In a landmark judgement in India, delivered by Sri PWC Davidar, IAS, the Adjudicator of Tamil Nadu (also the IT Secretary)Â has passed an award for payment of Rs 12.85 lakhs to a petitioner who alleged a fraudulent withdrawal from his ICICI Bank account. Bank contended that the issue involved customer negligence and did not fall under the jurisidction of the adjudicator.
However in a well reasoned jugement copy of which is available here (PDF copy size 2 MB) the Adjudicator held that an offence is made out under ITA 2000 and it falls under the jurisidction of the adjudicator.
The honourable adjudicator proceeded to accept the petitioner’s argument that the Bank had not exercised due diligence and therefore was liable under Section 85 of the Act to pay the compensation.
One of the main points highlighted in the judgement is that the Bank failed to use appropriate authentication of its e-mails to customers in the form of “Digital Signatures”. Bank’s systems and procedures before and immediately after the commission of the offence and the lack of KYC responsiblity was also highlighted.
Since there are hundreds of Phishing frauds that are happenning in the Indian scenario, this judgement is likely to be welcome by millions of Internet Banking customers in India.
As the author has been emphaisizing for a long time, non adoption of digital signatures by Banks for authenticating Internet Banking transactions is a matter of utter disregard to the laws and RBI guidelines and this judgement would help in restoring some responsibility amongst the Bankers.
The undersigned had recently offered to one the Chiarman’s of a Bank (who is also the chairman of Indian Bank Association) that digital signature can be provided to every one of their customers at the cost of the annual fee they are now charging for servicing the account.
Regrettably there was no response from the Bank. I hope the Chairman of IBA will review the proposal and mandate introduction of digital signatures in Bank-customer communication besides taking other security initiatives as suggested in the judgement.
Naavi
Loading ...
3 users commented in " Land Mark Judgement in Phishing Case in India "
Follow-up comment rss or Leave a Trackbackjudgment.. (no e)
Hi,
We are from ICICI Bank and we’d like to clarify that ICICI Bank will appeal as the complainant has negligently disclosed the confidential information such as password and thereby fallen prey to a phishing fraud by responding to a phishing email. The customers are fully apprised on security aspects of Internet banking through channels such as monthly/quarterly statements, posters located at ATM and branches, information through the website of the bank to safeguard their own interest. We reassure that our security systems are continuously audited and neither the security nor our processes have been breached.
ICICI Bank endeavors to offer world-class service to its customers. Today, we have hundreds of types of transactions, which can be completed on line without having to walk into a branch. We strive for convenience and safety of our customers and uninterrupted availability of our services through self-service channels. We also continuously upgrade our systems and technology to ensure that our customers get the best experience and a safe environment while transacting on line.
Regards,
ICICI Bank Team.
I would have been happier if ICICI Bank had corrected the “Negligence” aspects highlighted in the judgement rather than their indicated approach.
ICICI Bank should note that there is support of RBI to the decision as can be gauged by a recent decision of an Ombudsman in another case advising the Bank to repay the phished amount with interest which was promptly followed by that Bank.
I wish IBA calls for a debate on this issue. I invite through this column the IBA Chairman to hold a public debate on the issue of Phishing liability at Bangalore.
Leave A Reply