“Bank cannot rely on arbitrary terms and conditions to wriggle out of its liability towards customers” – HDFC BANK ANR. V. JESNA JOSE


In the instant matter, the Commission heard the Revision petition filed by the HDFC Bank against dismissal of its appeal by the State Commission, thereby upholding the order directing the Bank to compensate the customer for fraudulent transaction from her account.

The Complainant-customer had stated that the credit card was in her possession when the disputed transactions had taken place. She further stated that the transactions had taken place remotely, several miles away from her actual location and therefore, the reason for the fraudulent transactions must be forgery/hacking of the card or some other technical and/or security lapse in the electronic banking system through which the transactions had taken place.

The Bank had on the other stated that the Credit Card must have been stolen and that it is due to the Card Holder’s negligence that she lost safe custody of her card.


The Court noted that the Bank had failed to produce any evidence to substantiate its averment that the credit card was stolen or that the Complainant had resorted to any fraud/forgery.

The Commission relied on a RBI circular as per which, zero liability will rest with the customer, where the deficiency lies in the banking system.

As per Circular dated 6 July 2017:

A customer’s entitlement to zero liability shall arise where the unauthorised transaction occurs in the following events:

Contributory fraud/ negligence/ deficiency on the part of the bank (irrespective of whether or not the transaction is reported by the customer).

Third party breach where the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system, and the customer notifies the bank within three working days of receiving the communication from the bank regarding the unauthorised transaction.

In the facts of the case, the Commission noted,

(i) The first unauthorized transaction took place on the 15.12.2008.

(ii) The said transactions were observed by the Bank on 15.12.2008 itself.

(iii) The Complainant’s father was contacted only on 18.12.2008.

(iv) On 20.12.2008, within three days of receiving information form the Bank, the Complainant’s father notified the Bank that the transactions were unauthorized.

“In such circumstances, therefore, even if the deficiency was not with the Bank, but elsewhere in the system, the Bank will be held liable for all the 29 unauthorized transactions which were effected from 15.12.2008 till the card was hotlisted, i.e. till 20.12.2008,” the Commission said.

Reliance was also placed on Punjab National Bank & Anr. v. Leader Valves II, (2020) CPJ 92 (NC), where the Commission while addressing the question of liability of a Bank in case of unauthorized and fraudulent electronic banking transactions, had observed:

“The first fundamental question that arises is whether the Bank is responsible for an unauthorized transfer occasioned by an act of malfeasance on the part of functionaries of the Bank or by an act of malfeasance by any other person (except the Complainant/account-holder). The answer, straightaway, is in the affirmative. If an account is maintained by the Bank, the Bank itself is responsible for its safety and security. Any systemic failure, whether by malfeasance on the part of its functionaries or by any other person (except the consumer/account-holder), is its responsibility, and not of the consumer.”

Leave a Reply