ICICI Bank fined Rs. 12.85 Lakh for Phishing attack
By Pulkit Sharma

Cyber law expert Na.Vijayashankar, also known as Naavi in Cyberspace, is one of the most respected names in the Indian tech world.  As Chairman of the Digital Society Foundation and as a Director of Cyber Law College, one of Naavi’s life mottos is “Let’s build a responsible Cyber society”. 

Naavi’s views are highly regarded and he is regularly quoted by Indian media.

In a landmark judgment in India, delivered by Sri PWC Davidar, IAS, the Adjudicator of Tamil Nadu (also the IT Secretary) an award for the payment of Rs 12.85 lakhs has been granted to a petitioner who alleged a fraudulent withdrawal from his ICICI Bank account. The Bank contended that the issue involved customer negligence and did not fall under the jurisdiction of the adjudicator. However, in a well reasoned judgment (copy of which is available at www.naavi.org) the Adjudicator held that an offence is made out under ITA 2000 and it falls under the jurisdiction of the adjudicator.

The honourable Adjudicator proceeded to accept the petitioner’s argument that the Bank had not exercised due diligence and therefore was liable under Section 85 of the Act to pay the compensation. One of the main points highlighted in the judgment is that the Bank failed to use appropriate authentication of its e-mails to customers in the form of “Digital Signatures”. The Bank’s systems and procedures before and immediately after the commission of the offence and the lack of responsibility was also highlighted. Since there are hundreds of Phishing frauds that are happening in the Indian scenario, this judgment is likely to be welcomed by millions of internet banking customers in India. As Naavi has been emphasizing for a long time, non adoption of digital signatures by Banks for authenticating Internet Banking transactions is a matter of utter disregard to the laws and RBI guidelines and this judgment would help in restoring some responsibility amongst the Bankers.

Naavi had recently offered a mechanism to the Chairman of a Bank (who is also the chairman of Indian Bank Association) under which the digital signature can be provided to every one of their customers at the cost of the annual fee they are now charging for servicing the account. Regrettably, there was no response from the Bank.

It is high time the IBA pulled up their socks to implement such common sense proposals.