Keeping surplus money in a bank account has become perilous, alerts Harsh Roongta.
In the 1970s, Jack, a United States citizen, wanted to marry Anna, a citizen of the Communist Soviet Union.
To get approval, Jack was asked to get a document from the US authorities certifying he was not married.
This was a clever bureaucratic ploy for rejecting his application.
Getting the US authorities to certify a negative fact -- that Jack was not married -- was an impossible task.
I recalled this story while reading a Bombay high court decision requiring a bank to refund Rs 77 lakh that had been debited from a company called PSAPL's bank account without authorisation.
On October 2, 2022, PSAPL received 13 SMS messages notifying it of the transfer of Rs 77 lakh from its account to unknown parties.
The beneficiaries were not known to PSAPL and it had not added them as beneficiaries. Aside from the SMS alerts, it had received no other communication from the bank.
PSAPL immediately filed complaints with both the bank and the cybercrime cell of the police.
It was confident of receiving a refund in line with the Reserve Bank of India's circular of July 6, 2017, on Unauthorised Electronic Banking transactions, which mandates refunds where the account holder has not been negligent.
The burden of proving negligence also lies with the bank.
The bank claimed PSAPL had been negligent for two reasons: One, it had authorised the addition of beneficiaries on October 1, 2022, by logging into its net banking account and approving the additions using the One Time Passwords (OTPs) sent to its mobile and email.
Two, it had logged into its net banking account on October 2, 2022, and authorised 13 payments totalling Rs 77 lakh using OTPs sent to its mobile and e-mail.
The dispute hinged on whether PSAPL had added the beneficiaries and authorised the payments, and whether it had received the OTPs the bank claimed to have sent.
The bank's internal systems team certified that the OTPs had been sent and delivered. The bank then asserted that PSAPL was 'hand-in-glove with the fraudsters'.
This internal certification was deemed sufficient by the banking ombudsman, who dismissed PSAPL's complaint.
PSAPL then filed a writ petition in the Bombay high court. It faced the challenge of proving it had never received the OTPs -- a negative fact, reminiscent of Jack's dilemma.
Fortunately, the court ordered PSAPL's service providers, Airtel and Rediffmail, to certify based on their logs.
Both providers confirmed that no SMSes or e-mails from the bank were received by PSAPL on the specified days. Consequently, the court ordered the bank to refund Rs 77 lakh to PSAPL.
PSAPL's story ended on a positive note, but only after it endured the ordeal of losing Rs 77 lakh and being branded a fraudster.
To prevent ordinary citizens from facing a similar situation, several measures are needed.
Technology allows senders to receive a delivery confirmation when an SMS is delivered. RBI should mandate a log from the bank's telecom provider as proof.
Citizens should also be able to obtain verified logs of their calls, texts, and e-mails from their telecom and e-mail providers.
An Account Aggregator-like framework can enable these authenticated logs to be sent directly to the bank or the banking ombudsman as proof of non-receipt of OTPs.
Truth be told, keeping surplus money in a bank account has become perilous. Frauds like these have eroded trust.
Another big risk is mis-selling by bank employees. Banks, which are an essential pathway for a nation's economic progress, must act swiftly to stem the growing mistrust.
Harsh Roongta heads Fee-Only Investment Advisors LLP, a Sebi-registered investment advisor.
Feature Presentation: Ashish Narsale/Rediff.com