In several cyber fraud cases, victims have reported that money was withdrawn from their accounts even after they had lodged complaints with the concerned banks.
While some bank officials, fully aware of the Reserve Bank of India’s guidelines on customer liability, attempt to shift responsibility, others end up misleading victims, at times even advising them to change their registered mobile numbers, instead of taking immediate remedial action.
Recently, a journalist from Besant Nagar was defrauded of ₹1.99 lakh from her bank account, even while she was present on the branch premises. The incident occurred on October 9, when she was attempting to access the Positive Pay System (PPS) option through online banking. Unable to locate the feature, she called up the bank using the customer care number available on Google. The person who answered the call claimed to be the bank manager, introduced himself as Anup Kumar, and instructed her to download a mobile application to resolve the issue.
He spoke in a mix of English and Hindi, and she followed his directions. However, when his instructions became confusing, she told him she would visit the branch directly. Despite the caller’s attempt to dissuade her, she proceeded to the branch, only to learn that no such employee existed.
Realising she had been scammed, she alerted the staff and met the branch manager, who advised her to change the mobile number linked to her account. However, she received alerts of two unauthorised withdrawals — ₹1 lakh and ₹99,999 — from her savings account.
“It took some time to get to the manager as he was attending to other customers. He asked me to change the phone number linked to my account. So, I returned to the counter and requested the change. I was asked to fill a form, which I did. While I was waiting, I got a message, which was followed by another transaction of ₹1 lakh. When I pointed this out, the woman at the counter was clueless. In seconds, there was another notification, and another ₹99,999 disappeared. All the while, I was trying to draw the staff’s attention to what was happening. The fraud happened right there, at the bank. When I pointed this out to the manager, he only said, ‘The money is gone. I told you to change the number’.”
An engineering college professor, who is also the head of department, faced a similar cyber fraud recently. While he was in college, he got a message from a bank, saying that ₹24,000 was debited. When he realised that it was an unauthorised transaction by an anonymous person, he ran to the bank immediately, and asked the staff to stop further payment from the account. However, he got another message that more money was debited.
The professor said, “The money was unauthorisedly deducted even after I lodged the complaint with the bank and asked them to freeze my account. They simply passed the buck instead of addressing my problem. They asked me to change my phone number.”
Clause 6 of the 2017 RBI circular to all banks stipulates ‘Zero Liability’ for customers in the event of contributory fraud/negligence/deficiency on the part of the bank. Even in the common ‘third party breach’, if the bank is informed in writing within three working days, the customer will face zero liability. Clause 9 mandates that the bank effect a shadow reversal of the defrauded amount to the customer’s account within 10 working days from the date of receipt of such notification. There is a timeline of 90 days for resolution and compensation beyond this period under Clause 10.
“Banks would do well to circulate the 2017 RBI directives to customers, instead of spamming them with credit card and loan offers, or harassing them with annual KYC demands.” said Sanjay Pinto, an advocate.
A senior police officer of the Cyber Crime Wing said, “In some cases, the bank staff, knowing fully the procedure, deliberately bypasses it by saying that the victims can go to the police and file a complaint. By that time, the fraudster would have swindled the entire money and vanished without trace. In other cases, the bank staff may not know the procedure or feel that it is tedious. We, time and again, issue guidelines to the stakeholders for handling the victims. The banks can set up separate desks for victims of cyber frauds, especially senior citizens.”
“The bank branch has certain limitations — they can block the individual account of the victim but not the suspect’s. We do block the accounts of suspects and trace the money trail. We can retrieve lost amount quickly only if the victim complains in time to us,” the officer said.
Published – October 30, 2025 12:42 am IST
