A Delhi court has directed Indian Bank to permanently refund ₹77,000 to a pensioner who lost money in an online fraud, holding that banks cannot evade responsibility when customers promptly report unauthorised transactions.
Additional Sessions Judge Hargurvarinder Singh Jaggi of Saket Courts set aside a trial court order that had refused relief to the victim and strongly relied on the Reserve Bank of India’s 2017 customer protection framework governing cyber fraud and unauthorised electronic banking transactions.
The case arose after Yogendra Kumar Singh alleged that ₹77,000 was fraudulently transferred from his pension account on May 3, 2025, in three transactions of ₹32,000, ₹30,000 and ₹15,000 through “PAYU”. According to the order, Singh informed the bank and lodged a complaint with the cyber police on the very same day.
Though the bank later credited the amount back as shadow credit, it subsequently withheld the money, leading Singh to approach the trial court seeking release of the funds.
The trial court dismissed his plea after relying on a police status report stating that no hold or lien amount was reflected on the National Cybercrime Reporting Portal (NCRP).
Vigilant citizen entitled to protection
Allowing the revision plea, the Sessions Court said the trial court had ignored the binding RBI guidelines meant to protect victims of cyber fraud.
“The petitioner demonstrated utmost vigilance by notifying Indian Bank and the Cyber Police on the exact same day,” the court observed.
The court noted that the RBI circular dated July 6, 2017, clearly provides “zero liability” protection where a customer reports unauthorised transactions within three working days.
What does the RBI rule say?
Referring to the RBI framework, the court said that even in situations where a customer may have been negligent, the bank would still have to bear losses occurring after the fraud is reported.
“Any loss occurring after the reporting of the unauthorised transaction shall be borne by the bank,” the court quoted from the RBI circular.
The judge further underlined that the RBI rules place the burden of proving customer negligence on the bank.
Indian Bank opposed the petition by claiming that the fraud occurred due to the customer’s own negligence and argued that its internal committee had classified the case as “Not Fraud on Bank”.
Rejecting this stand, the court said an internal banking assessment could not override statutory customer safeguards.
“Indian Bank’s reliance on its internal committee meeting… is insufficient to discharge this legal burden,” the court held.
The court added that the bank had failed to place “conclusive, incontrovertible evidence” to prove that the customer deliberately shared OTPs or payment credentials in a manner that would deprive him of RBI protection.
In one of the sharpest observations in the order, the court said: “A unilateral internal classification by the bank cannot supersede the statutory safeguards designed specifically to protect victims of cyber fraud.
Trial court faulted for ignoring RBI norms
The Sessions Court also criticised the trial court for relying solely on the police report while overlooking documentary evidence showing that the bank itself had granted shadow credit to the customer.
“The Trial Court committed a grave error by entirely overlooking these binding RBI guidelines,” the court said.
Calling the investigation “slipshod”, the court said the trial court’s approach resulted in a “miscarriage of justice against a vigilant citizen who fell victim to cyber fraud.”
Setting aside the earlier order, the court directed the bank to permanently reverse and release the withheld ₹77,000 forthwith in compliance with the RBI’s “zero liability mandate”.