transactions.
Analysis
Section 317 BNS: Stolen Property
- Definition and Scope:
- Stolen Property: This section defines stolen property as items obtained through theft, extortion, robbery, cheating, misappropriation, or breach of trust.
- Global Application: The designation applies even if the offense occurred outside India1.
- Offenses and Punishments:
- Dishonestly Receiving Stolen Property (Subsection 2): Imprisonment up to three years, a fine, or both.
- Receiving Property from Dacoity (Subsection 3): Life imprisonment or rigorous imprisonment up to ten years, plus a fine
- Habitual Dealing in Stolen Property (Subsection 4): Life imprisonment or rigorous imprisonment up to ten years, plus a fine.
- Assisting in Concealment or Disposal of Stolen Property (Subsection 5): Imprisonment up to three years, a fine, or both.
- Legal Implications:
- Non-Bailable Offenses: All offenses under this section are non-bailable1.
- Cognizable Nature: These offenses are cognizable, meaning police can arrest without a warrant.
Section 320. Whoever dishonestly or fraudulently removes, conceals or delivers to any person, or transfers or causes to be transferred to any person, without adequate consideration, any property, intending thereby to prevent, or knowing it to be likely that he will thereby prevent, the distribution of that property according to law among his creditors or the creditors of any other person, shall be punished with imprisonment of either description for a term which shall not be less than six months but which may extend to two years, or with fine, or with both.
- Dishonest or Fraudulent Intent:
- The primary element is the intention to deceive creditors by removing, concealing, or transferring property without adequate consideration.
- The action must be done with the intent to prevent or knowing it will likely prevent the distribution of property according to law among creditors.
- Removal or Concealment of Property:
- This includes physical removal, concealment, or transfer of property to another person without fair payment.
- The property can be tangible or intangible assets.
- Detriment to Creditors:
- The actions taken must harm the interests of creditors by preventing them from claiming the property or collecting debts owed.
- Punishment:
- The law prescribes a punishment of imprisonment for up to two years, a fine, or both.
Legal Implications
- Non-Cognizable Offense: Section 421 is a non-cognizable offense, meaning police cannot arrest without a warrant.
- Bailable Offense: It is a bailable offense, allowing the accused to seek bail.
- Triable by Any Magistrate: Cases under this section can be tried by any magistrate.
Relevance and Impact
Section 320 of BNS serves as a safeguard against fraudulent practices by debtors who attempt to evade their financial obligations by manipulating property ownership or availability. It ensures that creditors’ rights are protected and that assets are distributed fairly according to law.
Update on IPC Section 421:
As of July 1, 2024, IPC Section 421 has been replaced by BNS Section 320, which introduces a minimum mandatory punishment of six months imprisonment2. This change reflects ongoing legal reforms aimed at enhancing accountability and deterrence in financial fraud cases.
Conclusion
The Supreme Court’s ruling in favour of Pallabh Bhowmick is a landmark judgment that highlights the importance of banks adhering to RBI guidelines and protecting customers from cyber fraud. It serves as a reminder for individuals to report fraud promptly while urging banks to prioritize security measures.
Reference(S):
[1] W.P.(C) 13497/2022, 2024 SCC Del 8039
[2] RBI/2017-18/15 DBR.No. Leg.BC.78/09.07.005/2017-18
[3] O.A. No. 71 of 2018 and a decision date of July 23, 2019