Electronic Banking Transaction

Posted on by user

Introduction

Electronic Banking Transaction (commonly called e‑banking, internet banking, online banking or virtual banking) denotes any movement of funds, payment instruction, account access or related banking service effected by electronic means rather than by in‑person branch interaction. In India, electronic banking underpins retail payments, corporate treasury operations and the digital economy (UPI, NEFT, IMPS, card payments, net‑banking), making the legal rules governing its validity, admissibility of electronic evidence, allocation of loss and regulatory oversight central to litigation and transactional practice.

Core Legal Framework

  • Reserve Bank of India (RBI) — Payment and Settlement Systems Act, 2007: the PSS Act provides the statutory foundation for payment systems and confers wide regulatory powers on the RBI to designate, regulate and supervise electronic payment systems (RBI notification and master directions implement the Act). Practitioners must look to RBI Master Directions and circulars for operational and consumer‑protection rules governing electronic banking operations (e.g., rules on customer authentication, reversal of unauthorized transactions and timelines for reporting/dispute resolution).
  • Information Technology Act, 2000 (IT Act): provides statutory recognition to electronic records and digital authentication infrastructure; creates offences for computer and cyber‑enabled frauds (e.g., offences relating to hacking, identity theft and unauthorised access). The IT Act also inserted Sections 65A and 65B into the Indian Evidence Act to govern admissibility of electronic records.
  • Indian Evidence Act, 1872 — Sections 65A and 65B: these are the primary provisions on admissibility of electronic records and prescribe the mode in which electronic records — including transaction logs, e‑mail confirmations, server printouts and other computer outputs — must be proved. Section 65B(4) requires a certificate identifying the computer system, the particulars of the record and the person responsible for the system when secondary evidence of an electronic record is produced.
  • Consumer Protection Act, 2019 and Banking Ombudsman Scheme (RBI): banks and payment service providers are “service providers”; deficiency in service relating to electronic banking, delayed reversals or unfair charges can be pursued before consumer fora and the RBI Ombudsman.
  • Digital Personal Data Protection Act, 2023 (DPDP Act): imposes duties on entities handling personal data (banks are data fiduciaries); relevant for lawful processing, breach notification, consent and security obligations in the context of e‑banking.
  • Penal Code/Criminal Law: cheating (Section 420 IPC), criminal breach of trust (Section 406 IPC) together with IT Act offences (Sections 43, 66, 66C, 66D, 72A and others) are commonly invoked in electronic banking fraud prosecutions.
  • Contract law: the Indian Contract Act and principles of contract formation apply to electronic contracts, read with the IT Act’s recognition of electronic communications and digital signatures for contractual acceptances.

Practical Application and Nuances

This section focusses on how electronic banking issues actually arise and are litigated in Indian courts; what evidence is decisive; and how practitioners should frame claims and defences.

  1. Usual disputes and forums
  2. Unauthorised transactions (customer claims funds transferred without their authorization).
  3. Transaction disputes over failed or duplicate transactions.
  4. Negligence/deficiency of service claims against banks for failing to implement adequate security or for late reversal.
  5. Fraud on the customer via account takeover, SIM‑swap, phishing, fake OTPs; criminal complaints and civil recovery both follow.

  6. Forum choice: consumer fora and the RBI Ombudsman are pragmatic and quick for retail disputes; civil suits/summary suits for recovery; criminal complaints/FIRs for fraud; High Courts/Writ petitions where systemic/regulatory relief is sought.

  7. Admissibility and proving electronic records

  8. Primary evidence: the original electronic record (e.g., bank’s server log, database extract) if produced by the custodian is the most reliable proof. Courts routinely require contemporaneous system logs, transaction IDs, time‑stamps, payer and payee fields, IP address/geolocation, device IDs and authentication records (OTP issuance times, token IDs).
  9. Secondary evidence and 65B: where a party relies on copies or printed outputs from electronic systems, Sections 65A & 65B are engaged. Practically, obtain a 65B certificate (signed by the person in control of the relevant computer system or an authorised official of the bank) alongside the computer printouts. After Anvar P.V. v. P.K. Basheer (see below), courts were strict about the 65B certificate; subsequent clarification (Arjun Panditrao Khotkar) influenced practice, but obtaining a 65B certificate remains best practice.

  10. Forensic evidence: in cases alleging account takeover or SIM‑swap, expert forensic analysis (mobile device examination, SIM allocation logs, SS7/telecom logs if relevant) is often decisive. Preserve devices and obtain early seizure/forensic imaging orders.

  11. Burden of proof and the bank’s contractual terms

  12. Banks typically rely on their customer‑facing terms (internet banking agreements, OTP/2FA clauses) that allocate liability; courts will examine whether the bank followed RBI security directions and its own stated processes.

  13. RBI’s customer‑protection directives and circulars often frame how liability is allocated in unauthorised transactions: broadly, if the customer reports promptly and is not negligent, the bank must reverse the transaction and bear loss; if the customer is negligent (shared password/OTP), liability may shift to customer. Exact allocation depends on facts, timelines and the bank’s compliance with RBI norms.

  14. Typical litigation pathway (practical checklist)

  15. Immediate preservation: send immediate written notice to bank demanding preservation of all logs, call‑recordings, CCTV footage, database extracts and telephony records (date/time stamped). Seek an interim order from the court for preservation if necessary.
  16. Complaint to bank and police: file grievance with bank (get SR number), lodge FIR promptly if fraud suspected (cheating/s.420, IT Act offences). RBI Ombudsman complaint if bank response is unsatisfactory after escalation.
  17. Obtain 65B certificate and server logs: request the bank to produce electronic records with a 65B certificate; if bank refuses, make an application to the court/magistrate under its powers to direct production of documents/evidence.
  18. Expert forensic audit: arrange forensic analysis of devices/accounts; attach the report to pleadings to strengthen causal linkage between alleged breach and unauthorised transaction.
  19. Pleading: plead facts narratively — time of SMS alerts, steps taken to secure account, chronology of bank interactions, FIR/complaint numbers, steps bank took. Specifically plead the bank’s failure (if any) to follow RBI guidelines or its own security norms.

  20. Reliefs: recovery of funds, injunctions to prevent further transfers, costs, compensation for deficiency of service; criminal sanction through prosecution if warranted.

  21. Example scenarios

  22. Example A — Unauthorized IMPS transfer: customer alleges they never initiated IMPS but statement shows an IMPS debit. Useful evidence: SMS alerts (time‑stamped), bank transaction ID, beneficiary account details, IP address and device IDs logged at the time. Strategy: demand reversal and 65B certificate; if bank denies, file consumer complaint and civil suit for recovery with 65B‑enabled server extract and forensic evidence.
  23. Example B — SIM‑swap enabled fraud: bank contends OTP was generated and customer negligent. Useful evidence: telecom records (SIM allocation, change request), bank’s OTP generation logs, access logs. Strategy: simultaneous FIR for telecom/misuse, civil/consumer claim against bank for failing to detect unusual access patterns, seek telecom records via court order.

Landmark Judgments

  • Anvar P.V. v. P.K. Basheer (Supreme Court): this decision emphasised the need for compliance with Section 65B of the Evidence Act when producing electronic records as secondary evidence, and clarified the role of the certificate prescribed by Section 65B(4). After Anvar, courts insisted on formalistic compliance for electronic evidence produced by parties.
  • Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal (Supreme Court): this later decision clarified the scope of Section 65B and the admissibility of electronic records produced as primary evidence; it nuanced the strict approach of Anvar by holding that where the original electronic record is produced, the absence of a Section 65B(4) certificate may not be fatal. The practical lesson: while judicial doctrine evolved, litigators must still secure and present electronic evidence in the manner most likely to pass muster — i.e., procure original electronic records and, where secondary evidence is used, accompanying 65B certificates.
  • RBI judgments/decisions and Ombudsman orders: a large body of quasi‑judicial pronouncements by the RBI Ombudsman and consumer fora interpret the bank’s duties in electronic transactions and the RBI’s master directions. These are highly persuasive for remedies such as reversal and compensation.

Strategic Considerations for Practitioners

  1. Preserve evidence immediately

  2. Issue written preservation notices to banks and intermediaries on day one; in contested matters, ask the court for an interim preservation order to prevent alteration of logs or deletion of CCTV footage. Time‑sensitive telecom and server logs are commonly purged after retention periods — act fast.

  3. Use the right procedural vehicle

  4. For quick relief on retail transactions consider RBI Ombudsman or consumer forums (speed, low cost). For larger sums or complex inter‑jurisdictional issues, civil suits and criminal complaints are appropriate. Parallel remedies (civil and criminal) are permissible and often necessary.

  5. Expert evidence is indispensable

  6. Do not litigate technical matters without expert opinion. Forensic reports tying unauthorized access to specific devices/accounts and telecom events are persuasive. Cross‑examination of bank IT officers and reliance on their 65B certificates will often decide the factual matrix.

  7. Don’t fall into technical traps: obtain primary records

  8. Even with the post‑Arjun jurisprudence, courts remain cautious. Obtain the bank’s original server extracts and a 65B certificate where production of a printout is relied upon. If bank refuses, seek court’s direction compelling production.

  9. Scrutinize the bank’s security and compliance

  10. Plead and prove whether the bank complied with RBI guidelines (two‑factor authentication, OTP robustness, proactive transaction monitoring for anomalous behavior). Show gaps (weak authentication, delayed blockage) to shift onus to the bank.

  11. Anticipate and rebut allegations of customer negligence

  12. Banks commonly plead customer negligence (sharing passwords/OTP, falling for phishing). Preserve contemporaneous evidence that customer did not share credentials (CCTV at home? device logs?); show prompt complaint filing, steps taken to secure account, and that the bank’s internal protocols failed.

  13. Use statutory and regulatory instruments

  14. Invoke the PSS Act and RBI master directions to frame a bank’s statutory obligation; cite DPDP Act obligations in data breach cases; pursue consumer redressal and, if systemic, seek writ remedies.

  15. Drafting practical pleadings and reliefs

  16. Attach all digital alerts, complaint IDs, screenshots, correspondence and forensic reports. Pray for specific reliefs: production of server logs with 65B certificate, interim freezing of beneficiary accounts, appointment of court‑appointed forensic expert, recovery and compensation, and costs.

Common Pitfalls to Avoid

  • Delay: failing to lodge complaints (bank/FIR/Ombudsman) promptly erodes prospects for recovery and preservation of logs.
  • Overreliance on SMS alone: SMS proves only a message was sent to the SIM, not that the customer authorised a transaction — correlate with server logs.
  • Skipping expert evidence: presenting only lay assertions about device misuse or hacking will usually fail.
  • Ignoring contractual clauses and T&Cs: litigants ignoring the bank’s terms or failing to plead them face credibility issues; but also scrutinize unconscionable clauses for unfairness under consumer law.
  • Procedural lapses on electronic evidence: not procuring 65B certificates or original server extracts can be fatal or at least costly.

Conclusion

Electronic banking transactions are governed by a mesh of regulatory, evidentiary and criminal law rules. Success in disputes turns on early preservation of data, obtaining primary electronic records (and, where necessary, Section 65B certificates), engaging credible forensic experts, and framing liability against the backdrop of RBI master directions and bank contractual terms. For practitioners: move fast to preserve logs, litigate with expert support, and insist on bank compliance with regulatory safeguards — these practical steps materially increase the prospect of reversal, recovery or compensation in e‑banking disputes.