Banks have been told to be more responsive to customers’ requests for enlightenment on cases of Net frauds they report.
The Central Information Commission (CIC) has issued a relevant order while dealing with an RTI plea on hacking of a trader’s bank account in Kolhapur, Maharashtra.
Cyber securityThe issue of cyber security brought up by the appellant cannot be underestimated, the order said.
It is desirable that at the end of the investigations, the banks concerned make public a list of their findings, listing precautions they have taken and those they would like customers to follow.
The case involved the bank account of R Unnithan, which was hacked and ₹9.65 lakh withdrawn in 24 transactions across the country between April 12 and 13, 2012.
The order is significant as bankers are prompt to wash their hands off saying they cannot be held responsible as most cases happen ‘due to customer’s negligence’.
Their stock defence is that they periodically alert customers to be cautious in their dealings on the Internet to prevent stealing of personal data, such as password, by unscrupulous third parties. (It is another case that the Central Vigilance Commission was constrained to warn banks against being lax with respect to ensuring secrecy of employee passwords.)
Complicated caseIn Unnithan’s case, even the Maharashtra State Ombudsman refused to intervene saying it was not an investigative forum and the issue was “complicated in nature requiring consideration of elaborate oral and documentary evidences.”
It, therefore, fell on S Dheenadhayalan, an RTI activist, to pursue the matter with the CIC, leading to the order being issued.
Dheenadayalan had to exhaust intermediate appellate mechanisms and undergo outright rejections before he could achieve some closure to the case.
Refused informationIDBI Bank, the respondent bank, had refused information on the fraud on Unnithan’s Net banking account by taking cover under Section 8 of the RTI Act.
Its case was that such information is held in fiduciary relationship with the customer and was as such exempt from disclosure under Section 8(1)(e) of the Act.
This section precludes a bank from disclosing information concerning a third-party account even if an appellant has chosen to represent the holder of the account.
But Dheenadayalan argued that placing of records in the public domain would not only serve as a confidence-building measure but also act as a deterrent on future frauds.
The exemption that the respondent bank enjoyed found favour with both the First Appellate Authority and the Second Appellate Authority.
But the final order in the form of a general advice to banks seemed to override the exemption granted by the Act, said Dheenadhayalan.