Under the IT Act, the AA,
who is the state IT secretary, has the authority to adjudicate cyber fraud
cases involving claims for injury or damage up to Rs 5 crore. The AA has powers
of a civil court and can hear complaints related to violations under the IT Act.
Victims of cyber fraud, whether individuals or entities, can approach the AA
for redressal.
This case involved
unauthorized transactions amounting to Rs 2.06 crore from DVSB’s account on 7-8
June 2020, between 7 am and 10 am—outside the cooperative bank’s working hours.
Interestingly, neither the maker nor the checker—two different individuals
using separate mobile numbers—received the one-time passwords (OTPs) required
to authorize these transactions. The AA found Axis Bank guilty of failing to
maintain reasonable security safeguards, as required under Section 43A of the
IT Act, and for non-compliance with Reserve Bank of India (RBI) guidelines.
Lapses included the absence of real-time fraud detection mechanisms and failure
to verify KYC details of beneficiary accounts where the stolen funds were
transferred, including those at ICICI Bank and HDFC Bank.
Although Axis Bank argued
that the fraud occurred due to remote access software installed on DVSB’s
systems, the AA dismissed this defence, noting contradictory claims and
unreliable evidence. The ruling highlights the importance of banks ensuring
robust data protection and adherence to security regulations.
This judgment actually tells us that victims of cyber fraud can seek justice through the AA,
ensuring that financial institutions/ banks are held accountable for lapses in cyber security.
[The author can be
contacted at gupta.ampslegal@gmail.com. Readers should not act on the basis of
this information without seeking professional legal advice.]
Comments
Post a Comment