internet banking fraud case study

• Apprentice Lawyer
• Latest Legal News

Cyber Fraud in Banking: Key Takeaways from Jaiprakash Kulkarni Case

Fraud in finance and banking is known. The Jaiprakash Kulkarni & Anr. Vs. Banking Ombudsman & Ors. case highlights the increasing risks of cyber fraud faced by individuals and companies. Here’s an analysis of the key aspects of the case law.

On October 1, 2022, unauthorized beneficiaries were added to the petitioners' bank account without any OTP notification. The following day, ₹76,90,017/- was debited through multiple transactions. The petitioners promptly reported the incident to the Cyber Cell at Worli Police Station, Mumbai and blocked the associated SIM card. On October 3, 2022, they formally notified respondent no.2 (the bank) and filed an FIR with the Cyber Crime Police Station. Subsequently, the petitioners requested a Security Incident Report from the bank and sought an update on the refund process as per RBI’s Customer Protection Circular dated July 6, 2017. Despite follow-ups, the bank neither refunded the amount nor provided a satisfactory update. Consequently, the petitioners filed a complaint with the respondent no.1 (banking ombudsman) on October 12, 2022, which was rejected on January 10, 2023, on the grounds that the transactions were completed with valid credentials known only to the account holder.

Issues involved

1)   Unauthorized addition of beneficiaries and subsequent transactions from the petitioners' bank account without any OTP being received, resulting in a financial loss of ₹76,90,017/-.

2)  The petitioners claimed that no OTP was received for adding the beneficiaries and that respondent no.2 (the bank) failed to adhere to RBI guidelines on limiting customer liability in unauthorized electronic banking transactions .

3)   Banking ombudsman’s rejection of complaint , disregarding the absence of OTPs and the unauthorized beneficiary additions.

4)  The petitioners sought relief by quashing the ombudsman’s decision and directing respondent no.2 to refund the debited amount along with interest and compensation as per the RBI Circular.

RBI Regulations and Consumer Protection

To address these issues, the Court relied on several important rules and legal principles:

1)   RBI Circular on Customer Protection (July 6, 2017): This circular is crucial in determining the liability of customers and banks in unauthorized electronic banking transactions. It mandates that banks must compensate customers for losses if the breach is due to third-party fraud and the customer has reported the fraud promptly without negligence on their part. The onus is on the banks to prove customer negligence or involvement.

2) Consumer Protection Policy (Unauthorized Electronic Banking Transactions) : Under this policy, customers are not liable for losses due to third party breach, if they report unauthorized transactions promptly and there is no negligence on their part.

3)   Two-Factor Authentication (2FA): This security measure requires two separate forms of identification (typically something the user knows and something the user has) to authorize a transaction. Failure to implement 2FA can be seen as a security lapse on the bank's part.

Applying the above rules to the facts, the Court scrutinized the actions and responses of both the petitioners and the bank:

1.   Failure in Two-Factor Authentication : On October 1, 2022, unauthorized beneficiaries were added to the petitioner's account without any One-Time Password (OTP) or notification sent to his registered mobile or email. The next day, ₹76,90,017 was fraudulently debited through multiple transactions. The Cyber Cell’s investigation confirmed that no OTPs or transaction alerts were received by the petitioners, directly contradicting the bank’s claim that the transactions were authenticated through valid credentials and 2FA.

2.   Petitioners’ Prompt Action : Upon discovering the fraudulent transactions, the petitioners promptly reported the incident to both the Cyber Crime Police and the bank on October 3, 2022. They lodged a First Information Report (FIR) and persistently sought redress from the bank, adhering to the RBI's guidelines for reporting unauthorized transactions. This quick reporting played a critical role in establishing their non-negligence and ensuring their claim for compensation.

3.   Inadequate Inquiry by the Banking Ombudsman : The Court highlighted the lackluster approach of the banking ombudsman in investigating the fraud. The ombudsman concluded there was no deficiency in the bank’s service without thoroughly examining whether the transactions were truly authorized by the petitioners. The ombudsman’s reliance on the bank’s assurance of 2FA being used, despite contrary evidence from the Cyber Cell, was deemed insufficient and negligent.

4.   RBI’s Support on Zero Liability : The RBI’s affidavit supported the stance that in cases of unauthorized transactions due to third-party fraud, customers should have zero liability, provided they report the incidents promptly and have not contributed to the breach through their actions. The Court found that the petitioners had acted diligently and there was no evidence of negligence or collusion with the fraudsters.

Author's Observations

The Bombay High Court’s decision in Jaiprakash Kulkarni vs Banking Ombudsman, Bank of Baroda & Others underscores the paramount importance of robust security measures and diligent customer protection practices in the banking sector. The Court quashed the banking ombudsman’s order and directed the Bank of Baroda to refund the fraudulently debited amount of ₹76,90,017 to the petitioners, with an interest of 6 per cent per annum from October 2, 2022, until the payment date.

This ruling emphasizes several critical points:

1.   Customer Protection: The judgment reaffirms the RBI’s guidelines on zero liability for customers in cases of unauthorized transactions due to third-party fraud. It is a strong reminder that customers must be shielded from losses incurred due to security lapses beyond their control.

2.   Bank’s Accountability: The case highlights the necessity for banks to enforce stringent security protocols like 2FA effectively. Any lapses in these measures can expose banks to significant liabilities and damages.

3.   Prompt Reporting and Vigilance : Customers are encouraged to report unauthorized transactions promptly. This timely action is crucial in limiting their liability and securing their rights to compensation under the RBI’s framework.

4.   Need for thorough Investigation : The Court criticized the banking ombudsman’s inadequate investigation, stressing that thorough and diligent inquiries are essential when addressing claims of unauthorized transactions. This sets a precedent for more rigorous scrutiny in similar future cases.

We believe that this judgment is a crucial step in enhancing the protection of customers in the digital banking ecosystem. It sends a clear message to financial institutions about the importance of robust security measures and the necessity of transparent and thorough handling of fraud claims.

For customers, it reinforces the importance of vigilance in monitoring account activities and reporting suspicious transactions immediately. The court's decision serves as a significant precedent, potentially guiding future cases involving cyber fraud and unauthorized banking transactions.

As the digital landscape continues to evolve, the principles laid down in this case will be instrumental in shaping the policies and practices surrounding customer protection and cyber security in the banking industry.

About the author: Vishwas Chitwar is an Associate at NovoJuris Legal.

Chitwar authored the article with inputs from Sharda Balaji, Managing Partner, NovoJuris Legal.

If you would like your Deals, Columns, Press Releases to be published on  Bar & Bench,  please fill in the form available   here .

Cyber Fraud in Banking: Key Takeaways from Jaiprakash Kulkarni Case Author: Vishwas Chitwar is an Associate at @novojuris Legal. https://t.co/VlWHiCsATh — Deals & Firms by Bar & Bench (@dealsandfirms) July 27, 2024

Academia.edu no longer supports Internet Explorer.

To browse Academia.edu and the wider internet faster and more securely, please take a few seconds to  upgrade your browser .

Enter the email address you signed up with and we'll email you a reset link.

• We're Hiring!
• Help Center

Download Free PDF

IRJET-Collecting Digital Evidence: Internet Banking Fraud - Case study

Net banking frauds are now a day’s became common, criminals use the various available technologies to con the unaware citizens. Use of Phishing mails, key loggers and mobile phone SIM card cloning is the techniques commonly used. Highest number of Cyber Crimes made the job of police department tough. Tracing the non history shitter criminals, is an another challenge. Various online resource such as anonymizers equip criminals with loads of facility

Related papers

– E-banking has a lot of benefits that add value to customer's satisfaction in term of better service quality, and at the same time enable banks to gain a competitive advantage over other competitors. However, more attention towards e-banking security is required and needed against fraudulent behavior because the lack of control over security makes e-banking still un-trusted for many till today. This paper presents security issues related to e-banking along with the characteristics and challenges of e-banking fraud. Different types of attacks, some fraud detection strategies, and some prevention methods used by electronic banks, are also presented in this paper. An expert opinion method was used to rank different model and techniques in security. Results indicated that the most effective model is " Transaction Monitoring " and the worst models based on respondent's opinions are " Virtual Keyboards " , " Browser Protection " , and " Device Identification ". The organization of this paper go in the following manner: section 1 will introduce the topic, followed by a literature review in section 2. Section 3 depicts the research methodology adopted and the data analysis process. Finally, conclusions and future work are stated at the end of the paper.

— Phishing is an attack that deals with social engineering system to illegally get and utilize another person's information for the benefit of authentic site for possess advantage (e.g. Take of client's secret word and Visa precise elements during online correspondence). It is influencing all the significant areas of industry step by step with a considerable measure of abuse of client qualifications. To secure clients against phishing, different hostile to phishing procedures have been suggested that takes after various methodologies like customer side and server side insurance. In this paper we have considered phishing in detail (counting assault process and grouping of phishing assault) and investigated a portion of the current sites to phishing strategies alongside their points of interest and disadvantages.

Abstract According to Malaysian Computer Emergency Response Team (MyCERT) the number of forgery incidents especially phishing cases in Malaysia had enormously increased. This social engineering act which tricks someone into giving their confidential information is becoming a major threat in securing a person private identity. Therefore, this paper will discuss the challenges and impacts of phishing in Malaysia.

Phishing is an endeavor by an individual or a gathering to steal individual confidential information such as, passwords, credit card data and so forth from clueless casualties for wholesale fraud, monetary profit and other fraudulent activities. This paper concentrates on the phishing assaults which incorporates investigation of various commitments of late research on phishing detection and prevention techniques.

This paper describes a method of implementing two factor authentication using mobile phones. The proposed method guarantees that authenticating to services, such as online banking or ATM machines, is done in a very secure manner. The proposed system involves using a mobile phone as a software token for One Time Password generation. The generated One Time Password is valid for only a short user-defined period of time and is generated by factors that are unique to both, the user and the mobile device itself. Additionally, an SMSbased mechanism is implemented as both a backup mechanism for retrieving the password and as a possible mean of synchronization. The proposed method has been implemented and tested. Initial results show the success of the proposed method.

In this paper, we implement a system securing the Transactions by user from Automated Teller Machines (ATM).We use AADHAAR related BIOMETRIC system to Authorizing the users. ATM allows the account holder to have transactions with their own accounts without allowing them to access the entire bank's database. Traditional ATM transaction method is replaced with this type of Biometric technology. With the use of this technology a genuine user can be identified, if incase of transactions made by some Unauthorized user then the that person's Aadhaar details has recorded. After identifying the user using its ID, then the user inputs ATM Pin number. If it is correct and his fingerprint is also verified then allowed to make transactions.

BIAMA 35, PUP., 2024

2024, Chevillot P., Morhange C., Le cadre du développement urbain, le contexte environnemental de Marseille, in Fouilles à Marseille. Approches de la ville antique (VIe s. av.-VIIe s. apr. J.-C.), sous la dir. de M. Bouiron, P. Mellinand et H. Tréziny, Aix-en-Provence, PUP, Archéologies méditerranéennes. Bibliothèque d’archéologie méditerranéenne et africaine, BIAMA 35, pp. 29-37.

"España/Nueva España. El arte de la pintura en cuatro tiempos", 2022

La Cátedra Mus eo de l Pr ado, creada en el año 200 9, es una de las princip ales !focas de act uación del Cent ro de Es rudi os de l Museo ubica do en el Casó n del Buen Retiro. Cada ed ición de la Cá ted ra' cue nt a con un reconocido experto en su campo que desarro lla un pr oyecto per sona! relacionado con el arte. Cualquier forma de reproducción, distl'ibuci ón, comunicaci ón pública o transformación de es_r a obra solo puede ser realizada con la autorización de sus titulares, salvo excepción prevista por la ley._ Diríja~c a CEDRO (Centro Español de Derechos Rcprográficos, ,vi.vw. ce dro. org) s1 necesita fotocopiar o escanear algún fragmento de esta o bra.

Zeitschrift für Medienwissenschaft, 2014

Málaga de Cultura, 2024

IEEE Transactions on Reliability, 1993

ARCHITECTURE AND DESIGN-NEW …, 1998

Unidad Sociológica, 2023

Artefactos, 2023

Edad Media. Revista de Historia

Third Concept: An International Journal of Ideas, 2023

Physical Review D, 2011

Revista De Artes Y Humanidades Unica, 2009

Jurnal Riset Kesehatan Poltekkes Depkes Bandung

European Journal of Business and Management, 2016

Genetics, 2012

Diabetes, 2001

Scire: representación y organización del conocimiento

Scientific Reports, 2016

Related topics

•   We're Hiring!
•   Help Center
• Find new research papers in:
• Health Sciences
• Earth Sciences
• Cognitive Science
• Mathematics
• Computer Science
• Academia ©2024

• Kreyòl Ayisyen

CFPB Sues JPMorgan Chase, Bank of America, and Wells Fargo for Allowing Fraud to Fester on Zelle

Americans have lost hundreds of millions of dollars to fraud tied to payment network’s shoddy safeguards

Washington, D.C. – Today, the Consumer Financial Protection Bureau (CFPB) sued the operator of Zelle and three of the nation’s largest banks for failing to protect consumers from widespread fraud on America’s most widely available peer-to-peer payment network. Early Warning Services, which operates Zelle, along with three of its owner banks—Bank of America, JPMorgan Chase, and Wells Fargo—rushed the network to market to compete against growing payment apps such as Venmo and CashApp, without implementing effective consumer safeguards. Customers of the three banks named in today’s lawsuit have lost more than $870 million over the network’s seven-year existence due to these failures. The CFPB’s lawsuit describes how hundreds of thousands of consumers filed fraud complaints and were largely denied assistance, with some being told to contact the fraudsters directly to recover their money. Bank of America, JPMorgan Chase, and Wells Fargo also allegedly failed to properly investigate complaints or provide consumers with legally required reimbursement for fraud and errors. The CFPB is seeking to stop the alleged unlawful practices, secure redress and penalties, and obtain other relief.

“The nation’s largest banks felt threatened by competing payment apps, so they rushed to put out Zelle,” said CFPB Director Rohit Chopra. “By their failing to put in place proper safeguards, Zelle became a gold mine for fraudsters, while often leaving victims to fend for themselves.”

Read Director Chopra's remarks on the lawsuit.

Bank of America, N.A. is a national bank and subsidiary of the Bank of America Corporation, headquartered in Charlotte, North Carolina. As of June 30, 2024, Bank of America had over $2.5 trillion in consolidated total assets.

JPMorgan Chase Bank, N.A. is a national bank and subsidiary of JPMorgan Chase & Company headquartered in Columbus, Ohio, and the nation’s largest bank, with over $3.5 trillion in consolidated total assets as of June 30, 2024.

Wells Fargo Bank, N.A. is a national bank and subsidiary of Wells Fargo & Company headquartered in Sioux Falls, South Dakota. As of June 30, 2024, Wells Fargo had $1.9 trillion in consolidated total assets.

Early Warning Services, LLC is a financial technology and consumer reporting company based in Scottsdale, Arizona. Early Warning Services designed and operates the Zelle network. It is co-owned by seven of the largest banks in the United States: Bank of America, Capital One, JPMorgan Chase, PNC Bank, Truist, U.S. Bank, and Wells Fargo.

Zelle allows near-instant electronic money transfers through linked email addresses or U.S.-based mobile phone numbers, known as “tokens.” Users can create multiple tokens across different banks and quickly reassign them between institutions, a feature that has left consumers vulnerable to fraud schemes.

The CFPB alleges widespread consumer losses since Zelle’s 2017 launch due to the platform’s and the defendant banks’ failure to implement appropriate fraud prevention and detection safeguards. The CFPB alleges that Bank of America, JPMorgan Chase, Wells Fargo, and Early Warning Services violated federal law through critical failures including:

• Leaving the door open to scammers: Zelle’s limited identity verification methods have allowed bad actors to quickly create accounts and target Zelle users. For example, criminals often exploited Zelle’s design and features to link a victim’s token to the fraudster’s deposit account, which caused payments intended for the consumer’s account to instead flow to the fraudster account.
• Allowing repeat offenders to hop between banks : Early Warning Services and the defendant banks were too slow to restrict and track criminals as they exploited multiple accounts across the network. Banks did not share information about known fraudulent transactions with other banks on the network. As a result, bad actors could carry out repeated fraud schemes across multiple institutions before being detected, if they were detected at all.
• Ignoring red flags that could prevent fraud : Despite receiving hundreds of thousands of fraud complaints, the defendant banks have failed to use this information to prevent further fraud. They also allegedly violated the Zelle Network’s own rules by not reporting fraud incidents consistently or on time.
• Abandoning consumers after fraud occurred : Despite obligations under the Electronic Fund Transfer Act and Regulation E, the defendant banks failed to properly investigate Zelle customer complaints and take appropriate action for certain types of fraud and errors.

Enforcement Action

Under the Consumer Financial Protection Act, the CFPB has the authority to take action against institutions violating consumer financial protection laws, including engaging in unfair, deceptive, or abusive acts and practices.

The CFPB’s lawsuit seeks to halt unlawful conduct, obtain redress for harmed consumers, and obtain a civil money penalty, which would be paid into the CFPB’s victims relief fund , and secure other appropriate relief.

Read today’s complaint against Early Warning Services, Bank of America, JPMorgan Chase, and Wells Fargo.

Proliferation of Scams

The holiday season in particular can bring a surge of scams. Learn more about common types of scams from the CFPB’s online resources . Consumers can submit complaints about financial products and services, including scams on payment networks, by visiting the CFPB’s website or by calling (855) 411-CFPB (2372) .

Employees who believe their company has violated federal consumer financial protection laws are encouraged to send information about what they know to [email protected]. To learn more about reporting potential industry misconduct, visit the CFPB’s website .

The Consumer Financial Protection Bureau is a 21st century agency that implements and enforces Federal consumer financial law and ensures that markets for consumer financial products are fair, transparent, and competitive. For more information, visit www.consumerfinance.gov .