Shri A.K.Patra,President:

1. This Complaint is filed by the complainant named above alleging deficiency in service and unfair trade practice on the part of the Ops for mismanagement and loopholes in keeping security in the electronic banking system & for allowing dissemination of credential information detail of the complainant causing fraudulent transaction resulting financial loss and mental agony to the complainant.
2. Complainant has prayed for an order directing the O.Ps to pay Rs.41,533/- with interest @ 18% p.a  within a stipulated period of time and to pay Rs.1,00,000/- as compensation towards mental agony including cost of this litigation.
3. Heard .Perused the material available on record. We have our thoughtful consideration on the contention of the both parties.
4. Brief fact of the complaint is that , the complainant applied for a credit card with the Ops and after verification of all his detail , the Ops issued one credit card to the complainant bearing No.5396 0773 7024 7050 with a credit limit of Rs.42,000/-. It is contended that the Ops are under an obligation to secure the credential information of its customer. On 16.11.2021 the complainant received a phone call from 91-7408536448 and said caller introduced herself as the employee of the Ops/Bank . To an utter surprise the said caller could correctly render all the information of the complainant about his bank detail such as name, date of birth, Aadhar card number, credit  card number, credit card limit etc, without asking a single question to the complainant. This fraudster left no scope to the complainant to   doubt her /the caller. The complainant had no other option but to believe the caller as genuine as because she/caller have all the credential information with her and could correctly mentioned all the bank details. Thereafter, the caller informed the complainant that,she has a call to credit his yearly bonus as it is their Company policy to call each and every one. Apart from that, the caller further informed that as present there are various suspicious calls and in order to prevent from a suspicious call the employees are introduced to give full credential information to its customers so that the customer believe the caller genuine. Thereafter requested the complainant to give his OTP as this is needed  to identify the complainant as genuine customer which  would  credit as bonus in his account.
5.  It is further contended that, the caller has every detail regarding the credit card of the complainant. As such the  complainant believed her and share the OTP  and immediately an amount of Rs.41,533/- was deducted from his credit card and the caller disconnected the call. After that,  complainant repeatedly called to  that number but the phone was found switched  up. On the same day the complainant called  to the customer care service of the Ops and registered a complaint regarding the unauthorised transaction. In reply to which the complainant received a mail wherein he was informed that, his request is registered vide reference No.37912675 and his request would be preceded in two working days. On 17.11.2021 the complainant lodged FIR at Town Police Station , Bhawanipatna regarding said unauthorised transaction. On 18.11.2021 the Bank replied to the complainant that ,they have investigated into the matter and they are unable to resolved the issue. On 23.11.2021 the Ops  sent a mail to the complainant asking him to deposit Rs.41,533/- before the due date in his credit card account and further expressed their inability to resolved the grievance  shifting their burden  on the complainant though the Ops are under an obligation to protect the credential information of all customer  including the complainant.
6. The complainant alleged that, due to mismanagement , failure and loopholes in the system the credential information of the complainant got leak to fraudsters , who then plan  to trap the complainant and fraudulently withdrawn the amount from the  credit account of the complainant without any authorization which is nothing but unfair trade practice and deficiency in rendering fair service to the complainant and hence the Ops are liable to make good of the loss caused to the complainant and further the Ops are liable to pay an exemplary cost to set an example for their misconduct.
7. To substantiate his claim the complainant has filed the photo copy of the following documents:- (i)  A copy of FIR dt.17.11.2019(ii)  Credit Card statement of complainant,(iii) Mobile screen shot of the complainant regarding the credit card and detail of the complaint made to the Ops and conversation in this regard vide dispute No.37912320 with the Ops. The complaint averment is supported by an affidavit of the complainant.
8. On being notice, Ops appeared through their Learned Counsel Shri Manas Ranjan Mohanty & Associate and filed their written version denying the petition allegations on all its material particulars. However, the Ops have admitted the fact that, they have issued a Platinum Plus Super Card i.e. Credit Card to the complainant with   term and conditions duly accepted by the complainant. It is also not disputed that in November 2021 they received a complaint from the complainant regarding a fraudulent transaction of Rs.41, 533/- on the complainant Credit Card . It is submitted that, they/ops  have investigated the matter and vide their email dated 23.11.2021 informed the complainant that,        since the transaction was OTP enabled, the said transaction is deemed to be genuine and that, the complainant is liable to bear the same. It is further submitted that, the Ops are not liable to refund the same to the complainant in any manner. In consonance of the above submission the Ops submitted that, there is no cause of action arose against the Ops in as much as the Ops are not guilty of any deficiency of service as alleged in the complainant and with this submission the Op urged to dismiss the complaint with cost.
9. The Ops further submitted that, the question raised by the complainant regarding his personal information with the knowledge of the miscreant, is a matter of investigation and it is a criminal part /activities which comes under Cyber Crime. The Ops are not competent to casts any comment on it. It is further submitted that, sharing of OTP with fraudster is the personal choice of the complainant and there the Ops have no role to play. They never asked for OTP to any customer. If the complainant share OTP with any one and got loss it is his own fault for which the Ops shall not be held liable since it was OTP enable transaction. The complainant is liable to pay the same under the term and condition of the Credit Card Membership Agreement.
10. Admittedly, the complainant applied for a Credit Card with the Ops and after verification of all his details the Ops issued a Platinum Plus Super Card bearing No.5396 0773 7024 7050 of  a limit of Rs.42,000/- with certain terms and conditions as stipulated in the credit card membership agreement. It is also not disputed that, the Ops have an obligation to secure the credential information of its customer. Law is well settled that, it is the obligation of the Bank providing such service, to create a safe electronic banking environment to combat all forms of malicious conducts resulting in loss to their customers.
11. Here in this case, the complainant has admitted the fact that ,he shared OTP and taking advantage of such admission of the complainant the Ops have taken defence that, since this is an OTP enable transaction the complainant is liable to pay the same and that sharing of OTP with fraudster is the personal choice of the complainant and that, the Ops never asked for OTP to any customer over phone and that , if complainant share OTP with anyone then the Ops have no role to play but here the Ops have ignored the fact & circumstances under which the complainant have believed the caller as an employee of the Ops and thereupon only he shared the OTP with the caller. There is no explanation put forth by the Ops to the question of the complainant  made in Para-11 of the complaint petition that, how could a fraudster got all the banking credential information  of the complainant which was shared by the complainant with the OP Bank at the time of applying  for the credit card i.e. name, date of birth, Aadhar card number, and later information i.e. credit card number, credit card limit etc. all of those are correctly  rendered to the complainant by the caller without asking any single question to the complainant. The facts stated in Para 4(four)  of the complaint petition remain unanswered /unchallenged even failed to prove that the Bank /Ops have make the customer alert in this regard rather averment of the complaint is proved on affidavit of the complainant while presenting the complaint.
12. The Learned Counsel for the complainant draw our attention on the settle principle of law pronounced by the higher judiciary. He has cited the following decision to substantiate his submission that, the Ops should have taken precaution to secure the customer/complainant’s data and that the Bank cannot recover from the customers the amount lost by them through online fraud.
13. We have gone though the judgment of higher judiciary as cited by the Learned Counsel for the complainant in his notes of argument. In M/s Sucheta Charudatta Dhekane Vs Bank of Maharashtra, the Hon’ble Central Information Commission, New Delhi held that, “Banking application running in the branches and customers data at the time of opening the account and any transaction relates to the customers data is through the CBS application. The customer’s data is stored in Bank’s data centre in a secured environment.”
14. In  State Bank of India Vs P.V.Geroge, the High Court of Kerala held that, Banks  liable for unauthorised withdrawals even if customer did not respond to SMS alert.
15. In Tony Enterprises Vs Reserve Bank of India, the Hon’ble Court of Kerala held; “banks cannot recover from customers the amount lost by them through online fraud”.
16. In Pradeep Kumar & Another Vs Post Master General & another the Hon’ble Supreme Court of India held that ;  “Bank can be held liable for fraud or wrong committed by its employee”.
17. In Neeraj Mandal @ Rakesh Vs State of U.P, the Hon’ble Court of Allahabad held that : “ people depositing money in Banks are honest, Bank have to take responsibility for cyber crimes”.
18. Based on the above discussion and in view of settle of principle of law, the submission of the Ops that, the question raised by the complainant regarding his personal information within the knowledge of miscreant, is a matter of investigation and it is a criminal part/activity which comes under cyber crime and that, the Ops are not competent to cast any comments on it is not acceptable.
19. Admittedly sharing of OTP to anyone is the choice of the complainant and he became prey of the fraudster by sharing of OTP due to his innocence & utmost trust on the bank /op. However,  no evidence is placed on record by the Ops that they have ever made alert to their  consumer/complainant in any manner at the time of issuing of Credit Card or later at any point of time regarding chance of such fraudulent call  so also ops have  failed to adduced any evidence to hold that, they have initiated any departmental enquiry to ascertain the truth on the grievance of the complainant  there mentioned in Para 11 (eleven) of the complaint petition that, when the opposite parties are under an obligation to protect all the credential information of the customer how could a fraudster got the banking credential information of the complainant and made the complainant  prey of the fraudulent transaction . No satisfactory answer is put forth by the Ops in this regard. Hence, the contention of the Ops that, question raised by the complainant regarding leakage of his personal information to the third party fraudster/miscreant is matter of investigation and ait is criminal part /activity which comes under cyber crime is not acceptable.   Reference may also be drawn to circular  bearing No.DBR.No.Leg.BC.78/09.07.005/2017-18 dated 6^th July,2017, issued by the Reserve Bank of India to all commercial banks, wherein it is stated as under :’-

“6.A customer’s entitlement to zero liability shall arise where the unauthorized transaction occurs in the following events:

2. Contributory fraud/negligence/deficiency on the party of the bank ( irrespective of whether or not the transaction is reported by the customer).

3.Third party branch where the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system and the customer notifies the bank within three working days of receiving the communication from the bank regarding the unauthorised transaction”.

The aforesaid RBI circular as well decision of the Honourable Commission in Punjab National Bankand Anr. Vrs Leader Valyes II(2020) CPJ 92(NC) are bothsquarely applicable in the present matter. lIPunjab National Bank and Anr. V Leader Valyes II (2020) CPJ 92 (NC), before the Honourable Commission while addressing the question of liability of a Bank in case of unauthorized and fraudulent electronic banking transactions, has observed as under:

”11. The first fundamental question that, arises is whether the Bank is responsible for an unauthorized transfer occasioned by act of malfeasance on the part offunctionaries of the Bank or by any act of malfeasance by any other person(except the complainant/account holder). The answer straightway is the affirmative. If an account is maintained by the Bank the Bank itself is responsible for its safety and security. Any systemic failure, whether by malfeasance on the part of its functionaries or by any other person except the consumer/account holder is its responsibility and not of the consumer”.

       18.    Based on above facts & circumstances and settled principle of law, we are of the opinion that, there is  deficiency in service & unfair trade practice on the part of the Ops for mismanagement and loopholes in keeping security in the electronic banking system allowing  dissemination of credential information detail of the complainant to the third person / fraudster  who caused fraudulent transaction taking advantage of innocence & utmost trust on the bank /op   resulting financial loss and mental agony to the complainant for which the complainant is entitled to be compensated by the Ops by way of restoring the said loss amount of Rs. 41,000/- with accrued interest there in  and   by restraining themselves from demanding repayment of said amount to the complainant .And further liable to  pay minimum Rs. 10,000/ towards cost of this litigation .Claim of the complainant is in higher side as such allowed in part. Hence it is ordered.

                                                   ORDER

       This consumer complaint is allowed in part against the Ops on contest with the following direction:

              The Ops are directed to restore the afore said loss amount of Rs. 41,533/- with accrued interest there in to the credit of the complainant and be restrained themselves from demanding repayment of said amount or interest therein from the complainant with acknowledgement due to the complainant .And further directed to  pay Rs. 10,000/ towards cost of this litigation to the complainant  .

              The Opposite Parties are further directed to comply this order within four weeks from the date of receipt of this order, failing which the Ops are liable to pay Rs.500/- per day to  the complainant till compliance of this order. This consumer complaint is partly allowed in the above term against the Ops on contest. Pending application if any is also stand disposed of.

        Dictated and corrected by me.                                                                                  

                          President

                          I   agree

                                    Member    

                 Pronounced in open Commission today on this  19^th  day of April  2023  under the seal and signature of this Commission. The Pending application if any is also disposed off accordingly.

                 Free copy of this order be supplied to the parties for their perusal or party may download the same from the Confonet be treated as copy served to the parties. Complaint is disposed of accordingly.