Shri A.K.Patra,President:

1. This Complaint is filed by the complainant named above alleging deficiency in service and unfair trade practice on the part of the Ops for mismanagement and loopholes in keeping security in the electronic banking system & for allowing dissemination of credential information detail of the complainant which caused two fraudulent transaction i.e. Rs.13,921/- and Rs.46,062/- respectively on the same day i.e. on 22.01.2021resulting financial loss and mental agony to the complainant.
2. Complainant has prayed for an order directing the O.Ps to pay Rs.2,80,899/- with interest @ 12% p.a  from the date of alleged fraudulent transaction  within a stipulated period of time and to direct the respondents not to hold the personal account of the complainant bearing SB  A/C No. 30899924764 and not to deduct any amount from the personal account of the complainant and not to charge any interest for the said fraudulent transaction and further  pay for compensation towards loss on fraud transaction  and  compensation towards mental agony including cost of this litigation.
3. Heard .Perused the material available on record. We have our thoughtful consideration on the contention of the both parties.
4. Brief fact of the complaint is that , the complainant is a consumer of Opp.Party No.1 having  Saving Bank Account vide A/c No.30899924764 and considering her credibility, the Opp.Party Bank  issued a Credit Card bearing No.4726 4282 4416 4677  on dt.16.01.2021  with a transaction limit of Rs.60,000/-.The complainant received the said  Card on dt.22.01.2021  and on  the same day one of the staff  of the Opp.Parties  asked the complainant  to  receive a call  of  verification for  activation of   the credit card  and to update the KYC at Bank. Accordingly, the complainant received a call from one SBI Pankaj Mishra and another call from Card verification department on 22.01.2021 at about 1.45 and 2.55 p.m respectively . The complainant did not suspect any foul play & answered him as he   confirmed the name of the complainant, date of birth and card number of the complainant. The staff in charge asked the complainant to download an App MOBIWIK where from she could know the details  of the card and on such direction the complainant knew about the fraudulent transfer of two transaction i.e. Rs.13,921/- and Rs.46,062/-  on the same day i.e. on 22.01.2021 for which  the complainant  requested the Opp.Party NO.1  to block the Card and made  a complaint  to take necessary steps for tracing & recovery of the fraudulent transaction. She also lodge an FIR before the IIC, Town PS. Bhawanipatna  vide PS Case No.60 of 2021  dt.11.02.2021 U/s 419,420 IPC r/w Sec.66 ( c)(d) of IT Act,2000.
5. It is further contended that, the complainant has never applied  for reissue  of another credit card but the Opp.Party Bank has  reissued the duplicate one and deducted Rs.100/- from the account of the complainant. Due to such negligent attitude of the Ops and for unsecured system of the Credit Card the complainant is put to fraudulent financial loss which she has not transacted, she suffered financial loss, mental agony & harassment . It is further state that ,cause of action arose on dt.13.02.2021 vide Service Request  No 110522 4739940 when the respondents expressed their inability through  a mail to process the complain  & unable to take any steps in favour of the complainant .Hence, this complaint.
6. On being notice, Opp.Party No.1 appeared through their Learned Counsel Shri S.K.Agrawal and filed their written version denying the petition allegations on all its material particulars.
7. The Opp.Party No.2 is deleted as per the application of the complainant vide order dt.15.07.2022.
8. The Opp.Party No.3 failed to file their written version but they have filed evidence affidavit of one Mar.Subraty Mishra , Authorized Signatory of SBI cards & Payment Services Ltd which has got no evidentiary value without pleading as such it may not be taken into consideration.   
9. The Opp.Party No.1 submitted that, State Bank of India and SBI Card & Payment Services Private Limited are two separate legal entities and they can sue or can be sued separately and they are two separate managements. State Bank of India is carrying on retail banking   and on the other hand, the SBI Card & Payment Services Pvt. Ltd. is a Company which used to deals in issuance of SBI Credit Card through its agencies. State Bank of India never persuades its customer to have SBI credit Card as the same is not the function of the Bank. The case filed against the Opp.Party 1/Bank is bad in the eye of law as he has nothing to do while issuing of the credit card and as such the Opp.Party No.1/Bank is not a necessary party in the present complaint.  It is further submitted that, the complainant has applied for a Credit Card to the SBI Cards Division and they have issued   the same. The Opp.Party No.1/Bank has no role to play nor has the Bank ever asked any of its customers to have a SBI Card as because SBI Cards department is a separate entity. The Opp.Party No.1/Bank   has not engaged or employed any one for the purpose of issuance of cards nor for the purpose of KYC verification and as such there is no question of telling the complainant that, a call of verification will be received by the petitioner for activation of the card. The complainant herself has stated that, the caller has asked her about her name, date of birth and card number then at the same time she must have shared the OTP to the caller which is against the principle, the complainant might have shared the same out of ignorance; but the same is not an excuse. The Opp.Party No.1/Bank has never asked the complainant to download the “App” to know the details of the transaction.  The complainant has never requested the Opp.Party NO.1/Bank to block the card nor has the Opp.Party No.1/Bank issued any further card to the complainant. Hence, prayed to drop the proceeding against the Opp.Party No.1.
10. The Opp.Party No.3 failed to file its written version but affidavit evidence of one Mar.Subraty Mishra , Authorized Signatory of SBI cards & Payment Services Ltd that, the OP 3 had issued SBI Card bearing No.0004726428244164677 to the complainant on receipt of application from the complainant in the month of January, 2021 and the said card was debited with two transactions dated 22.01.20221 Rs.46,062/- and Rs.13,921/-  respectively at MARCHANT MOBIKWIK. After receipt of complaint from the complainant regarding disputed transaction, the matter was sent for further investigation and on the basis of internal investigation, it is found that, the transaction were performed in a secured manner and the same has been validated by his SBI Card details  and dynamic OTP delivered on his registered mobile number stating “please do not share with anyone” and in such scenario, the case of the complainant  was closed as per VISA Rule. It is further state that ,  any card  transaction cannot be done without confidential details  of the card i.e. card expiry date, CVV  where the Opp.Party always advise their cardholders not to share their card details and the Opp.Party  has also implemented Dynamic OTP as an additional  factor of authentication for online  Card transaction  providing enhanced level of security. It is  further state  that, in this case, the details were shared with third party, post which said transactions were conducted. In view of the above, no cause of action arose in favour of the complainant to present this complaint; hence complaint is liable to be dismissed. The Opp.Party No.3 failed to file their W.V as such the contention of the said affidavit got no evidentiary value in want of pleading .Hence, it may not be taken into consideration.  
11. No evidence on affidavit as prescribe under C.P.Act 2019 is file by the O No 1/Bank authority to substantiate their claim.
12. The complainant, to substantiate his claim, has filed the photo copy of the following documents:- (i)  A copy of Credit Card and FIR dt.11.02.2021,(ii) Copies  of SMS particulars received on different date,(iii) copy of credit card transaction details (iv) copy of Bank passbook. The averment of Complainant petition is supported by an affidavit of the complainant remain unchallenged/un-rebutted.
13. The facts that, the complainant applied for a Credit Card with the Ops and after verification of all his details the Ops issued a Credit Card bearing No. 4726 4282 4416 4677 on dt.16.01.2021 with a transaction limit of Rs.60,000/-  is not disputed. It is also not disputed that, the Ops have an obligation to secure the credential information of its customer. Law is well settled that, it is the obligation of the Bank providing such service, to create a safe electronic banking environment to combat all forms of malicious conducts resulting in loss to their customers.
14. Here in this case, the complainant has admitted the fact that ,he answered the caller after conforming her name, date of birth and card number only  and taking advantage of such admission of the complainant the Ops have taken defence that, since this is an OTP enable transaction the complainant is liable to pay the same and that, sharing of OTP with fraudster is the personal choice of the complainant and that, the Ops never asked for OTP to any customer over phone and that , if complainant share OTP with anyone then the Ops have no role to play but here we found that, the Ops have ignored the fact & circumstances under which the complainant have believed the caller as an authorise personnel of the Ops and thereupon only he shared information  with the caller. There is no explanation put forth by the Ops to the question of the complainant   that, how could a fraudster got all the banking credential information of the complainant which was given to the OP 1/ Bank by the complainant only at the time of applying for the credit card  i.e. her name, date of birth, and the credit card number, credit card limit etc. all of those are correctly spell/render to the complainant by the caller without asking any single question to the complainant. The facts stated in the complaint petition remain unanswered /unchallenged even the OPs failed to prove that, the Bank /Ops have make the customer alert in this regard rather averment of the complaint is proved on affidavit of the complainant while presenting the complaint and also proved by an additional affidavit evidence filed by the complainant during hearing of this case remain unchallenged /un-rebutted.
15. No scrap of paper is placed on record containing any terms & condition serve to the complainant while issuing of the allege Credit Card though the ops have claimed that, credit car is issued under certain terms & conditions. The Ops have failed to proved that any OTP with respect to allege two transaction has ever generated to the complainant .Nothing material is place on record to hold that, the Ops have ever taken  any pain to inquired the matter on receiving of grievance of the  complainant .Rather the copy of mail detail dt. 24.03.2021 placed on record remain unchallenged clearly proved negligence and unauthorised claim of repayment of Rs.64,924.45
16. The submission of the learned counsel for the complainant  may not be disputed that, the complainant has availed the allege Credit Card being an account holder of the Op 1/Bank and keeping  trust upon his banker who introduce  the OP3 /SBI Card & payment Service Ltd . His further submission that , the OPs are in connivance to each other to sell the Credit Card fraudulently by mis-utilising the “good will” of the State Bank of India (SBI) and keeping trust upon the SBI/ Bank the complainant became prey of the fraudster may not be discarded.
17. The Learned Counsel for the complainant also draws our attention on the settle principle of law pronounced by the higher judiciary. During hearing of this case he has cited the many  decision  of the higher judiciary to substantiate his submission that, the Ops should have taken precaution to secure the customer/complainant’s data and that the Bank cannot recover from the customers the amount lost by them through online fraud.
18. We have gone though the judgment of higher judiciary as cited by the Learned Counsel for the complainant during his argument.
19. In M/s Sucheta Charudatta Dhekane Vs Bank of Maharashtra, the Hon’ble Central Information Commission, New Delhi held that, “Banking application running in the branches and customers data at the time of opening the account and any transaction relates to the customers data is through the CBS application. The customer’s data is stored in Bank’s data centre in a secured environment.”
20. In  State Bank of India Vs P.V.Geroge, the High Court of Kerala held that, Banks  liable for unauthorised withdrawals even if customer did not respond to SMS alert.
21. In Tony Enterprises Vs Reserve Bank of India, the Hon’ble Court of Kerala held; “banks cannot recover from customers the amount lost by them through online fraud”.
22. In Pradeep Kumar & Another Vs Post Master General & another the Hon’ble Supreme Court of India held that; “Bank can be held liable for fraud or wrong committed by its employee”.
23. In Neeraj Mandal @ Rakesh Vs State of U.P, the Hon’ble Court of Allahabad held that : “ people depositing money in Banks are honest, Bank have to take responsibility for cyber crimes”.
24. Based on the above discussion and in view of settled principle of law, the submission of the learned counsel for the Ops that, the question raised by the complainant regarding his personal information within the knowledge of miscreant, is a matter of investigation and it is a criminal part/activity which comes under cyber crime and that, the Ops are not competent to cast any comments on it is not acceptable.
25. Admittedly sharing of OTP to anyone is the choice of the complainant and he became prey of the fraudster by sharing of OTP due to his innocence & utmost trust on the bank /op. The Ops have failed to proved that ,any OTP with respect to allege two transaction has ever generated to the complainant .No evidence is placed on record by the Ops that, they have ever made alert to their  consumer/complainant in any manner at the time of issuing of Credit Card or later at any point of time regarding chance of such fraudulent call  so also ops have  failed to adduced any evidence to hold that, they have initiated any departmental enquiry to ascertain the truth on the grievance of the complainant   mentioned there in  the complaint petition that, when the opposite parties are under an obligation to protect all the credential information of the customer how could a fraudster got the banking credential information of the complainant and made the complainant  prey of the fraudulent transaction i.e two unauthorized transactions dated 22.01.2021 Rs.46,062/- & Rs.13,921/-  respectively at MARCHANT MOBIKWIK. No satisfactory answer is put forth by the Ops in this regard. Hence, the contention of the Ops that, question raised by the complainant regarding leakage of his personal information to the third party fraudster/miscreant is matter of investigation and it is criminal part /activity which comes under cyber crime is not acceptable.  
26. Reference may also be drawn to circular  bearing No.DBR.No.Leg.BC.78/09.07.005/2017-18 dated 6^th July,2017, issued by the Reserve Bank of India to all commercial banks, wherein it is stated as under :’-“6.A customer’s entitlement to zero liability shall arise where the unauthorized transaction occurs in the following events:-2. Contributory fraud/negligence/deficiency on the party of the bank (irrespective of whether or not the transaction is reported by the customer).3. Third party branch where the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system and the customer notifies the bank within three working days of receiving the communication from the bank regarding the unauthorised transaction”.
27.  Here in this case, the matter of said two fraudulent transaction dated 22.01.2021 for an amount of Rs.46,062/- and Rs.13,921/-  respectively is immediately reported to the OP/Bank and also lodged FIR before the Town PS Bhawanipan and in the service centre of OP/Bank vide request No. 1105224739940 is proved . As such aforesaid RBI circular as well as decision of the Honourable  Commission in  Punjab National Bank  and Anr. Vrs  Leader Valyes II(2020) CPJ 92(NC) are both  squarely applicable in the present matter.
28.  In  Punjab National Bank and Anr. V Leader Valyes II (2020) CPJ 92 (NC), before the Honourable Commission while addressing the question of liability of a Bank in case of unauthorized and fraudulent electronic banking transactions, has observed as under:-“ 11. The first fundamental question that, arises is whether the Bank is responsible for an unauthorized transfer occasioned by act of malfeasance on the part of  functionaries of the Bank or by any act of malfeasance by any other person(except the complainant/account holder). The answer straightway is the affirmative. If an account is maintained by the Bank the Bank itself is responsible for its safety and security. Any systemic failure, whether by malfeasance on the part of its functionaries or by any other person except the consumer/account holder is its responsibility and not of the consumer”.
29. Based on above facts & circumstances and settled principle of law, we are of the opinion that, there is  deficiency in service & unfair trade practice on the part of the Ops for mismanagement and loopholes in keeping security in the electronic banking system allowing  dissemination of credential information detail of the complainant to the third person / fraudster  who caused said two fraudulent transaction taking advantage of innocence & utmost trust on the bank /op 1   resulting financial loss and mental agony to the complainant for which the complainant is entitled to be compensated by the Ops by way of restoring the said loss amount of Rs.59,983/- with accrued interest there in  and   by restraining themselves from demanding repayment of said amount to the complainant .And further liable to  pay compensation for mental agony  along with cost of this litigation .Claim of the complainant is in higher side as such allowed in part. Hence it is ordered.

ORDER

This consumer complaint is allowed in part against the Op 1&3 on contest with the following direction:-The Ops NO.1&3 are here by directed not to hold the personal account of the complainant bearing SB A/C No. 30899924764 and not to deduct any amount from the personal account of the complainant towards repayment of the said two fraudulent transaction dated 22.01.2021 i.e. Rs 59,983/- or any interest accrued there with the said amount. The OPs are further directed to restore the amount to the SB A/C of the complainant deducted if any from the account of the complainant towards repayment of said fraudulent transaction, The Opposite Parties are further directed to comply this order within 45 days of receipt of this order, failing which the Ops are liable to pay Rs.200/- each per day to  the complainant till compliance of this order. No order as to cost and compensation.

Dictated and corrected by me.                        

 President

             I   agree

                            Member    

  Pronounced in open Commission today on this 16^th   day of August   2023 under the seal and signature of this Commission. The Pending application if any is also disposed off accordingly.  Free copy of this order be supplied to the parties for their perusal or party may download the same from the Confonet be treated as copy served to the parties. Complaint is disposed of accordingly.