Bank to pay NRI couple Rs 40 lakh over unauthorised funds transfer

The state department of information technology (IT) recently ordered a public sector bank to pay Rs 40 lakh as compensationto two non-resident Indians (NRIs) who were victims of email hacking and subsequent unauthorised transfer of funds from their account.

In his order, Rajesh Aggarwal, the IT department's outgoing principal secretary and adjudicating officer, said that the complainant had been conducting transactions with the banks only through emails, "which is an insecure way of doing things. Mechanisms like alternate email, SMS alerts etc. were not used. The complainant had also not informed the bank about his defunct mobile number. Hence both the complainant and the respondent bank have to share the blame."

Complainants Chander and Romi Kalani are senior citizens and NRIs who hold a joint NRE account and fixed deposits with the State Bank of India (SBI). When Chander, who had not opted for services like transaction requests through email or phone, Internet or phone banking, visited the SBI branch at Bandra on December 13, 2013, he came to know that their fixed deposits had been fraudulently transferred to another account without his authorization. The bank had transferred funds based on emails received from his ID.

The fraudsters had initiated an email conversation with the bank from October 2013 using the complainant's ID, and under the pretext of a medical emergency, requested the bank to transfer $40,000 to a London account, which did not belong to the complainants. The bank transferred £60,000 (Rs 63 lakh).

The Kalanis said the bank had not been "diligent to cross check such fake emails with the complainants" and claimed Rs 1 crore as damages. The SBI said that apart from the email id, the complainant's phone number was also registered with them but the phone was defunct, which they had not been informed about.

The bank said that in September 2012, they got an email from his registered ID requesting to create FDs by using the amounts in his NRE saving account, which they did. In October 2013, they received a request from Kalani's registered email ID to break his FDs and transfer the funds to his offshore account in UK. "The respondent requested to forward him the Form A2 application, a procedural requirement for transfer of funds to offshore accounts. After receiving it by mail, the respondent verified the signature and after examining all documents and confirming that the signature is genuine, they remitted US $40,000 to an offshore account in the UK," said the order.

The bank registered a FIR at the cyber crime police station at BKC on December 30, 2013, and coordinated with the banks in UK to stop the payments. It refunded £16,710.05, to the complainant.

Aggarwal asked the SBI to pay Rs 40 lakh to the Kalanis to partly cover their losses. "Most banks in the USA and other developed nations insure their customers against online/ATM fraud etc. beyond a liability of $50. On similar lines, in January 2014, the Banking Codes and Standard Board of India (BCSBI) unit had issued a 'Code of Bank's Commitment' wherein victims of such fraud will only be liable to pay Rs 10,000 while the bank has to make good the remaining amount. But acceptance of this code by banks is not visible," said Aggarwal.

"More proactive and consumer friendly policies are needed on behalf of banks to safeguard the interests of customers," he added.