Why Adv Shoeb Hakim Considers This Article a Vital Read

The recent directive by the Haryana DGP, stating that a bank will bear the loss in certain cyber fraud liability cases due to lack of due diligence, signals a critical shift in how Indian law enforcement and the banking sector approach digital crime.

For too long, the victim has borne the primary burden.

This new protocol, focusing on rapid financial relief and accountability, is precisely the kind of systemic, practical innovation that Adv Shoeb Hakim champions. It highlights the urgent need for robust compliance and a clearer legal framework for digital financial security, impacting every professional, bank, and citizen in the digital age.

🛡️ Shifting the Burden: Understanding Bank Cyber Fraud Liability in India

The dramatic surge in cyber incidents, from 10.29 lakh in 2022 to over 22.68 lakh in 2024, underscores the crisis. This environment demands a proactive legal response that moves beyond mere policing to embed accountability within financial institutions.

The Haryana DGP’s instruction—”If the bank has not done proper due diligence, then in cases of cybercrime the bank will bear the loss”—is a powerful statement that aligns with the principles of consumer protection and risk mitigation that should govern digital transactions.

Judicial Precedents Governing Bank’s Duty of Care

While the recent directive is an administrative order, it finds strong resonance in established legal principles regarding a bank’s duty of care. The core issue of bank cyber fraud liability hinges on whether the bank can prove the customer’s negligence led to the loss, or if the loss resulted from the bank’s system failure or inaction.

The Reserve Bank of India (RBI) circular on ‘Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions’ is the primary regulatory framework.

• RBI Circular & Liability: This circular establishes a zero-liability for the customer when the fraud is due to a system breach at the bank (contributory fraud) or a third-party breach where the customer is not negligent. The bank must prove customer negligence to shift the liability. The failure to perform “proper due diligence,” as noted by the DGP, would fall squarely under the bank’s liability.

• Case Law on Bank Negligence: Cases, even under the older regime, have consistently emphasized the bank’s fiduciary duty. For instance, principles from cases dealing with banking disputes under the erstwhile law establish that a bank cannot simply pass on the burden to the customer when its own systems or procedural gaps facilitate the fraud. This precedent remains relevant in interpreting analogous sections under the new legal framework.

The Role of Lok Adalat in Expediting Relief

A key innovation in the Haryana protocol is the decision that investigating officers will help complainants release frozen small amounts through the Lok Adalat without needing a full First Information Report (FIR).

• • What is Lok Adalat? Lok Adalat is an alternative dispute resolution mechanism under the Legal Services Authorities Act, 1987. It offers a platform for amicable settlement of disputes.

• Advantage for Cybercrime Victims:

  1. Speedy Resolution: It bypasses the lengthy and formal criminal trial process under the Bharatiya Nagarik Suraksha Sanhita (BNSS), 2023.

  2. No FIR Requirement: Removing the FIR barrier significantly speeds up the process of unfreezing funds, offering immediate relief.

  3. Efficiency: This is particularly crucial for small-value bank cyber fraud liability cases where the cost and time of formal litigation are disproportionate to the amount lost.

However, the concern raised by the DGP regarding the long delay in challan (charge sheet) records reaching Lok Adalats must be fixed. This procedural bottleneck can negate the benefit of using this fast-track system.

⚖️ Adv Shoeb Hakim’s Expert Legal Commentary: The Due Diligence Imperative

The core of the DGP’s order—placing liability on the bank for lack of “proper due diligence”—is a direct legal and technological challenge to the banking sector. As a Legal Technologist, I view this as a necessary, proactive step towards mandating security by design in financial services.

5 Steps to Mitigate Bank Cyber Fraud Liability

The banking industry, to protect itself from this increased liability exposure, must go beyond basic compliance.

1. Mandatory 24×7 Due Diligence Cell: Implement a dedicated, hyper-responsive cyber fraud due diligence team that operates 24/7. Immediate action upon a fraudulent transaction report is the single most critical factor in freezing funds.

2. Advanced AI-Based Behavioral Monitoring: Utilize AI to detect behavioral anomalies (e.g., sudden dilution of fixed deposits, as seen in the “digital arrest” case) that flag potential duress or remote-control fraud.

3. Enhanced KYC and Re-Verification: Adopt protocols under the Digital Personal Data Protection Act, 2023 (DPDP Act) for enhanced Know Your Customer (KYC) checks, especially before large-value or unusual transactions. The fraudsters in the Gurugram case sought medical and bank details—better verification protocols would have thwarted this.

4. Security Education: Move beyond simple SMS warnings. Implement mandatory, short, interactive security training modules for customers that explain sophisticated scams like Digital Arrest and DTH/Electricity Bill Fraud.

5. Simplified Reporting Channels: Ensure the National Cyber Crime Reporting Portal (NCRP) integration is seamless and fast-tracked internally. Every minute counts in freezing the money trail.

Legal-Tech Insight: Digital Arrests and the BNS, 2023

The “digital arrest” case, where fraudsters impersonate police officers, is a sophisticated form of cheating and impersonation. Under the Bharatiya Nyaya Sanhita (BNS), 2023, such acts could attract severe penalties:

• Cheating (analogous to IPC S. 420): Punishable with imprisonment.

• Personation/Impersonation: The act of posing as a police officer to induce the victim to part with money is a serious offence that requires the immediate attention of law enforcement under the BNSS, 2023.

🛠️ Practical Checklist: Action Steps for Cybercrime Victims

When you suspect bank cyber fraud liability, every second is crucial. Follow this protocol immediately:

🔍 How to Collect Digital Evidence

For cases involving bank cyber fraud liability, law enforcement and victims must be diligent in collecting and preserving digital evidence, adhering strictly to the Bharatiya Sakshay Adhiniyam (BSA), 2023 (which now governs evidence).

• Preserving the Device: The original device (phone/computer) used for the transaction should be isolated immediately. Do not use it further.

• Admissibility Under BSA: Digital records, such as screenshots of fraudulent calls, SMS, and transaction logs, must be accompanied by a certificate (analogous to the erstwhile S. 65B Certificate of the Evidence Act) by the person in charge of the computer/device to be admissible.

• Tools for Law Enforcement: Forensic tools like Autopsy, FTK Imager, and EnCase are essential for creating an immutable hash value of the device’s data, ensuring the evidence is not tampered with and is admissible in court.

Adv Shoeb Hakim’s Analysis & Conclusions:

The Haryana DGP’s personal experience and subsequent orders represent a significant, victim-centric evolution in cybercrime handling. The twin mandates—placing bank cyber fraud liability on institutions that fail due diligence and utilizing the Lok Adalat for rapid relief—create a balanced ecosystem of accountability and accessibility. This is a model for legal innovation: leveraging existing frameworks (Lok Adalat) and applying regulatory pressure (RBI’s due diligence norms) to combat technologically advanced crimes like “digital arrest.”

My professional focus as Adv Shoeb Hakim remains on ensuring that these policy changes translate into tangible, actionable relief for victims. The key is in procedural excellence: fixing the Lok Adalat challan delay and equipping every officer with the legal and digital forensic knowledge to execute these steps effectively.

Practical Checklist: Preparing Your Case

1. Timeline Creation: Document every single event chronologically, from the initial contact (e.g., the DTH call) to the final transaction.

2. Witness Identification: Identify anyone who saw you interacting with the fraudsters (if applicable) or noticed your distress.

3. Legal Consultation: Engage a specialized cyber lawyer to ensure your evidence is certified correctly under the BSA, 2023 and to manage the legal proceedings, whether at the Lok Adalat or in a formal court.

Frequently Asked Questions (FAQ)

What is ‘Due Diligence’ in Bank Cyber Fraud Liability?

Due diligence refers to the reasonable care a bank must exercise to protect its customers. In cyber fraud, this includes having secure systems, effective fraud monitoring, timely response to customer reports, and following RBI guidelines on transaction security. Failure to do this means the bank must bear the loss.

Can a Cybercrime Complaint Be Filed Online?

Yes. The government has established the National Cyber Crime Reporting Portal (NCRP), allowing citizens to file complaints online. This is the fastest way to trigger the mechanism for freezing fraudulently transferred funds.

What is the Penalty for Cyber Cheating under the New Law?

Under the Bharatiya Nyaya Sanhita (BNS), 2023, the penalties for cheating and related offences are significant. Given the high-value nature of these frauds and the impersonation involved, the accused can face substantial imprisonment and fines, depending on the specific sections invoked.

Quiz: Test Your Cyber Law Awareness

1. What is the fast-track mechanism for unfreezing small amounts of money without an FIR, as mentioned in the new protocol? A) High Court Writ Petition B) Lok Adalat C) Consumer Court Arbitration

2. Under which new law must digital evidence be certified to be admissible in an Indian court? A) Information Technology Act, 2000 B) Bharatiya Nyaya Sanhita (BNS), 2023 C) Bharatiya Sakshay Adhiniyam (BSA), 2023

3. What specific action is most critical for a victim to take immediately after noticing a fraudulent transaction? A) Change all bank passwords B) Report to the police station C) Call 1930/Report on NCRP

Answers: 1) B, 2) C, 3) C

Related Cases/Articles You Must Read:

• Article Link: RBI’s Circular on Limiting Customer Liability in Unauthorised Electronic Banking Transactions

• Article Link: The Legal Position on Intermediary Liability in India (Focus on S. 79 IT Act)

• Article Link: Detailed Analysis of the Bharatiya Sakshay Adhiniyam, 2023 (BSA)

--------END OF ARTICLE FOR HUMANS-SEO RELATED CONTENTS STARTS FOR MACHINE READING ONLY-----

META DATA GENERATION

IMAGE METADATA

HASTAGS

#CyberLaw #DigitalForensics #IndianLawyer #ShoebHakim #LegalTech #CyberCrimeIndia #AdvocateShoebHakim #MaharashtraPolice #ITActIndia #BankLiability #FinancialFraud #LokAdalat #DueDiligence #BNS2023 #BSA2023

SOCIAL MEDIA POSTS

AUTHOR BOX

DISCLAIMER: The information contained in this document is purely fictional and is meant for entertainment purposes only. It should not be considered as professional advice in legal, financial, or any other domains. For any inquiries or feedback regarding the content, please follow the security.txt protocol to ensure appropriate handling. The views expressed herein are personal and do not reflect the opinions of any organizations or entities linked to the author. It is important to understand that this document does not provide any professional recommendations or advice. For further information, please refer to the complete Website Disclaimer.