Banks liable to pay for customers’ loss in digital arrest cases

Given the exponential rise in digital arrest scams and the difficulty faced by the victims in getting back their money, the apex consumer court’s decision to examine whether these cases come under the ambit of the consumer courts and whether banks can be held liable in such cases is a highly encouraging development.

Under the Consumer Protection Act (CPA), a consumer can claim compensation for any loss or injury caused on account of negligence or a deficient service.

Deficiency could be any fault, imperfection, shortcoming, inadequacy, negligence, omission or commission by the service provider. In a recent case in Bengaluru, where a victim of digital arrest lost Rs 11.83 crore, the police alleged clear complicity of two officials of a public sector bank. The officials allegedly aided the digital arrest scamsters in opening an account for the fraudulent transaction without following the norms mandated by the Reserve Bank of India (RBI). This is a clear case of abetment of a crime coming under the criminal law, but under the CPA, it constitutes gross deficiency in service.

But even where there is no such direct involvement of the officials in the crime, one can still hold the bank negligent for failing to comply fully with various RBI directions, such as ‘Digital Payment Security Control’ and ‘Know Your Customer’, meant to prevent banking channels from being used by fraudsters.

In fact, the banks are not only supposed to exhibit due care and caution during the opening of an account but also regularly monitor transactions inconsistent with the bank’s knowledge about the customer.

In short, the banks are mandated to implement a robust security mechanism to detect and prevent fraudulent activity.

So, how is it that in all these cases of digital arrests, banks never looked at sudden, unusual, suspicious transactions of huge withdrawals or deposits into accounts that never had any money, their quick movement into hundreds of mule or ghost accounts or their withdrawal through several ATMs within seconds of deposit? The police say that many times, the same mule accounts are used again.

All these points to either complicity on the part of the bank or their contemptuous dismissal of the regulator’s mandate. The banks must pay for this lapse or inaction, that constitutes a deficiency in service.

The National Consumer Disputes Redressal Commission has consistently held that failure to comply with the regulations/directions of the regulators constitutes ‘deficiency’ in service and the service provider is liable for the consequences in such cases. This would apply here too.

There is also the RBI circular on ‘Limiting the liability of customers in unauthorised banking transactions’ that provides for refunds to customers who report unauthorised withdrawals within three days.

The bank’s contention is that these directions do not apply to digital arrest cases as they are transactions ‘authorised’ by the customer. The complainants argue that like consent in a contract, transactions made under threat, coercion and fraud cannot be considered a voluntary, authorised transaction.

Knowing fully the extent of digital arrest frauds taking place in the country, the banks have a responsibility to warn and educate their customers. If only they had taken this responsibility seriously (another deficiency in service), we would not have seen such an increase in these cases — from 39,925 in 2022, to 1,23,672 cases in 2024. And the loss to consumers in 2024 was a whopping Rs 1935.51 crore.

So, for all these deficiencies, banks must pay. So long as banks are not held accountable for the violations of consumer rights, these crimes will not stop.

Pushpa Girimaji is a consumer law and safety specialist.

Comments