Shivam Pandey v. ICICI Bank Limited and Ors.

1. This writ petition is filed on behalf of the Petitioner under Article 226 of the Constitution of India seeking following reliefs:- “Issue writ of mandamus and/ or any other writ/ order or direction quashing rejection order dated 05.11.2024 by Respondent No. 1 as violative of Articles 14, 16 and 21 read with Article 300A of the Constitution of India read with RBI Master Circular dated 06.07.2017; and 41 b. Issue writ of mandamus and/ or any other writ/ order or direction to R- 1 to R-9 banks to restore/ compensate amount of INR 50,41,524/- siphoned off on 13-14.08.2024 from petitioner’s ICICI bank account bearing NO. 089101505138, IFSC: ICIC0000891, with interest; and/ or c. Pass such other and further order/ s as deemed fit and proper by this Hon'ble Court in the interest of justice”.

2. It is the case of the Petitioner that he is a victim of cyber fraud, perpetrated by intimidation and impersonation of law enforcement agencies and officials as members of a criminal syndicate having pan India presence, which has resulted in a loss of Rs.50,41,524/- to the Petitioner. It is stated that on 10.08.2024, Petitioner received a call from a person claiming to be representative of Mumbai Crime Branch, CBI and Finance Department of Union of India and Petitioner was made to believe that he was under digital arrest. Petitioner thereafter received a notice under the letter head of CBI followed by another notice purportedly from RBI and under immense psychological process, Petitioner transferred Rs.50,41,524/- from his bank account in Respondent No. 1/ ICICI Bank to two bank accounts, only to realise on 15.08.2024 that he was defrauded. Petitioner then filed a complaint with Cyber Fraud Cell and FIR No. 380/2024 was registered on 24.08.2024 by Intelligence Fusion & Strategic Operations unit of Delhi Police. On 15.08.2024, Petitioner reported the incident to ICICI Bank and requested to take urgent action to freeze/reverse/charge back the transactions, however, the bank informed the Petitioner on 16.08.2024 that shadow credit for the disputed amount had been processed and the amount was marked as a lien. On 05.11.2024, the bank informed the Petitioner that service request was “not eligible for reversal as OTP/Grid authenticated- ICICI Bank”.

3. Learned counsel for the Petitioner submits that order dated 05.11.2024 issued by ICICI Bank be quashed and a direction be given to Respondents No.1 to 9 to restore/compensate Rs.50,41,524/- to the Petitioner. It is argued that the present case is not an ordinary incident of crime as Respondents No.1 to 9 have acted not only as conduit for easy and fast money laundering but have also failed to abide by and implement the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005 and Master Direction – Know Your Customer (KYC) Direction, 2016 of the Reserve Bank of India (RBI).

4. Short affidavit is filed on behalf of ICICI Bank. Learned counsel for ICICI Bank submits that while there is no specific procedure to deal with online/digital arrest, however, RBI Circular dated 06.07.2017 lays down a procedure, which the banks follow when a complaint of digital arrest is made by the account holder of the bank, which is detailed in the affidavit. It is further submitted that investigation was carried out by the bank, when the complaint was received from the Petitioner, which revealed that bank had initially withheld/denied the transactions carried out by the account holder as they were high value transactions and also looking into the track record of the transactions. Interactive Voice Response (‘IVR’) calls were made to the account holder on his registered mobile, which went unanswered leading to withholding and denying the transaction. The account holder was informed of this by a text message.

5. It is further submitted that after the account holder reached out to the bank through phone banking mode for whitelisting his account to enable him to carry out the transaction, the request was processed and confirmation was sent to the account holder via text message alert. The transaction was authenticated through GCA/OTP, which is only known to the account holder and thereafter, text message/e-mail alerts were sent on the registered mobile number informing him of the transactions in the sum of Rs. 25,63,431/-, Rs.15,82,373/- and Rs.8,95,720/-. Therefore, all necessary precautions and safeguards were observed by the bank and there is no error or negligence of any kind.

6. Heard learned counsels for the parties and examined their submissions.

7. Petitioner claims himself to be a victim of cyber fraud perpetrated by persons impersonating themselves as members of law enforcement agencies. As per the Petitioner he has suffered a monetary loss of Rs.50,41,524/- on account of the alleged fraud and seeks a direction to Respondents No.1 to 9 to refund the said amount. Short affidavit filed by ICICI Bank details the procedure followed when cases of online/digital arrest are reported, as laid down in RBI Circular dated 06.07.2017 titled “Customer Protection- Limiting Liability of Customers in Unauthorised Electronic Banking Transactions”. It is stated in the affidavit that when a complaint of digital arrest is made by an account holder of the bank, a unique service request number is generated and the bank provides a shadow credit (temporary credit) for the disputed amount in the account and the same is marked as lien. Thereafter, the bank initiates an internal investigation into the complaint where the team interacts with the complainant to understand the sequence of events leading to transfer of funds as also to investigate into whether OTP to confirm the payee and the debit alert of disputed transaction was received on the registered mobile of the account holder. The investigation team checks whether the transaction was completed with all authentication parameters required i.e. login credentials, OTP, Grid details, details of IVR calls made to the customer and SMS(s) with regard to the transaction sent to the account holder. If the investigation reveals that transaction was authenticated with all parameters, the shadow credit is reversed from the account.

8. It is explained in the affidavit by the bank that in the present case, Petitioner has duly admitted that the transactions were carried out by him. As per bank’s record, the transactions were carried out through internet banking/iMobile app channel as the account holder had keyed in/entered/updated the beneficiary/payee account details as OTP alert/message had been sent to the registered mobile number of the account holder, which was then used to authenticate the addition of the beneficiary/payee account. Thereafter, the cooling off period was brought into effect and additionally, the account holder was informed of the expiry of the cooling off period via SMS/text message sent on his registered mobile number. Relevant extract of the message as brought forth in the affidavit is as follows:- “Dear Customer, transfer funds to ROHTAK. It has been 30 minutes since you have added the payee. Call ICIC Bank Customer Care, if payee not added by you”

9. It is further stated by ICICI Bank that upon further scrutiny of the disputed transactions, pursuant to the complaint from the account holder on 15.08.2024, which was registered under reference No. SR1002445917, it was observed that the bank had initially withheld/denied the transactions as they were high value transactions as also looking into the track record of the transactions. IVR calls were made to the account holder on his registered mobile number but the same were unanswered and owing to this the transactions were withheld and denied and this information was also sent to the account holder through SMS/text message. Relevant message is as follows:- "We are unable to reach you to confirm Fund Transfer txn of 1582000.00 in ICICI Bank Savings Acc XXX5138 on 13-AUG-24. To raise dispute call

18002662. To unblock call 18001080. If outside India call 91-22- 33667777”

10. It is explained by the bank that after the account holder reached out to the bank and placed a request through reference Nos. SR1002060189 and SR1002297227 through phone banking mode for whitelisting his account to enable him to carry out the high value transactions, the request was processed and confirmation in this regard was issued to the account holder via SMS/text message alert. The transactions were authenticated through GCA/OTP since this information is only known to the account holder, being confidential information. Additionally, SMS/text message as also e-mail alerts were sent to the account holder on his registered mobile number and email address informing him that transactions in the sum of Rs. 25,63,431/-, Rs.15,82,373/- and Rs.8,95,720/- were carried out in his account. Relevant messages are as follows:- “"ICICI Bank Acc XX138 debited Rs, 25,63,431.00 on 13-Aug-24 InfoBIL*INFT*DHHO.Avl Bal Rs. 4,84,094.02.To dispute call 18002662 or SMS BLOCK 138 to 9215676766" "ICICI Bank Acc XX138 debited Rs. 15,82,373.00 on 13-Aug-24 InfoBlL*INFT*DHHO.Avl Bal Rs. 32,294.02. To dispute call 18002662 or SMS BLOCK 138 to 9215676766" "Dear Customer, RTGS transaction with ICICI Bank Reference No. ICICR12024081403140015 for Rs.895720.00 has been credited to the Beneficiary Account XX3939 on 14-Aug-24 at 15:31:49."”

11. From a holistic reading of the affidavit filed by ICICI Bank and after hearing the counsels for the parties, I am of the view that there is no substance in the contention of the Petitioner that the bank has been negligent leading to the alleged cyber fraud. In fact, what actually emerges from the stand of the bank is that Petitioner voluntarily entered into these transactions and has admitted that he did transfer the monies. As per the bank’s record the transactions were carried out through mobile banking as the account holder had entered the beneficiary/payee account details and OTP alert was sent to his registered mobile number and was used to authenticate the addition of the beneficiary/payee account. This was followed by a cooling off period of about 30 minutes and Petitioner was informed of the expiry of the said period, which is evidenced from the message extracted above. Initially looking at the fact that the transactions were of high value, the transactions were denied and IVR calls were made on the registered mobile number of the Petitioner but there was no response. Message to this effect was also sent, as noted above. It was only when the Petitioner reached out to the bank for whitelisting his account to carry out the transactions that the request was processed. Confirmation was sent in this regard to the Petitioner via SMS/text message alert and the transactions were authenticated through GCA/OTP since this information is only available with the account holder. Clearly, the transactions were carried out by the Petitioner willingly and knowingly and after confirming the OTP number. Petitioner was in receipt of the OTP number as also the alerts when the transactions were carried out and in this backdrop, it cannot be said that the Petitioner was a victim of a cyber fraud. In any event, no liability can be fixed on the bank as all necessary safeguards were put in place before the transactions went through. Therefore, the question of Respondents No.1 to 9, which include other banks, RBI and Ministry of Finance, being directed to refund the amount of Rs.50,41,524/- does not arise. In light of the aforestated facts, the argument of the Petitioner that the bank has failed to abide by and/or implement the Prevention of Money-Laundering (Maintenance of Records) Rules, 2005 and Master Direction – Know Your Customer (KYC) Direction, 2016 of the Reserve Bank of India (RBI), is misconceived.

12. The writ petition is dismissed being bereft of merit.

JYOTI SINGH, J DECEMBER 15, 2025/AK/YA