Subodh C Korde vs Union Of India Thr Ministry Of Finance … on 6 April, 2026

    0
    22
    ADVERTISEMENT

    Bombay High Court

    Subodh C Korde vs Union Of India Thr Ministry Of Finance … on 6 April, 2026

    Author: Bharati Dangre

    Bench: Bharati Dangre

      2026:BHC-AS:16973-DB
    
                                                                                        1/100                  WP-11990-23.odt
    
                                                       Ashish/Salgaonkar
    
    MANDIRA MILIND
    SALGAONKAR
                     Digitally signed by MANDIRA
                     MILIND SALGAONKAR
                     Date: 2026.04.09 21:11:36 +0530
                                                                IN THE HIGH COURT OF JUDICATURE AT BOMBAY
                                                                            CIVIL APPELLATE JURISDICTION
                                                                           WRIT PETITION NO.11990 OF 2023
    
                                                       Subodh C. Korde
                                                       Row House 59,
                                                       Woods Condominium,
                                                       Kalewadi Phata,
                                                       Wakad, Pune 411 057                       ..     Petitioner
    
                                                                              Versus
                                                       1. Union of India
                                                       Through Ministry of Finance, Aaykar
                                                       Bhava, Maharshi Karve Road,
                                                       Churchgate, Mumbai
                                                       And
                                                       Ministry of Communications
                                                       Department of Telecommunications
                                                       12th Floor, Sanchar Bhawan, 20
                                                       Ashoka Road, New Delhi 110001             ..
    
                                                       2. Governor
                                                       Reserve Bank of India
                                                       Central Office Building,
                                                       Shaheed Bhagat Singh Marg,
                                                       Mumbai - 400 001                          ..
    
                                                       3. Managing Director,
                                                       HDFC Bank Limited
                                                       Address : HDFC Bank House,
                                                       Senapati Bapat Marg,
                                                       Lower Parel (W), Mumbai,
                                                       Maharashtra - 400013                      ..
    
                                                       4. Managing Director,
                                                       ICICI Bank Ltd.
                                                       Address : Landmark, Racecourse
                                                       Circle, Vadodara 390 007                  ..
    
    
    
    
                                                         ::: Uploaded on - 09/04/2026                 ::: Downloaded on - 10/04/2026 22:06:02 :::
                                     2/100                 WP-11990-23.odt
    
    
    5. Bharat Sanchar Nigam Limited
    2 Mahatma Gandhi Road, Azad
    Maidan, Fort, Mumbai,
    Maharashtra 400001                      ..
    
    6. State of Maharashtra
    Through Wakad Police Station, Pune
    Address : Datta Mandir Rd.,
    Pratham Bungalow Society,
    Wakad, Pimpri-Chinchwad,
    Maharashtra 411057                      ..     Respondents
                                ...
    Mr.Sharan Jagtiani, Senior Advocate with Mr.Priyank
    Kapadia, Ms.Sapna Pande i/by Mr.Akshay Pansare for the
    Petitioner.
    Mr. Prateek Seksaria, Senior Advocate with Mr. Ishwar
    Nankani, Mr. Huzefa Khokhawala, Mr. Karan Parmar, Mr.
    Kartik Gupta i/b M/s.Nankani & Associates for Respondent
    No.3.
    Mr.Mayur Khandeparkar with Mr.Mayur Bhojwani, Mr. Ulrik
    Jehangir, Ms.Dhamini Nagpal, i/b M/s. Manilal Kher Ambalal
    & Co. for Respondent No.4.
    Adv. Prasad Shenoy with Ms. Aditi Phatak and Ms. P. Zaiwalla
    i/b BLAC Co for Respondent No.2 and 7.
    Mr. Ashutosh Mishra with Mr. Vinit Jain, Mr. Ashok R. Varma
    and Mr.Gaurav Mhatre for Respondent No. 1 - UOI.
    Mr.M.M. Pable, A.G.P. for the State/Respondent.
    Adv. Aparna Shrivastava i/b Reliable Legal Partners for
    Respondent No.5.
    Mr. Prakash Shitole, Representative of Respondent No.5,
    present.
    
                   CORAM: BHARATI DANGRE &
                            MANJUSHA DESHPANDE, JJ.
               RESERVED ON : 9th FEBRUARY, 2026
           PRONOUNCED ON   : 6th APRIL, 2026
    
    
    
    
     ::: Uploaded on - 09/04/2026                ::: Downloaded on - 10/04/2026 22:06:02 :::
                                          3/100                     WP-11990-23.odt
    
    JUDGMENT ( Per Bharati Dangre, J.)
    

    1. The Petitioner, a freelancer in Business Consultancy, has

    approached this Court stating that he is a victim of Cyber

    SPONSORED

    fraud and a sum of Rs. 38,04,000/- was unauthorizedly

    withdrawn from his two bank accounts maintained with HDFC

    Bank Ltd., in a time gap of 41 minutes. According to the

    Petitioner, he was defrauded by the online unauthorized

    withdrawals, the transactions being permitted by the Bank

    and his grievance is, the HDFC Bank has refused to reverse the

    amount to his account, which according to him is in complete

    breach of applicable directions /guidelines issued by the

    Reserve Bank of India (“RBI”). According to the Petitioner, his

    monies were unauthorizedly transferred to the account/s held

    by the fraudsters in ICICI Bank, who despite timely intimation

    in that behalf refused to take steps for preventing

    withdrawal/further transfer.

    2. The Petition has impleaded the Union of India through

    the Ministry of Finance, and Ministry of Communications as

    Respondent No.1, with the Reserve Bank of India through the

    Governor, being impleaded as Respondent No.2, whereas the

    HDFC Bank Limited and ICICI Bank Ltd through their

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    4/100 WP-11990-23.odt

    Managing Directors are impleaded as Respondent Nos.3 and 4

    respectively, Bharat Sanchar Nigam Limited (“BSNL”) is the

    Respondent No.5, in the Petition along with the State of

    Maharashtra through Wakad Police Station Pune, as

    Respondent No.6.

    The Writ Petition seeks the following reliefs:-

    “a. issue a writ of mandamus or a writ in the nature of mandamus or
    any other writ, order or direction under Article 226 of the Constitution
    of India to direct Respondent No. 2 to initiate appropriate action
    against Respondent Nos. 3 and 4 for violation of I-Banking Guidelines
    dated 14th June 2001 (Exhibit “O”), the said Notification dated 6 th July
    2017 (Exhibit “R”) and the Master Directions dated 18 th February
    2021 (Exhibit “S”) issued by Respondent No. 2;

    (a-i) That this Hon’ble Court be pleased to issue a Writ of Certiorari or
    any other appropriate Writ, order or direction under Article 226 of the
    Constitution of India to quash and set aside the decision dated 28
    March 2022 (Ex. L Pg. 208 of the Petition) communicated by the
    Reserve Bank of India (Centralised Receipt and Processing Centre)
    issued with the approval of Respondent No. 7 whereby the Ombudsman
    has rejected the complaint bearing no. N202122021018946 filed by the
    Petitioner.

    (a-2) That this Hon’ble Court be pleased to direct Respondent No. 3
    and 4 to refund the amount fraudulently transferred from the bank
    account of the Petitioner and also issue directions to Respondent No. 3
    and 4 to extend cooperation to investigating agency by providing
    necessary KYCs and other related documents;

    b. issue a writ of mandamus or a writ in the nature of mandamus or
    any other writ, order or direction under Article 226 of the Constitution
    of India to direct Respondent No. 1 to initiate appropriate action
    against Respondent No.5 for violation of Department of Telecom’s
    Instruction dated 01.08.2016 bearing File no. 800-09/2010-VAS (part)
    (Exhibit “V”);

    c. issue a writ of mandamus or a writ in the nature of mandamus or
    any other writ, order or direction under Article 226 of the
    Constitution of India to direct Respondent No. 2 to appoint an
    independent IS Auditor (Government and/or private agency) to
    conduct an exhaustive IS Audit of Respondent No. 3 in terms of the
    said Guidelines dated 29″ April 2011 issued by Respondent No. 2
    (Exhibit “Q”);

    d. issue a writ of mandamus or a writ in the nature of mandamus or
    any other writ, order or direction under Article 226 of the Constitution
    of India to direct Respondent No. 2 to initiate appropriate action

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    5/100 WP-11990-23.odt

    against Respondent Nos. 3 and 4 for non – compliance with their
    obligations under Master Circular dated 1st July 2008 (Exhibit “U”);”

    3. We have heard learned Senior Counsel Mr. Sharan

    Jagtiani for the Petitioner, learned Senior Counsel Mr. Pratik

    Seksaria for Respondent No.3, Mr. Mayur Khandeparkar for

    Respondent No.4, and Mr. Prasad Shenoy for Respondent

    Nos.2 and 7, Reserve Bank of India.

    On the pleadings being completed, by consent of parties,

    we have taken up the Petition for hearing at the stage of

    admission and hence, we deem it appropriate to issue ‘Rule’,

    which is made returnable forthwith.

    4. In order to pronounce upon the reliefs prayed in the

    Petition with the reliefs being opposed by the counsel

    representing the Respondents, we deem it appropriate to refer

    to the facts involved leading to the aforesaid Petition placed

    before us.

    The Petitioner, maintained a saving and current bank

    account with the HDFC Bank since 2011 and 2016 respectively.

    As per the pleaded case of the Petitioner, on 14/07/2021, three

    unknown persons namely Samir Tamang, Aloke Pal,

    Subhomoy Biswas, were added as beneficiaries in the

    Petitioner’s account for the purpose of enabling net-banking

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    6/100 WP-11990-23.odt

    transaction and the permissible net banking limit qua his

    account of Rs. 4,00,000/- (Rupees Four Lakh Only) was

    enhanced to Rs. 40,00,000/- (Rupees Forty Lakh Only). It is

    the specific case of the Petitioner that no OTPs was received by

    him from HDFC Bank for both the activities i.e. addition of

    beneficiaries or enhancement of transfer limit. Although the

    security system of the HDFC Bank flagged and alerted, the

    addition of these beneficiaries and the alert recommended

    ‘Decline add payee’ and also alerted “Transaction IP does not

    match with genuine transaction IP of customer” the addition of

    beneficiaries was manually approved by the Bank.

    Upon the aforesaid activity being permitted by the Bank,

    on 15/07/2021, the Petitioner lost a sum of Rs. 38,04,000/-

    through eight unauthorized bank transfers, which took place

    within a span of 41 minutes and the money was transferred to

    the accounts of the beneficiaries added on the previous day as

    the transaction limit of the account was enhanced.

    The Petitioner received intimation of one such transfer

    of Rs. 2,14,000/- at 17:55 hours on 15/07/2021 i.e. after two

    hours of the last transaction. No sooner, the Petitioner

    received an SMS alert from the bank about the transfer of Rs.

    2,14,000/- , he logged on the net-banking facility to check

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    7/100 WP-11990-23.odt

    status of his account. At this time, he realised that a sum of Rs.

    38,04,000/- has been transferred through eight transactions

    between 15:06 hours and 15:47 hours.

    According to the Petitioner he has never added the three

    individuals as beneficiaries as they are not known to him and

    no OPT was received by him on his Mobile Number or Email Id

    for confirming the addition of the beneficiaries.

    The Petitioner addressed an email to the relationship

    manager, Mr. Prashant Patil, informing him about the

    unauthorized transactions and he even tried to connect to

    HDFC toll-free number, but was unable to do so. He also called

    the Official from the Bank asking him to block the account and

    issued instructions in writing in that regard at 6:58 hours, and

    on the next date, he lodged an FIR with the local police station.

    5. On 28/07/2021, the HDFC Bank addressed an email to

    the Petitioner denying its liability and alleging breach of

    confidential information at the Petitioner’s end by stating as

    below:-

    “Dear Mr. /Ms. Korde,
    This is with reference to your complaint regarding fraudulent
    transactions in your Account done through NetBanking Third Party
    Fund transfer amounting to Rs. 38,04,000.00/-.
    We wish to inform you that any such debits happening to the
    customer’s account using NetBanking is valid transaction for the Bank
    since the same has been done using the Customer Id, NetBanking

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    8/100 WP-11990-23.odt

    password (IPIN) & other account sensitive information which is known
    only to the customer.

    The IPIN is privy to the customer and as such the NetBanking transfer
    is not possible without customer compromising his/her IPIN, Customer
    ID & other account sensitive information knowingly or unknowingly.
    The Third Party Fund Transfer transactions, done in your account post
    inputting of Customer ID and IPIN (NetBanking Password) and the
    same was duly authenticated with One Time Passwords (OTPs) which
    was sent on your registered Mobile number/ E-Mail Id.
    Beneficiary addition was done in your account and funds were
    transferred. In order to add a beneficiary, besides inputting customer
    sensitive details like Customer ID and IPIN, an OTP is also generated
    and sent to the registered mobile number /Email ID (Only in case of NR
    customer) of the customer which needs to be inputted as an additional
    authentication mechanism.

    In the above case, OTP has been generated and sent to your registered
    mobile number, post inputting of the correct OTP, the beneficiary was
    successfully added into the account.

    As part of security control at the Bank, a beneficiary is activated only
    post cooling period of 30 minutes of addition and for new beneficiary
    addition all transactions are mandatorily to be authenticated with
    OTP.

    As part of the extant process, transaction alerts were sent for
    beneficiary Addition and also for the subsequent transaction done.
    In effect, there has been breach of confidential information, without
    which none of the above transaction could have been taken place.
    We would request you to kindly lodge a FIR/Police Complaint and
    submit the copy of the same to the Branch.”

    6. On receipt of the above, on 29/07/2021, Petitioner

    addressed an email to the Grievance Redressal Officer, Branch

    Manager and Chief Executive Officer, specifically stating that

    no alerts were received by him and the accusation against him

    was unfounded. On 14/09/2021, the Customer Service

    Manager of the HDFC Bank by his email communicated to the

    Petitioner that there was no deficiency in service by the HDFC

    Bank, which constrained the Petitioner to address a detail

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    9/100 WP-11990-23.odt

    representation to the Respondent Nos.3 and 4, with reference

    to his earlier complaints and he also revealed the information

    that was available with the police. His grievance was

    specifically worded as below:-

    “3. As per information available with Police, the entire amount of Rs.
    38,04,000/-, has gone to three new beneficiaries created in my
    Account. It appears that the beneficiaries were added on 14 th July 2021
    and Third Party Transaction Limit was increased from Rs. 4,00,000/-
    per day to Rs. 40,00,0000/- per day which is not within my knowledge.
    History of my Account will show that nowhere, right from the opening
    of the accounts, Credit Limit was enhanced so high and such
    beneficiaries were added in one go and such large no. of transactions
    were effected on my account and of such quantum within such a short
    span of time. I am a senior citizen. The fact that I am a senior citizen is
    known to the Bank from the record. The moment there is addition of 4
    beneficiaries along with increasing Transaction Limit to Rs.
    40,00,000/- from 4,00,000/-, HDFC Bank/ Relationship Manager or the
    Branch or IT based security system should have raised the alarm and
    the Bank ought to have got in touch with me on phone or by email and
    should not have allowed transfers.

    6. However, after the aforesaid alert, no other alert seems to have
    been raised. No efforts were made by HDFC Bank to examine the
    reasons for transactions not been alerted .The Bank has claimed that
    SMS was sent to my registered mobile. However, as per data received
    from BSNL, no such SMS is received on my registered mobile.
    Therefore, certainly, there is a deficiency of service on the part of
    HDFC Bank and therefore, HDFC Bank is responsible for the
    consequences However, based on incident report, which itself shows
    that there was an error in judgment and looking at number of frauds
    occurring on a regular basis and without examining important aspect
    such as addition of large number of beneficiaries a/w sudden increase
    in limit in Rs. 4 lakhs per day to Rs. 40 lakhs per day, Bank should
    have applied breakers on all the transactions. The system of the Bank
    is also defective and is unable to pinpoint peculiarities such additions
    of 4 beneficiaries in a short span of time and transaction limit was
    increased by 10 times, the IT enabled security system should have
    quickly examined authenticity of beneficiaries, their credentials, their
    risk profile and ought to have rejected the transaction.”

    7. In the report submitted by Wakad Police Station on

    23/12/2021, the Police Inspector, addressed a communication

    to Branch Manager, HDFC Bank, where he specifically stated

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    10/100 WP-11990-23.odt

    that no error or negligence was found against Mr. Subodh

    Korde and the communication read thus:-

    “To,
    The Branch Manager
    HDFC Bank.

    Subject:- Refund the amount to the complainant (Mr. Subodh Korde,)
    Upon complaint of Mr. Subodh Chandrakant Korde, age 61 years,
    resident at- Duplex Woods, Condominium Society, Kalewadi Fata, Pune
    an offence wide Cr. No. 578/2021 Under Section 420,467, 468, 471 of
    Indian Penal Code, and Section 66(C), 66(D) of Information
    Technology Act is registered at Wakad Police Station.
    It is revealed that Complainant did not share any type of
    information and no error or negligence was found against him in the
    investigation carried out till date. So please Refund the amont of Rs.
    38,04,000.00 to the complainant Mr. Subodh Korde. (1. Subodh
    Chandrakant Korde-HDFC Bank- A/C- 00521000116116, 2. Ekam
    Consultant- HDFC Bank- A/C- 0200022189551) as per RBI rules and
    regulations.”

    Further the Police Inspector, Wakad Police Station, also

    addressed a communication to the Branch Manager, ICICI

    Bank, directing it to refund the amount debited from account

    of the Petitioner due to fraudulent transactions of the accused

    Subhomay Biswas, and Aloke Pal.

    8. The complaint filed by the Petitioner was also closed by

    the Banking Ombudsman on 28/03/2022, when the Petitioner

    was communicated thus:-

    “Closure Intimation for Complaint N202122021018946 against HDFC
    Bank Ltd

    2. Complaint regarding disputed transactions in account. Bank
    response in brief is as under:

    ‘Device ID’ of the disputed transaction are matching with the other
    genuine transactions. As per complainant, he performs all his
    transactions through Desktop/ Laptop and not through mobile. All the

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    11/100 WP-11990-23.odt

    disputed transactions were also performed through same Desktop/
    Laptop beneficiary additions has happened only post the OTP
    authentication one day earlier. The TPT limit increase was
    authenticated through OTP’s which were sent on complainants
    registered. The TPT limit increase was authenticated through OTP’s
    which were sent on complainants registered mobile number and
    registered email id only. SMS & email alerts for beneficiary additions
    were very much sent and delivered to the registered mobile number.
    Transactionswere also authenticated through Net Banking ID,
    Password and OTPs. The above response is concerned with debits to
    the account, however, bank informed that they relooking at the case
    details with regard to funds transfer various beneficiaries with their
    analytical and business teams and would respond to your before 30
    days with the additional clarifications. In view of the above, complaint
    is closed under 16.2.a of IOS-2021, since the transactions were
    performed through same device and secure credential and OTP.
    Complainant is advised that the Office would inform if there is any
    progress with regard to recovering funds from beneficiaries later.

    3. Accordingly, the complaint has been closed under clause 16(2)(a) of
    the Reserve Bank Integrated Ombudsman Scheme 2021.”

    9. In the backdrop of the aforesaid sequence of events, Mr.

    Jagtiani would place heavy reliance upon the Circular issued

    by RBI on the subject, ‘Customer Protection – Limiting Liability

    of Customers in Unauthorised Electronic Banking

    Transactions’.

    Mr. Jagtiani has urged that the circular dated

    06/07/2017 has limited the liability of the customers, where

    unauthorized transaction result in debit of their accounts and

    his liability is zero in the following events :-

    (i) Contributing fraud/ negligence/ deficiency on the part of the
    bank (irrespective of whether or not the transaction is reported by
    the customer).

    (ii) Third party breach where the deficiency lies neither with the
    bank nor with the customer but lies elsewhere in the system, and
    the customer notifies the bank within three working days of
    receiving the communication from the bank regarding the
    unauthorised transaction.”

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::

    12/100 WP-11990-23.odt

    According to Mr. Jagtiani, the Petitioner is covered by

    the aforesaid clause of the circular. He would also place

    reliance upon the subsequent part of the said circular, which

    has provided for Reversal Timeline for Zero Liability/Limited

    Liability of customer and he would invoke Clause 9 and 10 of

    the said circular providing thus:-

    “9. On being notified by the customer, the bank shall credit (shadow
    reversal) the amount involved in the unauthorised electronic
    transaction to the customer’s account within 10 working days from the
    date of such notification by the customer (without waiting for
    settlement of insurance claim, if any). Banks may also at their
    discretion decide to waive off any customer liability in case of
    unauthorised electronic banking transactions even in cases of
    customer negligence. The credit shall be value dated to be as of the
    date of the unauthorised transaction.

    10. Further, banks shall ensure that:

    (i) a complaint is resolved and liability of the customer, if any,
    established within such time, as may be specified in the bank’s Board
    approved policy, but not exceeding 90 days from the date of receipt of
    the complaint, and the customer is compensated as per provisions of
    paragraphs 6 to 9 above;

    (ii) where it is unable to resolve the complaint or determine the
    customer liability, if any, within 90 days, the compensation as
    prescribed in paragraphs 6 to 9 is paid to the customer; and

    (iii) in case of debit card/ bank account, the customer does not suffer
    loss of interest, and in case of credit card, the customer does not bear
    any additional burden of interest.”

    10. Specifically pointing out that the circular has cast a

    burden of proving the customer’s liability in case of

    unauthorized electronic banking transactions on the bank,

    Mr.Jagtiani would submit that the RBI has directed the banks

    to put in place a suitable mechanism and structure for the

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    13/100 WP-11990-23.odt

    reporting of the customer liability cases to the Board and a

    mechanism has been clearly chalked out for reviewing the

    unauthorized electronic banking transactions reported by the

    customers or otherwise, as also the action taken thereon,

    alongwith the functioning of the Grievance Redressal

    Mechanism and steps taken to improve the systems and

    procedures.

    According to Mr. Jagtiani, the said circular is addressed

    to all Scheduled Commercial Banks (including RRBs), All

    Small Finance Banks and Payments Banks and the same is

    binding on HDFC Bank also.

    11. Relying upon the said circular, it is submitted that the

    Petitioner is entitled to be compensated by the Bank as his

    case would fall within the scope of ‘Limited Liability of a

    Customer’, and in particular, Clause 6, as the Petitioner has

    promptly reported the fraud to the bank and according to Mr.

    Jagtiani, is duped of the money, without any negligence on his

    part and if at all it is the claim of the bank that he was

    negligent, then the burden lies on the Bank to prove the same.

    12. According to Mr. Jagtiani, the issue arising in the

    Petition is of grave public importance and the Court shall take

    judicial note of the fact that the RBI had encouraged internet

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    14/100 WP-11990-23.odt

    banking and in fact it has set up a ‘Working Group on Internet

    Banking’ to examine different aspects of Internet Banking (I-

    Banking), which had focused on three main issues; (i)

    technology and security (ii) legal and (iii) regulatory and

    supervisory. The report submitted by the group was accepted

    by the RBI with a decision being taken to implement it in a

    phased manner and guidelines were issued for its

    implementation by issuing a communication to All Scheduled

    Commercial Banks on 14/06/2001.

    According to him, the said guidelines clearly

    contemplated that the bank should designate a network and

    database administrator with clearly defined roles and it shall

    adopt a security policy duly approved by its Board of Directors.

    In addition, the circular also indicated that the bank should

    introduce logical access controls to data, from systems,

    application software, utilities, telecommunication lines,

    system software, etc., and also further directed that all

    computer access, including messages received, should be

    locked and security violations (suspected or attempted) should

    be reported and follow up action should be kept in mind while

    framing future policy. The said circular, directed all banks

    offering Internet Banking to take review of their systems and

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    15/100 WP-11990-23.odt

    report to the Reserve Bank the type of services offered, extent

    of their compliance with their recommendations, deviations

    and their proposal indicating time frame for compliance.

    13. Mr. Jagtiani has also placed on record several newspaper

    reporting, which according to him is indicative of large number

    of frauds being detected in online banking and that the amount

    involved running into several crores. Though, he is conscious

    of the fact that the newspaper reporting may not be accepted

    by the Court as it is, it is his submission that it is only

    indicative of the susceptibility of the online banking system to

    frauds and deserves a serious concern.

    14. According to the learned senior counsel, it is not for the

    first time that such an issue is before the Court, as according to

    him, several High Courts have grappled with such type of

    transactions and on appreciation of the gamut of the fraud

    have directed the banks to reverse the fraudulent

    transactions, thereby enforcing the RBI Notification dated

    6/07/2017 in exercise of power under Article 226 of the

    Constitution.

    At the outset, Mr. Jagtiani has placed reliance upon the

    decision of Gauhati High Court in case of Pallabh Bhowmick Vs.

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    16/100 WP-11990-23.odt

    Ombudsman, Reserve Bank of India & Ors. 1, where the Single

    Judge of the Gauhati High Court, with reference to the circular

    of the RBI, arrived at a conclusion that the Bank had failed to

    establish any negligence on part of the Petitioner, who

    approached the Court, when three online transactions from

    the Petitioner’s account occurred, when he downloaded the

    ‘mobile app’, on being prompted by the fraudsters, though,

    under the impression that he would receive refund up his

    money from ‘Louis Philippe’. Recording that the three

    transactions were evidently unauthorized as the Petitioner

    never intended to transfer any amount by downloading the

    mobile app and with no denial from the bank that the

    transactions were unauthorized, merely because the Petitioner

    had downloaded the mobile app, it was held that it cannot by

    itself lead to the presumption of negligence on part of the

    Petitioner in assisting the unauthorized transactions. The

    Court rather observed that had the Bank installed effective

    cyber security system and online fraud control measures then

    in that event, even if a mobile app is downloaded by a

    customer, money could not have been transferred from the

    bank account without proper authorization.

    
    
    1    2023 4 GAU LR 366
    
    
    
    
        ::: Uploaded on - 09/04/2026            ::: Downloaded on - 10/04/2026 22:06:02 :::
                                        17/100             WP-11990-23.odt
    
    

    With reference to the responsibility of the bank, as

    contemplated in RBI circular of 6/07/2017, the guidelines to be

    followed by the Banks for safety of their customers using

    online banking facility, it is highlighted that the guidelines

    include the necessity of putting in place a robust and dynamic

    fraud detection and prevention mechanism.

    Mr. Jagtiani would submit that the said decision is

    upheld by the Division Bench of the Gauhati High Court, and

    subsequently by the Apex Court.

    Reliance is alsoplaced upon the decision of Madras High

    Court in case of Dr. R. Pavithra Vs. Commissioner of Police &

    Ors2, once again granting relief in favour of the Petitioner

    based on the Notification of the RBI dated 6/07/2017.

    Reliance is also placed upon the decision of Allahabad

    High Court in case of Awadhesh Singh Vs. RBI & Ors 3 and a

    decision of this Court in case of Jaiprakash Kulkarni & Anr Vs.

    Banking of Ombudsman & Orss in WP No. 1150 of 2023 , where

    the Division Bench by relying upon the Cyber Cell reports

    revealing that unauthorized transactions have taken place

    without intimation to the Petitioners either on their mobile

    number registered with the bank or on their e-mail ID,
    2 2023 SCC Online Mad 3165
    3 2021 SCC Online All 301

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    18/100 WP-11990-23.odt

    directed the Bank in question to refund the amount illegally

    and unauthorizedly debited from the accounts to the

    Petitioners.

    Apart from this, Mr. Jagtiani has also invited our

    attention to the suo motu cognizance taken by the Apex Court

    of the menace of Cyber fraud, digital arrest etc. and the

    directions issued to ensure that the public and specially

    vulnerable section of the public such as senior citizens are

    protected from such fraudulent activity. Laying his emphasis

    on lack of negligence on part of the Petitioner, Mr. Jagtiani

    would submit that the Petitioner is a victim of cyber fraud and

    he allege that the HDFC Bank has failed to take appropriate

    action despite an alert and when no OTPs were shared with

    him for enhancement of transfer limit, it is his submission that

    the negligence at the end of HDFC Bank, who has not even

    bothered to maintain proper KYC record in light of the circular

    of the RBI, it is his submission that the HDFC Bank is under

    obligation to reverse the fraudulent debit and therefore, a

    direction is sought against the HDFC Bank as well as to the RBI

    to enforce its own circular/guidelines.

    15. Since the Petitioner was defrauded of a huge sum, and he

    had filed an FIR, according to him police investigation

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    19/100 WP-11990-23.odt

    confirmed that there was no error or negligence on his part. It

    is the case of the Petitioner that there was no negligence on his

    part as he had not shared any password with any third party

    but according to him it is the HDFC bank which ignored its own

    security alerts marking the addition of payees as suspicious

    and nevertheless manually approved the addition of

    beneficiaries because the Petitioner’s ‘beep tone’ sounded

    suspicious.

    16. Mr.Pratik Seksaria, the learned senior counsel,

    representing the HDFC Bank at the outset has raised an

    objection about the maintainability of the Petition against the

    HDFC Bank, a private entity, which is not discharging any

    public function/duty in relation to its banking business with

    the customer.

    The learned Senior Counsel has invoked the principle

    laid down by the Apex Court in case of S. Shoba Vs. Muthoot

    Finance Ltd4, where the Apex Court, determined the issue as

    to whether the non-banking institution governed by the Rules

    and Regulations framed by RBI is amenable to writ jurisdiction

    and the said issue came to be answered in the negative, by

    holding that the Respondent cannot be termed as a ‘Public

    4 2025 SCC Online SC 177

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    20/100 WP-11990-23.odt

    Body’, as it has no duty towards the public but its duty is

    towards its account holders, which may include the borrowers

    having availed the loan facility. Laying his emphasis on the

    test laid down by the Apex Court as to whether a body public

    or private shall be amenable or not amenable to the writ

    jurisdiction, he would submit that vital consideration for

    determination is held to be the ‘function’ test as regards the

    maintainability of the writ petition as it is held that if a public

    duty or public function is involved, any body, public or private,

    concerned with that duty or function and limited to that,

    would be subject to judicial scrutiny under extraordinary writ

    jurisdiction of Article 226 of the Constitution. He has also

    invoked the principle laid down by the Apex Court in case of

    Federal Bank Ltd. Vs. Sagar Thomas & Ors. 5 , which was

    followed by the Division Benches of this Court in case of M/s.

    Ruchi Soya Industries Ltd. & Ors. Vs. IDFC Bank Limited &

    Ors.6 and in case of VJ Jindal Cocoa Pvt. Ltd. & Anr. Vs. Union

    of India & Ors.in WP (L) No. 4051 of 2023.

    According to Mr. Seksaria, the position of law as laid

    down in S Shobha (supra) by the Apex Court is a declaration of

    law, wherein the Supreme Court has categorically considered,

    5 (2003) 10 SCC 733
    6 2017 SCC Oline Bom 4252

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    21/100 WP-11990-23.odt

    the issue of maintainability of writ petitions in its

    extraordinary and prerogative jurisdiction against a public or

    private body. Drawing parallel from the said decision, it is the

    submission of Mr. Seksaria that the HDFC in relation to the

    Petitioner (account holder) cannot and does not discharge any

    public function or fulfill any public duty, merely because it is

    bound to follow the Reserve Bank of India Notification dated

    6/07/2017.

    17. In addition to the aforesaid submission, according to Mr.

    Seksaria, the Petition involves various disputed question of

    facts requiring evidence and based upon the pleadings in the

    Petition itself, it is the submission of Mr. Seksaria that when

    the Petitioner is disputing that he has received any alert on his

    registered email id with respect to (i) the addition/registration

    of new third-party beneficiaries; (ii) the Split-OTP sent by

    email on the registered Email Id of the Petitioner for increase

    of TPT limit; and (iii) the alert with respect to the increase of

    TPT limit and which is established by HDFC Bank by

    production of the Email logs maintained in ordinary and usual

    course of business coupled with a certificate confirming the

    same by a reputed third-party vendor, the matter require

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    22/100 WP-11990-23.odt

    evidence, as it is for the petitioner to produce the best evidence

    in his possession.

    18. Another objection raised by Mr.Seksaria is, the

    Petitioner is claiming his rights on the basis of the terms of

    contract or at the most based on the RBI Circular. According

    to him, the rights of the Petitioner are strictly governed by the

    terms of contract as a customer and the bank and any relief

    arising thereunder cannot be subject matter of writ nor can

    any order be issued to compel the authorities to remedy an

    alleged breach of contract.

    Submitting that the Petition raises serious disputed

    questions of facts of complex nature which require evaluation

    of evidence, it is submitted that it would not be appropriate for

    this Court in exercise of its writ jurisdiction under Article 226

    of Constitution of India to grant relief as prayed for as the

    power exercised by this Court deserve its exercise in

    extraordinary circumstances, which in the present case is non

    existent.

    It is also urged by Mr.Seksaria that the Petitioner had

    filed a complaint against the Respondent with the Banking

    Ombudsman under the Integrated Ombudsman Scheme of

    2021, which is constituted for redressal of complaints of

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    23/100 WP-11990-23.odt

    customers on banking services provided by banks and to

    facilitate the settlement of those complaints. This complaint

    has also been closed by holding that there is no deficiency of

    service on part of the bank.

    Apart from this, it is also urged that the RBI in its

    directions dated 06/07/2017 (RBI/2017-2018/15) on Customer

    Protection/Limiting Liability of Customers in Unauthorized

    Electronic Banking Transaction has clearly specified that the

    customer shall be liable for the loss occurred due to

    unauthorized transactions if the loss was due to negligence of

    the customer by sharing the payment credentials etc. and thus

    the Petitioner has an alternate efficacious remedy by

    approaching the adjudicating authority under the Information

    and Technology Act, and on this count also, the Petition

    deserve to be rejected.

    19. On the factual aspect of the matter, relying upon the

    affidavit-in-reply, it is the submission of Mr.Seksaria that the

    Petitioner is having two accounts with the bank i.e. savings

    account as well as current account situated at Aundh Branch,

    Pune and the Petitioner is using the net banking after

    lockdown was declared on account of Covid-19 pandemic. It is

    pointed out to us that when on 14/07/2021, two persons were

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    24/100 WP-11990-23.odt

    added as beneficiaries to the savings account of the Petitioner

    and one person was added as beneficiary to the current

    account of Ekam Consultants, and every time an SMS OTP was

    generated and sent to the registered mobile number of the

    Petitioner. Post the correct OTP generated and send, the new

    beneficiary was added to the account.

    Apart from this, as a part of security control of the bank,

    the beneficiary was activated only post cooling period of 30

    minutes. It is submitted that it is permissible for a customer to

    add/modify/delete to a maximum 7 beneficiaries in a day and

    it is only after the correct SMS OTP being entered by the

    Petitioner from his registered mobile number, the beneficiary

    was added to the accounts of the Petitioner.

    Relying upon the affidavit, it is the categorical

    submission of Mr.Seksaria that 10 SMSs and 6 emails have

    been sent to the registered mobile number and registered

    email address of the Petitioner on 14/07/2021 and he has

    placed on record the copies of the OTP log, SMS log and email

    log evidencing OTP, SMS and emails being sent to the

    Petitioner.

    Further, it is stated that on 14/07/2021 at about 3.10

    p.m., third party transaction limit was increased from Rs.4

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    25/100 WP-11990-23.odt

    lakhs per day to Rs.40 lakhs per day and even for this

    increase, dual authentication is required in from of OTP+Debit

    Card details (ATM PIN and Card Expiry) or Split OTP (partial

    OTP on registered mobile number and partial OTP on

    registered email ID). It is the case of the Respondent that Split

    OTP was generated and sent to the registered Mobile number

    and the registered email address of the Petitioner and

    pursuant to this, the third party transaction limit was

    increased. According to the HDFC, as a part of security

    control, cooling period of 24 hours post third party transaction

    limit registration is in place to avoid any immediate fund

    transfers in case customer credentials have been

    compromised. This is so provided so as to give enough time to

    the customer to react and block his net banking to avoid

    unwarranted transactions. In this regard also, it is the stand

    of HDFC that two SMSes and 2 emails have been sent on

    14/07/2021, when the third party transaction limit has been

    reset/increased.

    20. As regards the actual transaction, which occurred on

    15/07/2021, the affidavit states thus :-

    “14. I say that on July 15, 2021, i.e. the day when the amounts
    were transferred from the aforesaid accounts of the Petitioner to
    the accounts of the beneficiary, OTP/s was/were generated and sent
    to the registered mobile number of the Petitioner. I say that only
    after putting the correct OTP/s, the amounts were transferred to

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    26/100 WP-11990-23.odt

    the accounts of the beneficiaries. I say that in order to transfer
    funds through Immediate Payment Service (“IMPS”) the customer
    needs to add the beneficiary and follow a six-step procedure, which
    procedure is described in Exhibit “H” hereto.”

    21. Mr.Seksaria has relied upon the internal investigation

    carried out by the Bank immediately, when the Petitioner was

    called for questioning and it was informed that he was facing

    issue with BSNL network since many months and his network

    was fluctuating and he had visited BSNL office, Pimpri

    Chinchwad on afternoon of 13/07/2021 to upgrade his SIM

    and he received the new SIM immediately, however, the

    network issue still persisted. Hence, he visited the BSNL office

    on 15/07/2021 after 4.00 p.m., when a new SIM was again

    allotted to him, but he was still facing the network issue.

    According to the stand of HDFC, the Petitioner had informed

    the investigating team that (1) During the period from

    13/07/2021 to 15/07/2021, he has received all messages/calls

    except transaction alerts from the Respondent and (2) He has

    not received any alerts on his registered mobile number as

    well as email ID.

    22. The stand of the Respondent in its reply affidavit and

    through the arguments advanced by Mr.Seksaria, is very

    specific and it is so worded in the affidavit as below :

    “22. I say that from the above it is clear that the login ID, password,
    telecom number are only known to the Petitioner and without

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    27/100 WP-11990-23.odt

    latches on his part, no other person can operate his accounts. All
    transactions were initiated and completed upon proper validation
    of customer credentials. That OTP was generated through the
    registered mobile number linked with the accounts and that
    transaction was validated upon furnishing the OTP so generated
    through the system. All fund transfers were authenticated through
    OTP. To what extent the Petitioner can be made responsible for such
    negligence is a matter of probe and adjudication through a civil suit.

    23. I say that as per the investigation the Device ID of the disputed
    transactions are matching with other genuine transactions. The
    Device ID of genuine transaction is “dd2f85a9-9eab-2011-2b76-
    10509083a811” which matches exactly with the disputed
    transactions Device Id “dd2f85a9-9eab-2011-2b76-10509083a811”.

    As per the complaint of the Petitioner, the Petitioner performs all
    his transactions through desktop/laptop and not through mobile.
    All disputed transactions were performed through the same
    desktop/laptop.”

    23. Mr.Seksaria would place heavy reliance upon the report

    of the internal investigation prepared by its officer in form of

    an Excel wordbook comprising of 19 distinct worksheets,

    including the checklist, disputed transactions accounts

    statement, RSA logs, staff investigation with the riders i.e. the

    observations of the bank on distinct issues, which were

    investigated.

    On investigation, the conclusion reached based on the

    customer interaction, the report record that the customer was

    disputing eight transactions amounting to Rs.38.04 lakhs from

    his two HDFC accounts and he has received SMS alert in

    respect of one transaction of Rs.2.14 lakhs on 15/07/2021 at

    15.48.18, but he has received SMS at 17.55 p.m. and when he

    checked his account statement and realised that the amount

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    28/100 WP-11990-23.odt

    from his account has been diverted, and he raised a complaint

    with the bank.

    It is urged that though the case of the Petitioner in the

    Petition is not about any issues faced by him with BSNL

    network, during the internal investigation, he disclosed that

    he was facing issued with BSNL network since many months,

    as the network was fluctuating and about his visit to the BSNL

    office on 13th as well as 15th July. His statement was

    categorically noted that he was present at his home between

    3.00 to 4.00 p.m. on 15/07/2021, when the alleged transaction

    occurred.

    24. The Report of internal investigation, on which the Bank

    has relied, has recorded thus :-

    “System Review
    Customer access his netbanking through his Personal Laptop and
    has never registered for Mobile Banking.

    From both the accounts, total 4 transactions are of RTGS and the
    beneficiary additions has happened only post the OTP
    authentication one day earlier. SMS & email alerts for beneficiary
    additions were very much sent and delivered to the registered
    mobile number. Transactions were also authenticated through
    OTPs.

    4 transactions are of TPT and the beneficiary additions has
    happened only post OTP authentication one day earlier. SMS &
    email alerts for beneficiary additions were very much sent and
    delivered. Transactions were also authenticated through OTPs. All
    the disputed transactions are on a single day of 15/July/2021 from
    both of his accounts.

    There has been increase in TPT limit to 40 lakhs one day earlier to
    the disputed transaction date and Split OTP (SMS + Email)
    authentication has been used.

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::

    29/100 WP-11990-23.odt

    IP addresses of the disputed transactions does not match with the
    previous transactions of the customer.

    However according to the RSA Logs. The Device ID of the all the
    disputed transactions are matching with the previous genuine
    transaction of the customer…

    IPIN has not been changed prior and post to the disputed
    transactions in both the accounts.

    On probing the customer regarding his previous transactions on
    04th July 2021, 27th April 2021 and the password change on 04th
    July 2021. Customer states he himself has done the transactions
    and changed his password (for these genuine transactions the
    Device ID is matching with Disputed Transactions ID).

    The Device ID of the above mentioned genuine transaction is
    “dd2f85a9-9eab-2011-2b76-10509083a811”.

    25. In respect of the Monitoring Perspective, the internal

    investigation has revealed thus :-

    “As confirmed by Saravanakumar.R (S30856) “Beneficiary addition
    attempt got alerted to monitoring for review.

    Tried reaching the customer but unable to establish the contact”.

    Dialer report for the callout attempt initiated from monitoring is
    attached in the Disputed Tnx Sheet.

    However None of the 8 transactions were Alerted.

    Please find the analytics team comments for the transactions post
    the bene addition.

    Bank has automated Risk based on authentication system where
    the risk score is calculated based on usage pattern of the customer
    nature of transaction and other factors and High risk transaction is
    declined but in this case the risk score was 691 hence it is not
    declined/alerted.”

    26. From the report of investigation, it is noted that the total

    time taken for debit from the victim’s account is 40 minutes

    and it started from 3.07 p.m. and ended with last transaction

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    30/100 WP-11990-23.odt

    at 3.48 p.m. and the total time taken for credits and debits in

    the first beneficiary account is approximately 1 hour and in

    case of second beneficiary account, it is about 55 minutes. In

    this regard, it is concluded thus :-

    ” In totality, the entire movement of funds starting from victim
    accounts followed by transfers and withdrawals from beneficiary
    accounts happened within 1 hour 10 minutes with an end time of
    4.17 PM dated 15/July/2021; which indicates this to be a pre-
    planned execution with involvement of supposedly multiple people
    at a time on field for ATM withdrawals and for on-line action.

    Going with the SMS/Email alert logs, the fraud could have been
    stopped/minimized with nil exposure if instant action would have
    been taken by the customer at the time of beneficiary addition alert
    one day earlier to the disputed transactions day or at least blocking
    of his account at the time of the very first debit alert SMS.”

    27. In the Check List, it is important to note the following :-

    Txn Description Txn D Amount Running Total Account Number Alert in Monitoring Action Date &
    Date and Literal r/ RSA Action Taken Time of
    Time C Alert
    r

    15-7-21 50100408968780- TPD D 5,00,000.00 30,64.779.96 521000116116 N N
    15:07 TPT-SELF-SAMIR
    TAMANG

    15-7-21 RTGS DR- RTD D 7,00,000.00 23,64,779.96 521000116116 N N
    15:09 ICIC0004177-
    ALOKE PAL-

    NETBANK, MUM-

                HDFCR5202107155
                3132261-SELF
    
    15-7-21     50100408968780-   TPD       D   6,00,000.00   17,64,779.96    521000116116    N       N
    15:13       TPT-SELF-SAMIR
                TAMANG
    
    15-7-21     50100408968780-   TPD       D   6,00,000.00   11,64,779.96    521000116116    N       N
    15:22       TPT-SELF-SAMIR
                TAMANG
    
    15-7-21     RTGS DR-          RTD       D   5,50,000.00   6,14,779.96     521000116116    N       N
    15:24       ICIC0003314-
                SUBHOMOY
                BISWAS-NETBANK,
                MUM-
                HDFCR5202107155
                3133257-SELF
    
    15-7-21     RTGS DR-          RTD       D   4,00,000.00   2,14,779.96     521000116116    N       N
    15:27       ICIC0003314-
                SUBHOMOY
                BISWAS-NETBANK,
                MUM-
                HDFCR5202107155
                3140357-SELF
    
    15-7-21     50100408968780-   TPD       D   2,14,000.00   779.96          521000116116    N       N
    15:48       TPT-SELF-SAMIR
                TAMANG
    
    15-7-21     RTGS DR-          RTD       D   2,40,000.00   5,139.34        5210002218955   N       N
    15:19       ICIC0003314-                                                  1
                SUBHOMOY
                BISWAS-NETBANK,
    
    
    
    
              ::: Uploaded on - 09/04/2026                                                ::: Downloaded on - 10/04/2026 22:06:02 :::
                                             31/100                               WP-11990-23.odt
    
       MUM-
       HDFCR5202107155
       3134869-SELF
    
    
    
    
       Reason for
       Transaction not
       being alerted
    
    
    
    
    

    The report also state the reason for transaction not being

    alerted and this comes from the Risk Intelligence and Control

    Unit as below :-

    Dear Venkatesh,

    As discussed, for the mentioned customer id the beneficiary addition transaction has been alerted
    in RSA for the Rule “Decline Add Payee-Blacklisted Accounts.”

    Also, please find the analytics team comments for the transactions post the bene addition.

    Bank has automated Risk based on authentication system where the risk score is calculated
    based on usage pattern of the customer nature of transaction and other factors and High risks
    transaction is declined but in this case the risk score was 691 hence is not declined/alerted.

    Thanks & Regards
    Vignesh Vaidhyanathan
    Risk Intelligence & Control Unit.”

    28. In Rider 3, which is placed on record, when the

    Petitioner made a complaint, the messages generated

    demanding urgent attention are also placed before us and it is

    necessary for us to reproduce the relevant portion.

    “date: 16-07-2021 18:26 Subject: Re: Fw:TRNX ALERT– Fraud
    Transaction of 35 Lakhs __ SUBODH CHANDRAKANT
    KORDE__Account number – 00521000116116__ Very Very Urgent
    attention ********__Case Number – 15596609 Hi All, PFB Case
    facts as requested, Beneficiary addition attempt got alerted to
    monitoring for review. Tried reaching the customer but unable to
    establish the contact. PFB Alert action details, Txn Date Description
    Amount Alerted / Not Alerted Remarks 14-07-2021 15:07
    Beneficiary Addition – Alerted Tried reaching the customer but
    unable to establish the contact 14-07-2021 15:11 Beneficiary
    Addition – Alerted 15-07-2021 15:07 50100408968780-TPT-SELF-
    SAMIR TAMANG 500,000.00 Not Alerted Not Alerted 15-07-2021
    15:09 RTGS DR-ICIC0004177-ALOKE PAL-NETBANK, MUM-
    HDFCR52021071553132261-SELF 700,000.00 Not Alerted Not

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    32/100 WP-11990-23.odt

    Alerted 15-07-2021 15:13 50100408968780-TPT-SELF-SAMIR
    TAMANG 600,000.00 NotAlerted Not Alerted 15-07-2021 15:22
    50100408968780-TPT-SELF-SAMIR TAMANG 600,000.00 Not
    Alerted Not Alerted 15-07-2021 15:24 RTGS DR-ICIC0003314-

    SUBHOMOY BISWAS-NETBANK, MUM-

    HDFCR52021071553133257- SELF 550,000.00 Not Alerted Not
    Alerted 15-07-2021 15:27 RTGS DR-ICIC0003314-SUBHOMOY
    BISWAS-NETBANK, MUM- HDFCR52021071553140357-SELF
    400,000.00 Not Alerted Not Alerted 15-07-2021 15:48
    50100408968780-TPT-SELF-SAMIR TAMANG 214,000.00 Not
    Alerted Not Alerted PFB Dialer report for the callout attempt
    initiated from monitoring. Regards, Saravanakumar.R Risk
    Intelligence & Control …..”

    The further correspondence alerting the banking system also

    record thus :-

    “—-Prashant Patil/Retail Branch Banking/Boat Club/HBL wrote :—-
    To : Viral Kothari/Digital
    Banking/Peninsula/HBL@HDFCBANK
    From : Prashant Patil/Retail Branch Banking/Boat CLUB/hbl
    Date : 07/15/2021 06:29 pm
    Subject : Fraud Transaction of 35 Lakhs_SUBODH CHANDRAKANT
    KORDE_Account number- 00521000116116___
    Very Very Urgent attention ******_Case Number – 15596609
    Dear Sir
    One of out customer informed that his account is been debited with
    total amount of 35 Lakhs fraudulently. Kindly help to get if
    detected and reversed Account number – 00521000116116
    Customer id-42263358
    Regards,
    Prashant Patil
    Imperia Relationship Manager
    9021070594
    [email protected]

    “SUBODH CHANDRAKANT KORDE _ Account number –

    00521000116116_Very Very Urgent attention ******_Case
    Number -15596609 Dear John, The funds from the customer a/c
    has been credited to beneficiary who is from your branch.
    Beneficiary name Samir Tamang Cust ID 162969236. Dear Milind,
    Further funds have been transferred from Samit Tamang to Rijohn
    Tamang who has an account in your branch. Cust ID 162969449
    Dear RTGS Cell team/Kasim, please assist in recalling the funds
    from ICICI Bank.”

    29. The Account Statement of the Petitioner also forms part

    of the internal report which reflect the transactions.

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::

    33/100 WP-11990-23.odt

    The IP investigation reveal that the transactions on

    14/07/2021, are done from IP 45.137.126.18 and the IP

    location is Chennai. The disputed transactions, on 15/07/2021

    right from 03:06:57 PM IST to 3:18:18 PM IST is reflected to be

    done from WEB with same IP 45.137.126.18 and the IP

    location is shown to be once again Chennai. As far as the

    genuine transaction of the Petitioner is concerned, the IP is

    103.198.166.221 and the IP location is Pune. The IP of the

    user activity of modifying the limit on 14/07/2021 at 3:09:14

    PM IST is again from the same IP 45.137.126.18 and the IP

    location is Chennai.

    The email logs are also produced by Mr.Seksaria to

    establish that the emails were sent to the Petitioner, but

    admittedly there is no proof of its receipt.

    30. In light of the aforesaid investigation report, it is the

    submission of Mr.Seksaria that the bank is not at all at fault, as

    for every transaction an email alert was sent and delivered on

    the registered email ID of the Petitioner and in case of

    addition/registration of third party beneficiary, which took

    place on 14/07/2021 at 03:01:09 PM IST and the transaction

    payment took place only on next day i.e. 15/07/2021 on

    03:06:57 (IST) i.e. after lapse of more than 24 hours. Thus,

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    34/100 WP-11990-23.odt

    according to the HDFC Bank, all the necessary protocols were

    followed by the bank, both at the time of enhancement of the

    TPT limit which require the account holder to enter a Split

    OTP, which involve two different OTPs sent to (i) registered

    mobile number and (ii) registered Email ID and only upon

    successful completion of such Split Verification, the TPT limit

    was increased. Further more, once the TRP limit is increased,

    once again an alert is sent both as an SMS to the registered

    mobile number and also to the registered email ID and based

    upon this, it is the contention of Mr.Seksaria that the

    Petitioner was every time alerted about the transaction, which

    he carried out and, therefore, the bank cannot be said to have

    acted in breach of any protocol and liable for reverting the

    amount.

    31. Dealing with the objection raised by Mr.Seksaria about

    the maintainability of the Writ Petition under Article 226 of

    the Constitution, we have given our thoughtful consideration

    to the objection as well as the response to the same by

    Mr.Jagtiani, as the respective senior counsel have placed

    reliance upon various authoritative pronouncements.

    The power of High Court to issue writs, as contained in

    Article 226, clearly provide that every High Court shall have

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    35/100 WP-11990-23.odt

    power, throughout the territories in relation to which it

    exercises jurisdiction, to issue to any person or authority,

    including in appropriate cases, any Government within those

    territories, orders or writs for the enforcement of any of the

    rights conferred by Part III and for any other purpose.

    32. As early as in 1989 in Andi Mukta Sadguru Shree

    Muktajee Vandas Swami Suvarna Jayanti Mahotsav Smarak

    Trust & Ors. Vs. V.R.Rudani & Ors.7, the Hon’ble Apex Court,

    expounded the scope of Article 226 by declaring that the

    power conferred on the High Court under Article 226 to issue

    writs in the nature of prerogative writs is a striking departure

    from the English Law, as under Article 226, the writ can be

    issued to any person or authority and the term ‘authority’

    used in the context must receive a liberal meaning unlike the

    term in Article 12, which is relevant only for the purpose of

    enforcement of fundamental rights. Further, it is held that the

    words ‘Any person or authority’ used in Article 226 are not

    confined only to statutory authorities and instrumentalities of

    the State and they may cover any other person or body

    performing public duty, the form of such body being not of

    much relevance, but what is relevant is the nature of duty

    imposed on the body.

    7    (1989)2 SCC 691
    
    
    
    
        ::: Uploaded on - 09/04/2026            ::: Downloaded on - 10/04/2026 22:06:02 :::
                                        36/100                     WP-11990-23.odt
    
    

    The observation of the Apex Court in paragraph 22 is of

    great significance and we reproduce the same.

    “22. Here again we may point out that mandamus cannot be
    denied on the ground that the duty to be enforced is not imposed by
    the statute. Commenting on the development of this law, Professor
    de Smith states: “To be enforceable by mandamus a public duty does
    not necessarily have to be one imposed by statute. It may be
    sufficient for the duty to have been imposed by charter, common
    law, custom or even contract.” We share this view. The judicial
    control over the fast expanding maze of bodies affecting the rights
    of the people should not be put into watertight compartment. It
    should remain flexible to meet the requirements of variable
    circumstances. Mandamus is a very wide remedy which must be
    easily available ‘to reach injustice wherever it is found’.
    Technicalities should not come in the way of granting that relief
    under Article 226. We, therefore, reject the contention urged for the
    appellants on the maintainability of the writ petition.”

    33. In Praga Tools Corporation Vs. C.A.Imanual8, the Hon’ble

    Apex Court held that a mandamus can be issued to an official

    of a society to compel him to carry out the terms of the statute

    under or by which the society was constituted or governed and

    also to companies or corporations to carry out duties placed on

    them by the statutes authorising their undertakings. Reliance

    was placed upon Halsbury’s Laws of England, third Edition,

    Vol.II Page 52, which held thus :

    “A mandamus would also lie against a company
    constituted by a statute for the purpose of fulfilling public
    responsibilities.”

    34. A decision on which reliance is placed by the respective

    senior counsels representing the opposing parties is the

    decision in case of Federal Bank (supra)

    8 (1969) 1 SCC 585

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    37/100 WP-11990-23.odt

    The pronouncement of the Apex Court revolved around a

    Branch Manager, Respondent No.1, working in Federal Bank,

    who was awarded punishment of dismissal pursuant to an

    enquiry being carried out and when he filed the writ petition in

    the Court, preliminary objection was raised to its

    maintainability, by canvassing that, it is a private bank and

    not a State or its agency or instrumentality, within the

    meaning of Article 12 of the Constitution of India, hence a writ

    petition under Article 226 of the Constitution is not

    maintainable.

    The Single Judge of the High Court found that the

    Federal Bank is performing public duty and, therefore, it would

    be covered with the definition of ‘other authority’ within the

    meaning of Article 12 of the Constitution of India and as such,

    the writ petition is maintainable. An appeal was preferred

    against the said decision, which was dismissed by directing the

    Single Judge to decide the matter on merit.

    In this background the question which fell for

    consideration before the Apex Court was, whether the

    appellant Bank is a private body or falls within the definition of

    the State or local or other authorities under the control of the

    Government within the meaning of Article 12.

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::

    38/100 WP-11990-23.odt

    35. Referring to the decision of seven-Judge Bench in

    Pradeep Kumar Biswas Vs. Indian Institution of Chemical

    Biology & Ors.9 and also to the decision in case of Ajay Hasis

    Vs. Khalid Mujib Sehravardi10, it was noted that concept of

    instrumentality or agency of the Government is not limited to

    a corporation created by a statute but is equally applicable to a

    company or society and in a given case it would have to be

    decided, on a consideration of the relevant factors, whether

    the company or society is an instrumentality or agency of the

    Government so as to fall within the meaning of the expression

    ‘authority’ under Article 12. The submission advanced on

    behalf of the Bank, in specific, is that it is a ‘company’

    incorporated under the Indian Companies Act, 1913 and its

    activities are regulated by the provisions of the Banking

    Regulation Act, 1949, with its entire shareholding held by

    private individuals, and that it does not perform any sovereign

    function nor does it exercise any authority over the third

    person. The nature of the activity of the Bank was argued to

    be a commercial as it received deposits from individuals and

    advance loans and performs other ancillary monetary

    transactions. It was, therefore, urged that it is neither a

    9 (2002) 5 SCC 111
    10 (1981) 1 SCC 722

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    39/100 WP-11990-23.odt

    “State” nor any “authority” within the meaning of Article 12 of

    the Constitution, and, hence not amenable to writ jurisdiction

    of the High Court.

    The respondent, on the other hand, urged that RBI

    exercises control over the banking companies and on taking

    into consideration the provisions of the Banking Regulation

    Act, 1949, which indicated deep and pervasive statutory

    control of the Central Government over the scheduled banks,

    an argument was advanced that the banks discharge functions

    of a public nature and own statutory responsibilities, and,

    hence, there is an element of public law involved in its

    activities. It was also canvassed that the Banking Regulation

    Act provide of licensing of banking companies and unless and

    until a bank holds license issued by Reserve Bank, it is not

    permissible to carry out the banking activity.

    36. In the wake of the contra submissions advanced, the

    Apex Court held as below :-

    “32. Merely because the Reserve Bank of India lays the
    banking policy in the interest of the banking system or in the
    interest of monetary stability or sound economic growth having due
    regard to the interests of the depositors etc. as provided under
    Section 5(c)(a) of the Banking Regulation Act does not mean that
    the private companies carrying on the business of or commercial
    activity of banking, discharge any public function or public duty.
    These are all regulatory measures applicable to those carrying on
    commercial activity in banking and these companies are to act
    according to these provisions failing which certain consequences
    follow as indicated in the Act itself. As to the provision regarding
    acquisition of a banking company by the Government, it may be

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    40/100 WP-11990-23.odt

    pointed out that any private property can be acquired by the
    Government in public interest. It is now a judicially accepted norm
    that private interest has to give way to the public interest. If a
    private property is acquired in public interest it does not mean that
    the party whose property is acquired is performing or discharging
    any function or duty of public character though it would be so for
    acquiring authority.”

    In regards to the decision in the case of Andi Mukta

    (supra), it was observed that though a mandamus can be

    issued to any person or authority performing public duty,

    owing positive obligation to the affected party and, therefore,

    the writ petition was held maintainable since the teacher

    whose services were terminated by the institution was

    affiliated to the University and was governed by the

    ordinances casting obligations which it owed to the petitioner.

    The said decision was, therefore, distinguished, but confirmed

    the finding that no writ would lie against the private body

    unless it has some obligation to discharge which is either

    statutory or of public character.

    In conclusion, it was held thus :-

    “33. ….a private company carrying on banking business as a
    scheduled bank, cannot be termed as an institution or company
    carrying on any statutory or public duty. A private body or a person
    may be amenable to writ jurisdiction only where it may become
    necessary to compel such body or association to enforce any
    statutory obligations or such obligations of public nature casting
    positive obligation upon it. We don’t find such conditions are fulfilled
    in respect of a private company carrying on a commercial activity
    of banking. Merely regulatory provisions to ensure such activity
    carried on by private bodies work within a discipline, do not confer
    any such status upon the company nor puts any such obligation
    upon it which may be enforced through issue of a writ under Article
    226
    of the Constitution. Present is a case of disciplinary action

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    41/100 WP-11990-23.odt

    being taken against its employee by the appellant Bank. The
    respondent’s service with the bank stands terminated. The action of
    the Bank was challenged by the respondent by filing a writ petition
    under Article 226 of the Constitution of India. The respondent is not
    trying to enforce any statutory duty on the part of the Bank. That
    being the position, the appeal deserves to be allowed.”

    37. The aforesaid decision provide the guiding principle for

    the proposition that a private body or person may be amenable

    to writ jurisdiction, where is becomes necessary to control

    such body or association to enforce any statutory obligations

    or obligations of public nature casting a positive obligation

    upon it and merely because the appellant bank was under the

    control of RBI, by itself do not amount to exercise of any

    statutory function or it being recognised as an institution

    having State protection as no Government agency or officer

    was connected with the affairs of the bank and there is no

    participation or interference of the State or its authorities.

    38. The aforesaid decision is followed by another decision of

    the Apex Court in Binny Ltd. & Anr. Vs. V. Sadasivan & Ors.11,

    where the Apex Court pronounced upon the ‘public function’,

    discharged by a private party and with reference to the power

    of the High Court under Article 226 of Constitution to exercise

    judicial review and issuance of any direction or order or writ

    for enforcement of any of the rights conferred by Part III or for

    any other purpose, it was noted that the jurisdiction is very
    11 (2005) 6 SCC 657

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    42/100 WP-11990-23.odt

    wide, but it remained an accepted principle that it is public law

    remedy and is available against a body or person performing

    public function. Following the proposition set out in the

    Administrative Law (9th Edn) by Sir William Wade and

    Christopher Forsyth, it was categorically noted thus :-

    “A distinction which needs to be clarified is that between public
    duties enforceable by mandamus, which are usually statutory, and
    duties arising merely from contract. Contractual duties are
    enforceable as matters of private law by the ordinary contractual
    remedies, such as damages, injunction, specific performance and
    declaration. They are not enforceable by mandamus, which in the
    first place is confined to public duties and secondly is not granted
    where there are other adequate remedies. This difference is brought
    out by the relief granted in cases of ultra vires. If for example a
    minister or a licensing authority acts contrary to the principles of
    natural justice, certiorari and mandamus are standard remedies.
    But if a trade union disciplinary committee acts in the same way,
    these remedies are inapplicable: the rights of its members depend
    upon their contract of membership, and are to be protected by
    declaration and injunction, which accordingly are the remedies
    employed in such cases.”

    By placing reliance upon the earlier observations in VST

    Industries Limited Vs. VST Industries Workers’ Union & Anr. 12,

    where reliance was placed upon de Smith, Woolf and Jowell’s

    Judicial Review of Administrative Action (5th Edn.), noting

    that all the activities of the private bodies are subject to

    private law, for example, the activities by private bodies may

    be governed by the standards of public law when its decisions

    are subject to duties conferred by statute or when, by virtue of

    the function it is performing or possibly its dominant position

    in the market, it is under an implied duty to act in public
    12 (2001) 1 SCC 298

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    43/100 WP-11990-23.odt

    interest. An illustration was cited and based on it, the

    proposition was laid as below :-

    “19. ….By way of illustration, it is noticed that a private
    company selected to run a prison although motivated by
    commercial profit should be regarded, at least in relation to some of
    its activities, as subject to public law because of the nature of the
    function it is performing. This is because the prisoners, for whose
    custody and care it is responsible, are in the prison in consequence
    of an order of the court, and the purpose and nature of their
    detention is a matter of public concern and interest. After detailed
    discussion, the learned authors have summarized the position with
    the following propositions :

    (1) The test of whether a body is performing a public function,
    and is hence amenable to judicial review, may not depend upon
    the source of its power or whether the body is ostensibly a “public”

    or a “private” body.

    (2) The principles of judicial review prima facie govern the
    activities of bodies performing public functions.

    (3) However, not all decisions taken by bodies in the course of
    their public functions are the subject-matter of judicial review. In
    the following two situations judicial review will not normally be
    appropriate even though the body may be performing a public
    function:…”

    38. The decision in case of Federal Bank (supra) when cited,

    it was noted that, a private company carrying on business as

    scheduled bank cannot be termed as carrying on statutory or

    public duty and it was held that any business or commercial

    activity cannot be classified as the one falling within the

    category of discharging duties or functions of public nature.

    As regards the exercise of power under Article 226, it is held

    as below :-

    “29. Thus, it can be seen that a writ of mandamus or the
    remedy under Article 226 is pre-eminently a public law remedy and
    is not generally available as a remedy against private wrongs. It is

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    44/100 WP-11990-23.odt

    used for enforcement of various rights of the public or to compel the
    public/statutory authorities to discharge their duties and to act
    within their bounds. It may be used to do justice when there is
    wrongful exercise of power or a refusal to perform duties. This writ
    is admirably equipped to serve as a judicial control over
    administrative actions. This writ could also be issued against any
    private body or person, specially in view of the words used in
    Article 226 of the Constitution. However, the scope of mandamus is
    limited to enforcement of public duty. The scope of mandamus is
    determined by the nature of the duty to be enforced, rather than
    the identity of the authority against whom it is sought. If the
    private body is discharging a public function and the denial of any
    right is in connection with the public duty imposed on such body,
    the public law remedy can be enforced. The duty cast on the public
    body may be either statutory or otherwise and the source of such
    power is immaterial, but, nevertheless, there must be the public law
    element in such action. Sometimes, it is difficult to distinguish
    between public law and private law remedies. According to
    Halsbury’s Laws of England 3rd Edn., Vol.30, p.682
    “1317. A public authority is a body, not necessarily a
    county council, municipal corporation or other local authority,
    which has public or statutory duties to perform and which
    perform those duties and carries out its transactions for the
    benefit of the public and not for private profit.”

    There cannot be any general definition of public authority or public
    action. The facts of each case decide the point.”

    Conclusively in para 32, the Apex Court held thus :-

    “32. Applying these principles, it can very well be said that a
    writ of mandamus can be issued against a private body which is not
    “State” within the meaning of Article 12 of the Constitution and
    such body is amenable to the jurisdiction under Article 226 of the
    Constitution and the High Court under Article 226 of the
    Constitution can exercise judicial review of the action challenged by
    a party, But there must be a public law element and it cannot be
    exercised to enforce purely private contracts entered into between
    the parties.”

    39. The aforesaid authoritative pronouncements from the

    Apex Court continued to be the guiding principle for various

    High Courts and one such decision cited before us is of the

    Bombay High Court in M/s Ruchi Soya Industries Ltd. & Ors.

    (supra), when by applying the ratio of Federal Bank‘s case, it

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    45/100 WP-11990-23.odt

    is held that a petition filed by petitioner No.1, when faced an

    objection about its maintainability under Article 226 on behalf

    of IDFC Bank Ltd., with regards to the “Master Circular” on

    Willful Defaulters, the question that arose for consideration

    was formulated as, “Whether a private party is amenable to

    the writ jurisdiction of the Court “. With reference to the

    decision of the Federal Bank (supra), it is held that the

    respondent bank, being a subsidiary of IDFC Bank Ltd., which

    is a holding company with the Government having 60%

    shareholding, and noting that the company is not under any

    control, financial or otherwise of the State Government nor it

    is the instrumentality of the State, but the bank was carrying

    on its private business and was not under any public duty or

    obligation imposed by any statute, it was held that no

    mandamus shall lie and the petition filed under Article 226 of

    the Constitution was held to be not maintainable.

    40. In yet another decision in VJ Jindal Cocoa Pvt. Ltd.

    (supra), which had the involvement of the HDFC Bank, and

    objection was raised that any dispute between the HDFC Bank

    and VJ Jindal Cocoa cannot possibly the subject matter of the

    writ proceedings, the Division Bench of this Court, on

    10/03/2023, relied upon the principle of law laid down by the

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    46/100 WP-11990-23.odt

    Apex Court in Federal Bank Ltd. (supra), which had held that

    merely because the RBI prescribe the banking policy and

    control various banks under the Banking Regulation Act would

    not necessarily convey that private entities that carry on the

    business of commercial activities of banking discharge any

    public function or duty. Reliance was also placed on the

    decision in the case of Chanda Deepak Kochhar Vs. ICICI Bank

    Ltd. Mumbai & Anr.13 where the Division Bench had held that

    no writ would lie against the ICICI Bank, being a private body ,

    since it is not an instrumentality of the State.

    Dealing with the contention that the HDFC Bank provide

    banking facilities and, therefore, discharge public functions,

    and, therefore, an application under Article 226 was

    maintainable against a person or body, who discharge public

    duties or public functions, the Division Bench arrived at a

    conclusion that there is no public duty or public function

    shown to be discharged by the HDFC Bank and holding that it

    is no sense doing it for collective benefit of the public nor is it

    appointed by RBI, it was held that it was purely in invocation

    in the context of private contractual dispute.

    41. The decision of the Apex Court in S.Shobha (supra) is

    relied upon by Mr.Seksaria and according to him, the ratio
    13 2020(5) MhLJ 219

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    47/100 WP-11990-23.odt

    flowing therefrom has foreclosed the issue, as the Apex Court

    had pronounced upon the ‘function’ test as regards the

    maintainability of writ application.

    Dealing with Muthoot Finance Ltd., a company

    registered under the Companies Act, the High Court had held

    that it did not answer the definition of ‘State’ within the

    meaning of Article 12, nor the transaction of loan by pledging

    gold between the petitioner and the respondent could be said

    to be in public realm. Apart from this, the High Court also

    recorded a clear finding that the company is not discharging

    any function, which has trapping of a sovereign function, but it

    is a private company registered under the law and, therefore,

    it is not a ‘State’ and the remedy open for the petitioner would

    be to institute a civil suit to seek appropriate relief.

    The aforesaid finding by the High Court received

    approval, as the Apex Court observed that the Muthoot

    Finance Ltd. is not a ‘State’ within the meaning of Article 12 of

    the Constitution and therefore not amenable to writ

    jurisdiction of the High Court under Article 226 of the

    Constitution. The contention that being a non-banking

    financial institution, it is governed by the Rules and

    Regulations framed by the RBI and if there is a breach thereof,

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    48/100 WP-11990-23.odt

    the finance company is amenable to the writ jurisdiction did

    not find favour, when the Apex Court held that, the finance

    company has no duty towards the public, but its duty is only

    towards the account holders, which may include the borrowers

    having availed the loan facility and it has no power to take any

    action, or pass any order affecting the rights of the members of

    the public and the binding nature of its orders and actions is

    confined to the account holders and borrowers and its

    employees.

    Laying its emphasis on whether a body, public or private,

    is amenable or not amenable to writ jurisdiction, the test laid

    down in paragraph 8 of the law report read thus :-

    “8. A body, public or private, should not be categorized as
    “amenable” or “not amenable” to writ jurisdiction. The most
    important and vital consideration should be the “function” test as
    regards the maintainability of a writ application. If a public duty or
    public function is involved, any body, public or private, concerned
    or connection with that duty or function, and limited to that, would
    be subject to judicial scrutiny under the extraordinary writ
    jurisdiction of Article 226 of the Constitution of India.”

    42. Mr.Seksaria has strongly relied upon the summation of

    the position of law emerging in peculiar facts, while

    entertaining a writ petition and he has asseverated that

    issuance of writ, the body or authority ought to be an

    instrumentality or agency of a State or it should have been

    entrusted with the functions as are Governmental or closely

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    49/100 WP-11990-23.odt

    associated therewith, being of public importance or being

    fundamental to the life of the people and hence Governmental

    and though RBI for smooth conduct of its affairs in carrying on

    its business have formulated the regulatory measures to keep

    a check and provided guidelines, that itself is not sufficient for

    discharge of public function, so as to satisfy the criteria,

    whether the body is amenable to writ jurisdiction.

    43. We have carefully perused the authoritative

    pronouncement of the Apex Court, which had the involvement

    of a company registered under the Companies Act and there

    can be no doubt about the legal proposition that writ

    jurisdiction would not lie against the company, as it does not

    enjoy the status of ‘State’ under Article 12 of the Constitution.

    In the facts of the case, where the loan was granted and the

    financier had acted contrary to the interim order, the Single

    Judge had held that the loan was granted under the statutory

    requirement as enunciated by the RBI but the Division Bench

    overruled the aforesaid observation and its view received

    approval from the Apex Court.

    Reliance is placed upon the decision in the case of LIC of

    India Vs. Escorts Ltd.14, where the Apex Court observed thus :-

    14 (1986) 1 SCC 264

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    50/100 WP-11990-23.odt

    “…Broadly speaking, the Court will examine actions of State if they
    pertain to the public law domain and refrain from examining them
    if they pertain to the private law field. The difficulty will lie in
    demarcating the frontier between the public law domain and the
    private law field. It is impossible to draw the line with precision and
    we do not want to attempt it. The question must be decided in each
    case with reference to the particular action, the activity in which
    the State or the instrumentality of the State is engaged when
    performing the action, the public law or private law character of
    then action and a host of other relevant circumstances.”

    As regards the applicability of ‘function’ test, prescribing

    that if a public duty or public function is involved, any body,

    public or private, concerned or connected with that duty or

    function would be subject to judicial scrutiny in exercise of

    writ jurisdiction under Article 226 of the Constitution of India.

    The above pronouncement arises in the backdrop of the fact

    when the petitioner had secured loan from the respondent, a

    private company, by pledging gold and some dispute arose

    from the said transaction and in this peculiar fact, it was

    pleaded that while granting the loan, the statutory

    requirements ought to have been observed and particularly, it

    was also pointed out that the agreement between the company

    and the petitioner contained an arbitration clause, which was

    the part of the loan agreement. The Apex Court in S.Shobha

    was dealing with Muthoot Finance, a non-banking finance

    company and not a scheduled bank and, therefore, the

    restrictions and obligations imposed on a scheduled bank were

    held to be not applicable to the entity.

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::

    51/100 WP-11990-23.odt

    The emphasis of the Apex Court in laying down the

    ‘function’ test is the nature of obligation imposed upon the

    scheduled bank and there cannot be any quarrel about the

    proposition that when a private scheduled bank indulges in

    any commercial transaction like providing for a loan,

    accepting term deposits etc., a writ may not lie unless the

    action involves a statutory violation, but with the guidelines of

    the Reserve Bank of India in force, issued in larger public

    interest, and when the bank, though private, is acting in a

    capacity that involves public interest or performing the duties

    analogous to that of public body, which may include

    enforcement of RBI regulations, in such a case, a writ petition

    would be definitely entertained. If a private body is

    discharging a public function and the denial of any rights is in

    connection with the public duty imposed on such body, public

    law remedy is available for its enforcement. The duty cast on

    the public body may be either statutory or otherwise and the

    source of such power is immaterial but nevertheless there

    must be public law element in such action.

    A public authority is not necessarily an authority

    established under the statute, but if it is the authority which

    performs duties and carries out transactions for the benefit of

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    52/100 WP-11990-23.odt

    public, it would fall within the purview of ‘public authority’, as

    there is no general definition of a ‘public authority’ or ‘public

    action’ and facts of each case would decide whether the

    authority is a public authority.

    44. Considering it from the point of view of scheduled bank,

    covered under the Reserve Bank of India Act, 1934, which has

    authorised the Reserve Bank to exercise supervisory

    jurisdiction over it. As per Section 42 it is imperative for the

    bank (scheduled bank) to maintain with the bank an average

    daily balance, the amount of which shall not be less than such

    percentage as may be prescribed, having regard to the needs of

    securing the monetary stability in the country.

    The decision in S.Shobha (supra) involves a private

    company in contrast to a scheduled bank, which is duty bound

    to abide by the instructions/directions issued by the Reserve

    Bank of India, the apex body and it is imperative for the bank

    to follow the mandate of maintaining Cash Reserve Ratio

    (CRR) as directed, as the Reserve Bank considers it

    appropriate to direct the scheduled bank to maintain the

    reserve in the larger interest of economy of the country.

    It is well within the power of the Reserve Bank to direct

    that every scheduled bank shall maintain in addition to the

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    53/100 WP-11990-23.odt

    balance prescribed under sub-section (1), an additional

    average daily balance of the amount which shall not be less

    than the rate specified by it in the Notification being calculated

    with the reference to the excess of the total of the demand and

    time liabilities of the bank at the close of the business on the

    date specified in the Notification.

    In addition, by virtue of sub-section (2) of Section 42,

    every scheduled bank is under an obligation to send to Reserve

    Bank of India a return signed by two responsible officers of

    such banks showing (a) to (g) at the close of business on the

    last day of each fortnight and every return shall be sent not

    later than five days after the date to which it relates.

    Under sub-section (4), a scheduled bank, which fails to

    comply with provision of sub-section (2) is liable to pay a

    penalty of one hundred rupees for each day during which the

    failure continues.

    45. Since the whole object underlying constitution of the

    Reserve Bank of India, being to regulate the issue of bank

    notes and keeping reserves with a view of securing monetary

    stability and to operate the currency and credit system of

    country to its advantage, the RBI exercises supervisory

    control over the scheduled banks with an imperative mandate

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    54/100 WP-11990-23.odt

    that the weekly returns by the scheduled banks showing the

    time and demand liabilities shall be furnished to it. Power is

    also conferred upon the Reserve Bank to exempt the scheduled

    bank in difficulties, due to circumstances beyond its control in

    discharge of the obligations imposed under the statute. Thus,

    the scheduled bank definitely stands on a different footing

    from the company which is engaged in disbursement of

    financial assistance.

    46. In exercise of the power conferred by clause (o) of sub-

    section (2) of Section 58 of the RBI Act, 1934, the Central

    Government has formulated “The Reserve Bank of India

    Scheduled Bank Regulations, 1951” to ensure compliance of

    the obligations cast under the Reserve Bank of India Act, 1934

    and under the Regulations, it is imperative for the scheduled

    bank, not later than 14 days of its inclusion in the Schedule or

    if it is already included in the Schedule, when Regulations

    came into force to submit to the principal office of the bank, a

    written statement containing the information in Regulation

    5(i). It is also mandatory to forward the list of the names, the

    official designations and specimen signatures of the officers of

    the Bank who are authorized to sign its returns and no change

    is allowed in regards the same without prior intimation to the

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    55/100 WP-11990-23.odt

    RBI and in regards to matters specified in clause (b) of

    Regulation 5(i), no change shall be effected unless the Reserve

    Bank is satisfied that there is adequate reason for such change.

    By virtue of Regulation 7, it is imperative for the

    scheduled bank having savings bank department to submit a

    copy of the Regulations governing that department to the

    principal office of the bank within the period prescribed by

    5(i) and any changes in such regulations shall also be

    intimated without delay to that office and every scheduled

    bank shall calculate the proportion, as at the close of business

    on the 30th September and 31st March of each year, of its

    demand/liabilities on the prescribed basis and the proportion

    so calculated, until the date of the next calculation , to be used

    in determining the demand and time liabilities. As per the said

    Regulation, scheduled bank is liable for imposition of penalty

    under Section 42 of the Act, when the Regulation become

    applicable.

    47. In addition of the above scheme involving RBI, one

    another statute which comes into play is the Banking

    Regulation Act, 1949.

    Section 35-A of the Act is the power of the Reserve Bank

    to give directions, if it is satisfied in the ‘public interest’ or in

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    56/100 WP-11990-23.odt

    the interest of banking policy, it is necessary to issue

    directions to banking companies generally or to any banking

    company in particular, from time to time, and the banking

    companies/ company shall be duty bound to comply with such

    directions.

    Reserve Bank of India, with its emphasis on customer

    protection and the recent surge in customer grievances

    relating to unauthorised transactions resulting in debits to the

    accounts/cards, had issued a Circular as early as in 2002 for

    reversal of erroneous debits arising from fraudulent or other

    transactions and on 06/07/2017, issued a fresh Circular, which

    is in consonance with the international standards, realising

    that with the introduction of electronic banking transactions,

    it is necessary to strengthen the systems and procedure so

    that the customers feel safe about carrying e-banking

    transactions. The RBI directed the banks to put in place

    appropriate systems and procedure to ensure safety and

    security of the electronic banking transactions and to have a

    robust and dynamic fraud detection and prevention

    mechanism.

    In addition, the RBI has also prescribed the mechanism

    to assess the risk, resulting from the unauthorized

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    57/100 WP-11990-23.odt

    transactions and measure the liabilities arising out of such

    events. It also directed appropriate measures to be taken by

    all scheduled Commercial Banks as well as Small Finance

    Banks and Payment Banks to mitigate the risk and protect

    themselves against the liability arising therefrom.

    48. A reading of the Circular under which the Petitioner is

    seeking reversal of the amount debited to his account, has

    clearly set out the mechanism for reporting of unauthorised

    transaction by the customers, by prescribing thus :-

    “Reporting of unauthorised transactions by customers to banks

    5. Banks must ask their customers to mandatorily register for SMS
    alerts and wherever available register for e-mail alerts, for
    electronic banking transactions. The SMS alerts shall mandatorily
    be sent to the customers, while email alerts may be sent, wherever
    registered. The customers must be advised to notify their bank of
    any unauthorised electronic banking transaction at the earliest
    after the occurrence of such transaction, and informed that the
    longer the time taken to notify the bank, the higher will be the risk
    of loss to the bank/ customer. To facilitate this, banks must provide
    customers with 24×7 access through multiple channels (at a
    minimum, via website, phone banking, SMS, e-mail, IVR, a
    dedicated toll-free helpline, reporting to home branch, etc.) for
    reporting unauthorised transactions that have taken place and/ or
    loss or theft of payment instrument such as card, etc. Banks shall
    also enable customers to instantly respond by “Reply” to the SMS
    and e-mail alerts and the customers should not be required to
    search for a web page or an e-mail address to notify the objection, if
    any. Further, a direct link for lodging the complaints, with specific
    option to report unauthorised electronic transactions shall be
    provided by banks on home page of their website. The loss/ fraud
    reporting system shall also ensure that immediate response
    (including auto response) is sent to the customers acknowledging
    the complaint along with the registered complaint number. The
    communication systems used by banks to send alerts and receive
    their responses thereto must record the time and date of delivery of
    the message and receipt of customer’s response,if any, to them. This
    shall be important in determining the extent of a customer’s
    liability. The banks may not offer facility of electronic transactions,
    other than ATM cash withdrawals, to customers who do not provide

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    58/100 WP-11990-23.odt

    mobile numbers to the bank. On receipt of report of an unauthorised
    transaction from the customer, banks must take immediate steps to
    prevent further unauthorised transactions in the account.”

    49. In fixing the liability on the customer, in case of

    unauthorised transaction, the Reserve Bank has bifurcated

    liability into two types; ‘zero liability’ and ‘limited liability’.

    A customer’s entitlement to zero liability is said to arise

    when the unauthorised transaction involving third party

    breach where the deficiency lies neither with the bank nor

    with the customer but lies elsewhere in the system, and the

    customer notifies the bank within three working days of

    receiving the communication from the bank regarding the

    unauthorised transaction.

    However, a customer will also be liable for the loss

    occurring due to unauthorised transaction, where the loss is

    due to negligence by a customer like where he has shared the

    payment credential. Even when there is a delay of making a

    complaint to the bank by the customer, despite the fact that

    the responsibility of the unauthorised electronic banking

    transaction lies neither with the bank nor with the customer

    but somewhere in the system, the customer will be fastened

    with the liability.

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::

    59/100 WP-11990-23.odt

    The bare perusal of the aforesaid guidelines/Circular by

    the Reserve Bank is evidently in larger public interest, as the

    RBI is conscious of the risk involved while adopting the

    electronic platform and it expected the Banks to set up a

    robust governance structure and implement common

    minimum standards of security controls for digital payment

    products and services.

    50. The Reserve Bank of India, on 18/02/2021,has issued the

    Master Direction on Digital Payment Security Controls, by

    formulating it in form of the Reserve Bank of India (Digital

    Payment Security Controls) Directions, 2021, which are

    specifically made applicable to the Scheduled Commercial

    Banks, Small Finance Banks, Payment Banks and Credit card

    issued NBFCs. The regulated entities to whom the Circular

    apply are also directed to formulate a policy for digital

    payments products and services with the approval of their

    Board, which shall ensure minimal customer service

    disruption with high availability of system/channels and

    adequate and appropriate review mechanism followed by swift

    corrective action.

    We will be dealing with the Circulars and the policy of the

    Reserve Bank formulated for the safety and security of the

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    60/100 WP-11990-23.odt

    customer a little while later, but for determining the present

    point for maintainability of Writ Petition, we have noted that

    the Circular/policy issued by the Reserve Bank is exercise of

    the power under Section 35A of the Banking Regulation Act,

    when the Reserve Bank thought it appropriate in the public

    interest and also in the interest of banking policy to issue

    directions which bind the Banks, and in specific, the scheduled

    bank like the HDFC.

    With the aforesaid preface, we are of the specific opinion

    that the HDFC Bank may not be a ‘State’ or its instrumentality

    and even when it comes to the discharge of ‘public function’, in

    the wake of the test laid down in Federal Bank (supra) as well

    as in S.Shobha (supra), it may not be strictly discharging a

    public function, but when it comes to the protection of the

    customers with whom the Banks have dealing and if the

    Reserve Bank, in exercise of powers under Section 35A, has

    formulated certain guidelines for minimising the risk faced by

    the customers and if a customer alleges its breach, in our

    opinion, the Petition cannot be refused to be entertained on the

    ground that no writ can be issued to HDFC Bank for

    implementing or acting in consonance with the directions

    issued by RBI, while encouraging e-banking and being

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    61/100 WP-11990-23.odt

    conscious of the fact that the Banks are expected to have a

    robust and dynamic fraud detection and prevention

    mechanism and also a redressal mechanism in case a

    customer falls prey to such fraud.

    51. The Calcutta High Court in Society for Welfare of the

    Handicapped Persons & Anr. Vs. Union of India & Ors. 15, in

    determining the issue, whether the petitioners are entitled for

    adequate compensation from the Axis Bank for causing loss to

    them on account of alleged diversion of funds as donated by

    different donors in its name, noted that the petitioner No.1

    maintained its accounts in the Bank and were informed that

    some donations were made in the name of the society, but the

    account statement of the bank did not had any positive

    reflection to their credit. A written complaint was therefore

    filed with the jurisdictional police station and the investigation

    was taken up and the charge-sheet was filed.

    The petition was filed seeking compensation from the

    bank where an objection was raised about its maintainability,

    which faced opposition and the learned Single Judge had an

    opportunity to appreciate the law laid down through the

    various authoritative pronouncements objecting to the

    entertainment of the writ petition against the bank.

    15 2025 SCC OnLine Cal 4056
    
    
    
    
      ::: Uploaded on - 09/04/2026                     ::: Downloaded on - 10/04/2026 22:06:02 :::
                                       62/100                    WP-11990-23.odt
    
    

    With reference to the power of the High Court to issue

    writs under Article 226 of the Constitution, it was noted that

    Axis bank, being a private limited company, is a scheduled

    bank as per Section 2(e) read with second Schedule of the Act

    of 1934 and hence, it was governed by Act of 1949.

    With reference to the provisions of Sections 45(b), 45(d)

    and 42 of the Reserve Bank of India Act, 1934, the learned

    Single Judge of the Calcutta High Court pronounced that the

    RBI authorities are empowered to collect the credit

    information from the Axis Bank and Section 42 of the Act of

    1934 postulate that it being a scheduled bank, is duty bound to

    keep cash reserve with the RBI authority. Apart from this, it

    also took note of the fact that the scheduled banking company

    had to obtain license from the RBI authority, which is also

    empowered to cancel license on account of failure to comply

    with the conditions of license.

    Exhaustive reference is made to Section 35A of the Act

    of 1949 empowering the Reserve Bank to give directions in

    public interest and the power to impose restrictions under

    Sections 46, 49 and 49A.

    It is in light of the scheme of the enactment, the learned

    Single Judge has held thus :-

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::

    63/100 WP-11990-23.odt

    “35. On careful consideration of the aforementioned Sections
    of the said Act of 1934 as well as of the said Act of 1949 it thus
    appears to this Court that the respondent no.11 being a scheduled
    bank is duty bound to carry on its banking business within the
    periphery of the statutory provisions of the said two Acts as well as
    under the control and surveillance of the RBI Authority.

    36. In view of such, this Court has got no hesitation to hold
    that the respondent no.11/Axis Bank is duty bound to carry out the
    directions issued time to time by the RBI Authority under cover of
    its different circulars.”

    With reference to the decision in the case of Andi Mukta and

    Binny Ltd. (supra), which was cited, the Single Judge observed

    thus :-

    “39. In the reported decision of Andi Mukta (supra) the
    Hon’ble Supreme Court also considered the proposition of law as
    decided in the case of Praga Tools (supra) and in the said judgment
    it has been held that Article 226 of the Constitution confers power
    on the High Courts to issue writs for enforcement of the
    fundamental rights as well as nonfundamental rights. It has been
    held further that the words “any person or authority” used in
    Article 226 of the Constitution are therefore, not to be confined only
    to statutory instruments of the State. The form of the body
    concerned is not much relevant. What is relevant is the nature of
    the duty imposed on the body and the duty must be judged in the
    light of positive obligation owed by the person or authority to the
    affected party. It has been held further that no matter by what
    means the duty is imposed, if a positive obligation exists mandamus
    cannot be denied.

    In the reported decision of Andi Mukta (supra) it has also been
    held that the judicial control over the fast expanding maze of bodies
    affecting the rights of people should not be put into watertight
    compartment and on the contrary it should remain flexible to meet
    the requirements of variable circumstances. It has been further
    stated that mandamus is a very wide remedy which must be easily
    available to meet injustice wherever it is found.

    40. In the reported decisions of Binny Ltd. (supra) it has
    been held by the Hon’ble Supreme Court that the scope of
    mandamus is limited to enforcement of public duty and such scope
    is determined by the nature of the duty to be enforced rather than
    the identity of the authority against whom it is sought. It has also
    been held that in the event a private body is discharging public
    function and the denial of any right is in connection with the public
    duty imposed on such body, the public law remedy can be enforced.

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::

    64/100 WP-11990-23.odt

    52. The decisions in case of Federal Bank Limited and S.

    Shobha (supra), were also referred to, but in the wake of the

    legislative scheme of Act of 1934 and Act of 1949, the Court

    observed thus :-

    “50. In view of such, this Court has got no hesitation to hold that
    respondent nos. 11 l.e. the Axis Bank cannot avoid its liability in the
    process of opening of a fake bank account at its Prince Anwar Shah
    Road Branch in the name of the writ petitioner no. 1/society. It
    further appears to this Court that though an attempt has been
    made on behalf of the respondent nos. 11 to 13 to substantiate that
    the writ petitioner no. 2 was actively involved in the opening of the
    said bank account at its Prince Anwar Shah Road Branch however,
    such claim is found to be futile inasmuch as sufficient materials
    have been placed before this Court that in course of investigation in
    connection with the aforementioned P.S. case the involvement of
    the writ petitioner no. 2 was not at all found. It has also been
    noticed by this Court that the allegation of the respondent no. 11
    that the said fake bank account at its Prince Anwar Shah Road was
    opened by using a cheque by the writ petitioners’ banker i.e.
    Corporation Bank is found to be contrary to the truth.

    51. … …. …

    53. From the reported decisions as cited from the Bar it appears
    that it is the consistent view of the Supreme Court as well as of
    different High Courts including our High Court that such plenary
    power under Article 226 can be issued against any person or body
    of persons and even against a company or a corporation in the
    event such persons or body of persons or company or corporation
    discharge public duties or responsibilities imposed upon it by a
    statute. It thus appear to this Court that in order to ascertain the
    maintainability of a writ petition against a person or body of
    persons or company or corporation the identity of the said person
    or body of persons or company or corporation need not be looked
    into however, it has to be ascertained as to whether the said private
    body is at all discharging any public function that is to say that
    there must be a public law element in the action of the said person
    or body of persons, etc.”

    In view of the aforesaid, the writ petition was held to be

    maintainable and on merits, it was held that there was no

    difficulty to assess the loss suffered by the petitioner no.1-

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::

    65/100 WP-11990-23.odt

    society and direction was issued to Axis Bank and its

    functionary to constitute a high level committee to determine

    the loss.

    53. This decision was subjected to challenge before the

    Division Bench and on factual matrix, the Division Bench

    refused to return a finding that the writ petition, as it stands,

    is not maintainable as against the Axis Bank, as the writ

    petition also sought relief against the RBI and the cause of

    action of the writ petitioners against the RBI and Axis Bank

    were inseparably intertwined.

    However, Mr. Jagtiani pointed out to us that the reliance

    placed upon the Circulars of the RBI are based on a footing of

    the bank acknowledging its responsibility and wrong doing,

    but the Axis Bank was failed to acknowledge the alleged wrong

    doing, as it was contesting the proceedings and it made a claim

    that it was not liable or responsible for the alleged loss at this

    stage. Though the Court refused to grant relief by observing

    that since the writ petition involved disputed questions of fact

    and the criminal case was yet to attain finality, and it would

    not be prudent to quantify any loss or damage in proceedings

    under Article 226 of the Constitution, however, as regards the

    maintainability of the petition, the Division Bench observed

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    66/100 WP-11990-23.odt

    that it was not proposing to enter into an elaborate discussion

    on the aspect of the maintainability of the writ petition.

    The judgment of the Division Bench was carried to the

    Apex Court and on 16/10/2025, the Apex Court directed that

    the report of the Three Member Committee directed to be

    constituted by the Single Judge, to be placed before it.

    54. When the question that falls for consideration, whether a

    writ petition is maintainable against a private party/body,

    which is definitely not covered within the meaning of ‘State’ for

    the purposes of Article 12 of the Constitution, when we turned

    our attention to Article 226 of the Constitution, which is a

    power of the High Court to issue writs to “anyperson or

    authority” for enforcement of any of the rights conferred by

    Part III or for any other purpose, it can be discerned that the

    remedy of Article 226, being a public law remedy is available

    against a private party or person, if such private body is

    discharging a public function. As observed by the Apex Court

    in Binny Ltd. (supra), a public function may not be susceptible

    of a precise definition, but a private body discharges a public

    function when it seeks to achieve collective benefit for the

    public or section thereof and is accepted by the public or

    section thereof as having authority to do so. The entities which

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    67/100 WP-11990-23.odt

    participate in social or economic affairs in the public interest,

    definitely discharge public function.

    55. Board of Control for Cricket in India Vs. Cricket

    Association of Bihar & Ors.16 is an authority which has

    pronounced upon the functions discharged by BCCI (Board of

    Control for Cricket in India) and while holding that it is not

    ‘State’ within the meaning of Article 12, the Court pronounced

    upon its amenability to judicial review in the wake of exercise

    of power under Article 226 of the Constitution. Applying the

    test laid down in Pradeep Kumar Biswas (supra), BCCI, an

    autonomous, non-governmental private body formed under

    T.N. Registration of Societies Act, 1975 was held to be not

    financially, functionally or administratively dominated or

    under the control of the Government so as to being it within

    the expression of ‘State’ in Article 12. However, since BCCI

    regulated and controlled all aspects of game of cricket in India,

    including conduct of matches, maintaining cricket amenities

    and infrastructure and even choosing players and umpires and

    in short, it held monopoly over the game of cricket in India, it

    is held that the body was discharging public functions and,

    hence, amenable to judicial review, dispute it not being ‘State’.

    The Apex Court pronounced that even if BCCI is not ‘State’
    16 (2015) 3 SCC 251

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    68/100 WP-11990-23.odt

    within the meaning of Article 12, it may not make any material

    difference in view of the admitted position that BCCI does

    discharge several important public functions, which make it

    amenable to the writ jurisdiction of the High Court under

    Article 226 of the Constitution, as it enjoyed monopoly status

    in the field of cricket though with no pervasive control and

    despite the fact that all its functions were not public functions,

    though they were not closely related to Government functions,

    it was held to be amenable to writ jurisdiction in the wake of

    the following observations.

    “34. The functions of the Board are clearly public functions,
    which, till such time the State intervenes to takeover the same,
    remain in the nature of public functions, no matter discharged by a
    society registered under the Registration of Societies Act. Suffice it
    to say that if the Government not only allows an
    autonomous/private body to discharge functions which it could in
    law take over or regulate but even lends its assistance to such a
    non-government body to undertake such functions which by their
    very nature are public functions, it cannot be said that the
    functions are not public functions or that the entity discharging the
    same is not answerable on the standards generally applicable to
    judicial review of State action.

    35. Our answer to Question (i), therefore, is in the negative,
    qua, the first part and affirmative qua the second. BCCI may not be
    “State” under Article 12 of the Constitution but is certainly
    amenable to writ jurisdiction under Article 226 of the Constitution
    of India.”

    56. The test of whether a body is performing a public

    function and if it is amenable to judicial review would thus be

    dependent upon the surrounding circumstances and the

    nature of the function discharged by the private body.

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::

    69/100 WP-11990-23.odt

    Undisputedly, if a private body discharges its functions which

    are contractual and commercial in nature, a writ cannot lie for

    its enforcement, but if a private body perform public duty, it is

    amenable to writ jurisdiction though all its decisions may not

    be subjected to judicial review and only those decisions which

    have public element can be judicially reviewed under writ

    jurisdiction.

    In the modern era it is difficult to draw a clear line

    between the public and private functions discharged by a

    private body, as if an entity is performing in a public arena,

    and it involves public interest, it must definitely subject itself

    to the exercise of power of judicial review by a writ court, as it

    would be justiciable to exercise the power to prevent such

    bodies from acting in an arbitrary manner. It is different thing

    to say that a body or entity is not a ‘State’ for the purposes of

    Article 12, by applying the well determined test of the control

    of the State, but when it comes to exercise of power of the writ

    court to issue writ for enforcement of fundamental rights in

    Part III of the Constitution or for any other purpose, it will be

    necessary to see whether the discharge of the function by the

    body/entity has any public element involved and in case,

    where the bank like HDFC Bank, which conduct the banking

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    70/100 WP-11990-23.odt

    business under the aegis and control of the Reserve Bank of

    India, being a scheduled bank and when the Reserve Bank in

    exercise of its power has framed guidelines/Master Circular

    for protecting the interest of the customers, who are likely to

    suffer on account of frauds, by prescribing certain guidelines,

    we do not find merit in the submission of Mr.Seksaria that for

    enforcement of the said guidelines, a writ petition is not

    maintainable. We, therefore, reject the preliminary objection

    raised.

    57. It is not for the first time that the Circular issued by the

    Reserve Bank of India and the benefit available to a

    customer/account holder of the bank came up for

    consideration before the higher Courts and we have before us

    the decision of the learned Single Judge of Gauhati High Court

    in Pallabh Bhowmick (supra), where the benefit of RBI

    Circular dated 06/07/2017 was claimed, when the petitioner, a

    practicing Advocate, holding a saving bank account in the

    State Bank of India, Gauhati Branch was duped of Rs.94,204/-

    by three separate on-line transactions.

    The Petitioner had made a online purchase of some

    garment from the ‘Louis Philippe’ store, which he wanted to

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    71/100 WP-11990-23.odt

    return and get the money back. On 18/10/2021, he received a

    call from a fraudster, who identified himself as Respondent

    No.4 from State of Uttar Pradesh. Posing himself to be the

    Customer Care Manager of the famous brand ‘Louis Philippe’,

    HE asked the petitioner to download a ‘mobile app’ for the

    purpose of refund of Rs.4,000/- in lieu of return of a garment

    purchased by him and when the petitioner did so, Rs.94,204/-

    was siphoned off from his bank account by three separate

    online transactions. An amount of Rs.64,017/- was transferred

    by Payment Gateway transactions and two other transactions

    of Rs.15,903/- each followed. The amounts were initially

    transferred to the beneficiary account in the Federal Bank and

    thereafter, shifted to the other bank accounts.

    The petitioner immediately informed to the customer

    care centre of the SBI with request to cancel the three

    transactions and on a complaint being registered, the SBI

    Debit Card of the petitioner was also blocked. An FIR was also

    filed with Jalukbari Police Station, which invoked Sections 417

    and 420 of the Indian Penal Code. The petitioner made a

    complaint to Branch Manager, Panbazar Branch of the SBI

    informing him about the fraudulent transactions from his

    bank account and he also lodged complaint with Cyber Crime

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    72/100 WP-11990-23.odt

    Cell of Criminal Investigation Department, Assam pertaining

    to three transactions.

    The petitioner received an e-mail from the respondent

    No.3 informing that there has been illegal breach of their

    customer database whereby, information regarding some of

    the customers were released in cyber community, and

    according to respondent No.3, the website of ‘Louis Philippe’

    was hacked when the petitioner had made online purchases on

    05/10/2021.

    58. With reference to the RBI Circular dated 06/07/2017

    laying down guidelines for Customer protection-limiting

    liability of the customers in case of unauthorised electronic

    banking transactions, reference was made to various clauses

    and in specific, clause 9 dealing with ‘Reversal Timeline for

    Zero Liability/Limited Liability of customer’ in case of

    unauthorised electronic banking transactions. The said clause

    was construed and the opinion expressed by the learned

    Single Judge reflected as below :-

    “21. As per clause 9, which deals with reversal timeline of
    zero liability/limited liability of customers in case of unauthorized
    electronic banking transaction, it would be the discretion of the
    bank to waive off any customer liability even in case of negligence of
    the customer. From a conjoint reading of the aforementioned
    clauses of the circular, it can be inferred that in case of un-
    authorized electronic transactions the Bank would have a duty to
    reverse the payment and credit the amount involved in the un-
    authorized transaction within a time frame, provided the

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    73/100 WP-11990-23.odt

    fraudulent transaction is reported by the Customer within the time
    frame provided in the Circular. In an appropriate case, even the
    negligence, if any, on the part of the customer, can be waived by the
    Bank.

    22. ….Had the Bank installed effective cyber security system and
    online fraud control measures then in that event, even if a mobile
    app is downloaded by a customer, money could not have been
    transferred from the bank account without proper authorization.
    Regardless of whether it was a UPI or PG transaction, it is not
    believable that the petitioner would deliberately share his OTP,
    password and MPIN so as to allow his hard earned money to be
    siphoned off from the bank account by a fraudster, that too, on
    three consecutive occasions, in quick successions. Rather, the
    incident appears to be pure and simple case of cyber crime whereby,
    the fraudster had hacked the database of respondent No. 3 and
    thereafter, got access to sensitive information pertaining to various
    customers of “Louis Philippe” including the petitioner which
    information was used for completing the fraudulent transactions.
    The participation on the part of the petitioner appears to be only to
    the extent of downloading the mobile app. Although the respondent
    No. 2 has contended that the petitioner had shared OTP, password
    and MPIN with the fraudster, yet, the said claim could not be
    substantiated by the Bank. Nothing has been stated in the counter-
    affidavit filed by the respondent No. 2 to indicate as to when, how
    and in what manner the OTP, MPIN and password was shared by
    the petitioner with the fraudster. No material particulars of the
    complicity on the part of the petitioner have been furnished in the
    affidavit. Therefore, this court is of the view that the respondent No.
    2 Bank has completely failed to establish any negligence on the part
    of the writ petitioner.”

    It was held that the online transactions that took place

    from the petitioner’s bank account were unauthorised and

    fraudulent and no negligence on part of the petitioner could be

    established by the bank and the case of the petitioner would

    fall within the ambit clauses 8 and 9 read with clause 10 of RBI

    Circular dated 06/07/2017 and, therefore, the petitioner will

    not have any liability in the matter and the bank was directed

    to reverse the payment in the savings bank account of the

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    74/100 WP-11990-23.odt

    petitioner with liberty to recover the same from respondent

    No.3, by initiating appropriate legal proceedings, if so advised.

    59. The Division Bench of the Gauhati High Court upheld the

    said decision, by recording that the incident appears to be pure

    and simple case of cyber crime, whereby the fraudster has

    hacked the database of respondent No.3 and got access to the

    sensitive information pertaining to the customers of the bank,

    which was used for completing the fraudulent transaction.

    Recording that the participation of the petitioner appears to be

    only to the extent of downloading the ‘mobile app’, it was held

    that the bank had failed to establish any negligence on part of

    the petitioner.

    The observation of the Division Bench reads thus :-

    “40. …The Banks cannot absolve themselves of the liability
    towards losses suffered by the customers on account of
    unauthorized electronic transactions based on perceived negligence
    of the customers. In the present case, having considered the facts
    and circumstances of case and the materials available on record, we
    concur with the view of the learned Single Judge, that the appellant
    has failed to establish negligence on the part of the respondent
    no.1/petitioner leading to the fraudulent transactions. Thus, the
    learned Single Judge has rightly directed the appellant to deposit
    an amount of Rs.94,204.80/- (Rupees Ninety-four thousand two
    hundred four and Eighty Paisa) only, in the bank account of the
    respondent no.1/petitioner.”

    Worth it to note that the Hon’ble Apex Court while dismissing

    the Appeal made very pertinent observations and we deem it

    appropriate to reproduce the same.

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::

    75/100 WP-11990-23.odt

    “2. We are in complete agreement with the observations as
    contained in Para 42 of the impugned judgment referred to above.

    3. All that the High Court has said is that the original petitioner
    who suffered the loss was not negligent in any manner. All
    transactions relating to the account of the respondent No.1 -herein
    maintained with the petitioner – Bank were found to be
    unauthorized and fraudulent. It is the responsibility of the bank so
    far as such unauthorized and fraudulent transactions are
    concerned. The Bank should remain vigilant. The Bank has the best
    of the technology available today to detect and prevent such
    unauthorized and fraudulent transaction. Further, clauses 8 and 9
    respectively of the RBI’s Circular dated 6-7-2017 make the position
    further clear.

    4. We also take notice of the fact that within 24 hours of the
    fraudulent transaction, the customer, i.e., the respondent No.1 –
    herein brought it to the notice of the Bank.

    5. We expect the customers, i.e., the account holders also to remain
    extremely vigilant and see to it that the O.T.P.s generated are not
    shared with any third party. In a given situation and in the facts
    and circumstances of some case, it is the customer also who could
    be held responsible for being negligent in some way or the other.

    60. In yet another situation, the Delhi High Court in case of

    Hare Ram Singh Vs. Reserve Bank of India & Ors. (W.P.(C)

    13497/2022 decided on 18/11/2024), the issue raised, was

    considered after pronouncing upon the objection regarding

    maintainability of writ petition for implementing the

    mandatory Master guidelines formulated by the RBI, the High

    Court, in the background fact where the petitioner received an

    SMS containing a link, and upon receipt of an SMS getting a

    call convinced him to click on the link, so as to keep the SMS

    service on his mobile number open and operational, was duped

    of Rs.2,60,000/- by way of two transactions from his savings

    bank account in the State Bank of India.

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::

    76/100 WP-11990-23.odt

    Upon realizing that he has been defrauded, the petitioner

    dialled the Customer Care Department of the SBI and

    registered a complaint and asking it to hold on the

    transactions, but it was of no avail. He approached the

    Banking Ombudsman, who rejected the complaint and,

    thereafter, the petitioner preferred the writ petition. Dealing

    with the objection about maintainability, the Delhi High Court,

    concluded thus :-

    “34. …… In view of the respondent No.2 and 3/SBI’s violations
    of the aforesaid mandatory Master Guidelines formulated by the
    respondent No.1/RBI, the maintainability of the instant writ is
    beyond any challenge. It must be indicated that the aforesaid
    guidelines are by and large measures that the REs or the banks
    have to undertake, and the said guidelines do not restrict an
    affected party to take legal recourse for redressal of their
    grievances. The transactions in question would resultantly fall
    within the sweep of “zero liability” as referred to in the aforesaid
    RBI Circulars. Therefore, respondents No. 2 and 3/SBI are liable to
    compensate the petitioner for the incurred loss, along with interest,
    and pay token compensation.”

    61. On merit, it is held that the petitioner was ‘victim’ of

    cyber fraud and he was not negligent in any manner under the

    notions of the civil law or for that matter under the criminal

    law, the observation in para 21 is apposite to be reproduced,

    which reads thus :-

    “21. In my view, the petitioner was a ‘victim’ of cyber fraud
    and he cannot be said to be ‘negligent’ in any manner under the
    notions of the civil law or for that matter under the criminal law.
    Negligence implies “the duty to take care” that would be expected
    from a person of ordinary prudence. The negligent act on the part
    of the customer should be such which is gross, utterly reckless and
    unconscionable. In the present case, the petitioner had taken care
    not to share the OTPs, in fact he had no occasion to do so, and if that

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    77/100 WP-11990-23.odt

    is the case, it would imply that even the most hyped 2 Factor
    Authentication [“2FA”] was breached as the same was not secure,
    which is directly attributable to deficiency in service provided by
    the respondent no.2 & 3 SBI.”

    62. Once again the RBI Circular on Digital Payment Security

    Controls dated 18/02/2021 was invoked and the learned

    Single Judge concluded thus :-

    “33. Lastly, it is well established under the Common Law, that
    funds in a bank account belong to the bank, but the bank acts as an
    agent for the principal (the customer). Consequently, the bank
    cannot refuse to process an online transfer if it appears to be
    authorized by the customer, however, upon detecting fraud, the
    bank has an implied duty to exercise reasonable care and take
    prompt action. Unhesitatingly, there was patent deficiency in
    services on the part of the bank, inasmuch as the response of the
    bank was lukewarm, defective, and not prompt. The respondent No.
    2 i.e., SBI failed to take immediate measures to take up the issue
    with the other REs to whom the online payment had been remitted.”

    Resultantly, a writ of mandamus was issued against the State

    Bank of India to make payment of Rs.2,60,000/- to the

    petitioner with interest @ 9% p.a. from the date when the fraud

    was reported within four weeks alongwith costs for legal

    proceedings.

    We are informed that upon the matter being taken to the

    Apex Court, stay of the order passed by the learned Single

    Judge is granted subject to it tendering an FDR to the Registry

    of the amount involved, with direction for its renewal.

    63. Another decision in this regard is in case of Jaiprakash

    Kulkarni (supra), where the Bombay High Court adopted a

    similar stance when the petitioner, who maintained the bank

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    78/100 WP-11990-23.odt

    account, complained that on 01/10/2022 certain

    entities/individuals were added as beneficiaries, without an

    OTP being sent on registered mobile or registered e-mail IDs.

    According to the petitioners, on 02/10/2022, the accountant of

    the petitioner No.2-company informed the petitioners that he

    had received several messages from respondent No.2

    regarding total sum of Rs.76,90,017/- being debited in several

    tranches to various unknown individuals by way of an online

    transaction. Since 02/10/2022 was a Sunday and a public

    holiday, the petitioners were certain that no transfer requests

    were initiated by them or any authorised person, to realise

    that money was illegally siphoned. Steps were taken by the

    petitioners by addressing communication to the bank as well

    as lodging of FIR. The petitioners even filed a complaint with

    Ombudsman, which was rejected on the ground that the

    transactions were completed post addition of the beneficiaries

    and input of valid credentials/2FA was only known to the

    account holder, and, therefore, there was no deficiency/lapse

    on the part of the bank.

    64. In light of the facts placed through the petition and the

    counter submissions made by the bank, the Court held thus :-

    “34. ……. In the light of these three categorical reports by the
    Cyber Cell, which have been made after receiving information from

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    79/100 WP-11990-23.odt

    the mobile service provider Airtel and the email service provider,
    Rediff mail, we are unable to accept the submission of Respondent
    No.2 that there was any negligence on the part of the Petitioners or
    that they had colluded with the persons/fraudsters who had debited
    the bank account of the Petitioners. In our view, from the said three
    reports of the Cyber Cell it is clear that both the bank and the
    Petitioners have been victims of fraud by third party fraudsters.”

    65. Relying upon the Circular dated 06/07/2017 issued by

    the Reserve Bank of India, and in specific, clauses (9) and (12)

    thereof, the Division Bench concluded thus :-

    “37. Both as per the said RBI Circular and the said Policy of
    Respondent No.2, a customer has zero liability when the
    unauthorized transactions occur due to a third party breach where
    the deficiency lies neither with the bank nor with the customer but
    elsewhere in the system and the customer notifies the bank
    regarding the unauthorized transactions within a certain time
    frame. Therefore, both as per the RBI Circular and the said Policy of
    Respondent No.2, the liability of the Petitioners in respect of the
    said unauthorized transactions would be zero as the unauthorized
    transactions have taken place due to a third party breach where the
    deficiency lies neither with Respondent No.2 nor with the
    Petitioners, as already held hereinabove on the basis of the said
    three Cyber Cell reports. In these circumstances, as per the RBI
    Circular and as per the Policy of Respondent No.2, the Petitioner is
    entitled to refund of the said amount from Respondent No.2. In this
    context, it is also important to note that, as per paragraph 12 of the
    RBI Circular, the burden of proving customer liability in case of
    unauthorized electronic bank transactions lies on the bank. In the
    present case, Respondent No.2 has no acceptable material to fasten
    any such liability on the part of the Petitioners. On the contrary, the
    three Cyber Cell Reports clearly show that the unauthorized
    transactions have taken place without any intimation to the
    Petitioners either on their mobile number registered with
    Respondent No.2 or on their email ID registered with Respondent
    No.2. For all the aforesaid reasons, Respondent No.2 will have to be
    directed to refund the amount illegally and unauthorizedly debited
    from the bank account of the Petitioners, to the Petitioners.”

    As a result, the order passed by the Banking Ombudsman

    was quashed and set aside and the Bank was directed to

    refund to the petitioner an amount of Rs.76,90,017/- within a

    period of six weeks from the date of pronouncement of the

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    80/100 WP-11990-23.odt

    order with interest at the rate of 6% p.a. from 02/10/2022 till

    date of its payment.

    66. In light of the aforesaid decisions, which ensured the

    implementation of the Circular issued by the RBI in form of

    Consumer Protection Policy, clearly providing that the

    customer’s liability will be ascertained based on the time taken

    by the customer to report the unauthorized electronic banking

    transaction, and since the said circular has conferred certain

    right on the customer and if a customer has suffered loss due

    to third party breach where the deficiency lies neither with the

    bank nor with the customer but lies elsewhere in the system

    and the customer has notified the bank immediately, he is

    entitled for reverting back the amount and share zero liability.

    If, however, the complaint is made within four to seven

    working days, the customer will share some responsibility and

    may not be entitled for remittance of the entire amount of

    which he is defrauded.

    67. One significant feature of the RBI Circular is, that the

    burden of proving the customer’s liability in case of

    unauthorized electronic banking transaction lies on the bank.

    Mr.Seksaria has vehemently urged before us that in case

    of Jaiprakash Kulkarni (supra), the three cyber cell reports

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    81/100 WP-11990-23.odt

    made reference to the unauthorized transactions having taken

    place, without any intimation to the petitioners, either on the

    mobile number or e-mail ID and that was the prime

    justification for the bank having been directed to refund the

    amount, which was unauthorizedly debited from the bank

    account of the petitioners. In the present case, according to

    him, there is no cyber report so as to establish that there was a

    cyber fraud and, therefore, no direction can be issued to the

    bank.

    As regards this submission, we must mention that the

    whole object of the RBI issuing the circular/guidelines is to

    protect the customer, who has fallen prey to unauthorized

    transactions resulting in debit to his account/card, when the

    transaction is effected through electronic banking. The

    Reserve Bank of India has issued directions to all scheduled

    commercial banks for strengthening their system and

    procedure, by introducing various mechanisms, with an

    expectation that the system and procedure in the bank must

    be designed to make customers feel safe about carrying out

    electronic banking transactions and the RBI expected the

    Banks to adopt robust and dynamic fraud detection system.

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::

    82/100 WP-11990-23.odt

    One of the mode prescribed is the bank asking their

    customers to mandatorily registered for SMS alerts and

    wherever available register for e-mail alerts for electronic

    banking transactions. The RBI has made it mandatory that

    SMS alerts shall be sent to the customers, while e-mail alerts

    may be sent, wherever registered and simultaneously the

    customer must be advised to notify their bank of any

    unauthorized electronic banking transaction at the earliest

    after the occurrence of such transaction, as longer time taken

    to notify the bank will pose high risk to the customer.

    The banks are directed to provide customers with 24×7

    access through multiple channels for reporting unauthorized

    transactions that had taken place and/or loss or theft of

    payment instrument such as card, etc. and the bank shall also

    enable the customers to instantly respond by ‘Reply’ to the

    SMS and e-mail alerts so that the customers are not required

    to search for a web page or an e-mail address to notify the

    objection. The swift action on part of the customers as well as

    the bank is specifically underscored by RBI, since it is most

    important in determining the extent of the customer’s liability.

    Keeping this aspect in view, the Reserve Bank has

    fastened zero liability on a customer, in case of third party

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    83/100 WP-11990-23.odt

    breach when the deficiency lies neither with the bank nor with

    the customer, but lies elsewhere in the system and the

    customer notify the bank within three working days of receipt

    of communication from the bank regarding unauthorized

    transactions.

    68. In our view, the circular of the RBI dated 06/07/2017 is

    independent of any criminal investigation to be conducted to

    establish any cyber crime, as the RBI intended to protect the

    customer who has suffered financial loss on account of

    fraudulent or unauthorized electronic banking transactions.

    Without even a semblance of reference to any cyber

    investigation, the RBI deemed it appropriate to issue

    directions for limiting the liability of the customers in

    unauthorized electronic banking transactions and

    particularly, when the customer is not at fault. The burden to

    establish that the customer is at fault is on the bank and once a

    customer has notified the bank about the fraudulent

    transaction, from the date when he received communication

    from the bank, it is imperative for the bank to credit the

    amount involved in the unauthorized electronic banking

    transaction to the customer’s account and if the reporting is

    within three days, then the liability of the customer is zero.

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::

    84/100 WP-11990-23.odt

    Since the burden of proving the customer’s liability in

    respect of unauthorized electronic banking transaction is on

    the bank, we have to ascertain whether the HDFC Bank has

    discharged its burden.

    69. Referring to the transactions through which the

    Petitioner had suffered a loss, it is the case of the Petitioner

    that he was using mobile service of BSNL and his mobile

    number and e-mail ID were registered with HDFC Bank for

    alerts and OTP. According to the Petitioner, on 14/07/2021,

    three beneficiaries were added to his savings and current

    account in Aundh Branch of HDFC Bank, the beneficiary

    account being maintained with HDFC Bank and ICICI Bank.

    The Petitioner received no intimation or OTP to validate

    addition of any of the beneficiaries. Wakad Police Station has

    confirmed that no SMS was received by the Petitioner.

    The HDFC Bank has produced before us a list of SMS/E-

    mails containing OTPs sent to the Petitioner for addition of

    beneficiaries.

    The text of the OTP logs annexed to the reply, make a

    reference to the message pushed by HDFC Bank through its

    different vendors engaged for the said purpose and this include

    the vendors, ACLOTP, GupshupOtp and also A2WHTTPS.

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::

    85/100 WP-11990-23.odt

    The message pushed in respect of all the three

    beneficiaries is followed by the addition of the beneficiaries and

    the message pushed is, “——is your SECRET OTP to add payee

    Samir tamang, A/c No. ending in — for Funds Transfer. Do not

    share it with anyone”. Followed by this, within a few seconds

    is another message, “You have added/modified Funds Transfer

    Beneficiary samir tamang, A/c No. in HDFC Bank NetBanking

    for queries contact Bank.” In respect of Aloke Pal, the

    transaction at 03:03:37.515000 PM through GupshupOtp is

    the message shown is XXXXX. In fraction of seconds i.e.

    03:04:08.940000 PM beneficiary Aloke Pal is added.

    The aforesaid chart is only reflective of message being

    pushed, but not a proof of the message being received.

    Moreover, the record of the Full Text OTP logs is not produced

    before us as primary record, but it is a log prepared by the

    bank and in some cases, the message pushed is XXXXX.

    It is the pleaded case of the Petitioner that he did not

    receive any SMS or e-mail and in any event, it is evident from

    the e-mail log, which is also produced alongwith the affidavit,

    that the e-mails do not contain any OTPs. More pertinent to

    note is the SMS and e-mails are alleged to be forwarded by

    third party vendors and it is difficult for us to admit its

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    86/100 WP-11990-23.odt

    credibility, as there is no indication of any full-proof system of

    the vendor, and what is placed before us alongwith the reply

    affidavit is the log of OTP and e-mail with the status ‘delivered

    (D) and sent (S)’.

    Followed by the addition of beneficiaries, on 14/07/2021,

    unknown to the Petitioner, the third party transfer limit of

    Rs.4,00,000/- was increased to Rs.40,00,000/- and once again

    it is the case of the Petitioner that no intimation or OTP was

    received by him to validate the increase of transfer limit and

    the screen shots of the flexible Third Party Transfer (TPT)

    limits through net banking refer to the customer ID/user ID

    with a password PIN, which then reflected the balance in the

    savings account and increase in the amount of transfer limit.

    Once again, it is the case of the bank that the message of third

    party transfer limit being being set at Rs.40,00,000/- was also

    intimated through OTP and the vendor has shown its status as

    ‘delivered’, with OTP being sent to increase the limit, and also

    about the limit being increased to Rs.40,00,000/-. Even for

    this transaction, we do not have the original message but only

    the log prepared by the bank, based on the information by the

    vendor, reflecting the status of the message as ‘delivered’. The

    case of the Petitioner is, he never received the OTP/intimation.

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::

    87/100 WP-11990-23.odt

    70. Then comes 15/07/2021, when the Petitioner received an

    SMS alert from the bank that there was a transfer of

    Rs.2,14,000/- from his savings bank account and the Petitioner

    received the alert and logged on to the net-banking facility to

    check his account, as received the SMS alert at 17:55 hours to

    find that a sum of Rs.38,04,000/- was transferred from his

    two accounts by eight transactions between 15:06 hours and

    15:47 hours i.e. within 41 minutes. Out of the eight

    transactions, in four transactions Samir Tamang is the

    beneficiary, in one transaction of amount of Rs.7,00,000/-

    Aloke Pal is the beneficiary and one Subhomoy Biswas is the

    beneficiary in three transactions. The Petitioner was debited

    to the sum of Rs.38,04,000/- from the three accounts despite

    his specific case that he never added the beneficiaries, and he

    never enhanced the transaction limit and the amount was

    never transferred by him in favour of the beneficiaries.

    71. As soon as the Petitioner received an alert at 17:55 hours

    on 15/07/2021, at 18:03 hours, he addressed an e-mail to his

    Relationship Manager, Mr.Prashant Patil, apprising him of the

    unauthorized transactions and he even attempted to connect

    to HDFC’s Toll Free Number, but was unable to do so. The

    Petitioner also made a request to the bank to block his

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    88/100 WP-11990-23.odt

    accounts and on the next day, approached Wakad Police

    Station informing the police about the unauthorized

    transactions.

    72. We have already reproduced the communications and

    the action taken by the bank immediately on the Petitioner

    alerting it. We have recorded the submissions of Mr.Seksaria

    and from reading of the same, it is evidently clear to us that

    the bank attempted to take steps by treating the complaint as

    urgent, but could do nothing as the amount was already

    debited from the Petitioner’s account. The HDFC Bank has not

    produced before us any primary record of SMS/e-mail being

    forwarded to the Petitioner, but its vendors have merely

    prepared a log showing that every OTP was forwarded on the

    Petitioner’s mobile.

    73. The mobile number used by the Petitioner is

    9422247109 and fortunately for us, Respondent No.5-BSNL

    has marked its appearance through a counsel and also filed an

    affidavit-in-reply.

    The authorized signatory of BSNL through his affidavit

    dated 09/02/2026, has provided a clear clue as to what has

    transpired and how the money got debited from the

    Petitioner’s account by manipulating the SIM card.

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::

    89/100 WP-11990-23.odt

    Submitting that the alleged amount was transferred

    from the two accounts of the Petitioner through eight different

    on-line banking transactions and thereafter withdrawn

    through ATMs. Respondent No.5, therefore, state that the

    transactions establish that the alleged fraud was executed

    through banking and ATM mechanism, and it categorically

    state that, on 12/07/2021, the SIM card of the number used

    by the Petitioner was replaced by its franchisee Sharma

    Communications.

    As per Respondent No.5, Petitioner’s mobile phone was

    stolen and that was the cause for replacement of the SIM card.

    The affidavit also state that for replacement of the SIM, there

    is manual verification of the photo ID with the subscriber and

    the procedure require verification of self-attested documents

    of POI/POA with original documents and it is admitted that the

    certificate of verifying the same is signed by the franchisee

    M/s Sharma Communications and the replacement was done

    by manual verification.

    When there was further replacement at Kalyan, once

    again it was allowed on the basis of lost of SIM accompanied

    with an application for replacement and it is categorically

    stated that there are two methods of verifying the identity

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    90/100 WP-11990-23.odt

    when the SIM card is replaced, namely, (a)DKYC : Live

    photograph of subscriber and documents are uploaded and

    CAF Documents, and (b) EKYC : Biometric of the subscribers

    are captured and matched with Aadhaar Biometrics.

    74. The document annexed with the affidavit of BSNL, in

    relation to the mobile number 9422247109 with the

    customer’s name Subodh Chandrakant Korde has given the

    permanent address at Nashik.

    The reason for replacement of SIM, is cited as ‘SIM Lost’

    and the application is dated 14/07/2021. A perusal of the

    photograph placed on the SIM Swap/Replacement/Up-

    Gradation Form bear a photograph of a person Subodh

    Chandrakant Korde, which according to the Petitioner, is not

    his photograph, as the Aadhar Card at page No.10 reveal his

    identity through the photograph and what was annexed

    alongwith the application was a copy of the PAN card. It was

    also accompanied with the police report at Mira-Bhayandar,

    Vasai-Virar Police on 14/07/2021with the complaint of lost of

    Samsung Phone bearing No.9422247109.

    The affidavit has also annexed a SIM replacement

    application dated 12/07/2021 at Nashik, where it is informed

    that the handset is lost due to accident. By using the same

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    91/100 WP-11990-23.odt

    PAN card and annexing the photograph of Sachin Subodh

    Korde, which according to the Petitioner, is not of his son’s

    photograph.

    While responding to the notice received from Wakad

    Police Station, furnishing information with respect to the SIM

    replacement of BSNL mobile number, it is indicated that the

    SIM was replaced on four occasions through swap request

    received on 12/07/2021, 13/07/2021, 14/07/2021 and

    15/07/2021 and the swap was completed on all these dates.

    In Nashik, the swap/replacement is undertaken through

    franchisee Sharma Communication, and in Chinchwad Pune, it

    is done through franchisee M/s Print Express and in Vasai

    Kalyan, it is done through CSC Vasai Kalyan and once again in

    Chinchwad, Pune when it was done on 15/07/2021 with the

    swap completed at 16:26:26 through M/s Print Express, Pune.

    In all the aforesaid transactions of SIM swap, the swap remark

    reflect ‘Defect with SIM’.

    75. The affidavit is accompanied with a certificate issued by

    JTO, Nashik stating that the first replacement happened on

    12/07/2021 at Nashik CSC and subsequently it is restored in

    Pune CSC on 13/07/2021. While responding to Wakad Police

    Station, BSNL has furnished the information by stating that

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    92/100 WP-11990-23.odt

    the SIM replacement was done as per customer request at

    BSNL Customer Service Center Chinchwad Pune on

    13/07/2021, but again the SIM got faulty and, therefore,

    replacement was done on 15/07/2021 by M/s Print Express,

    Pune in presence of Subodh Chandrakant Korde alongwith his

    wife and the SIM replacement details are also offered. The

    name of the official who approved the SIM replacement and

    activated new SIM card is also offered to Wakad Police Station.

    We have these SIM Swap details annexed and it would be
    most apposite to reproduce the same:-

    “SIM swap details of BSNL Postpaid Mobile number 9422247109

    S.
    SSA BSNL CSC GSM NO. OLD SIM NO. NEW SIM NO.

    NO.

    1 2 3 4 5 6

    Canada Corner
    1 NASIK 9422247109 8991667331212851959 8991660231411907666
    Nashik
    2 PUNE Chinchwad Pune 9422247109 8991660231411907666 8991669061412209680
    3 KALYAN Vasai Kalyan 9422247109 8991669061412209680 8991669061411787253
    4 PUNE Chinchwad Pune 9422247109 8991669061411787253 8991669061412210143

    CUSTOMER NAME SWAP REQUESTEDDATE SWAP COMPLETEDDATE
    7 8 9
    SUBODH CHANDRAKANT KORDE 12.07.2021 12:50:20 12.07.2021 17:39:29
    SUBODH CHANDRAKANT KORDE 13.07.2021 16:04:13 13.07.2021 17:09:00
    SUBODH CHANDRAKANT KORDE 14.07.2021 12:44:22 14.07.2021 12:54:03
    SUBODH CHANDRAKANT KORDE 15.07.2021 16.08.20 15.07.2021 16:26:26

    POS CODE& DETAILS POS C TOP UP
    10 11
    MH19101 Franchisee Sharma Communications, Nashik 9405996100
    MH22116 Franchisee M/s Print Express , Pune 9405090990
    MH14400018 CSC Vasai Kalyan 9405093075
    MH22116 Franchisee M/s Print Express , Pune 9405090990

    APPROVED CSC APPROVED DATE SWAP REMARKS
    12 13 14
    60150187- Shri.Lokesh Kumar Sharma JAO(CSC) 12.07.2021 17:21:38 SIM SWAP
    198105118-Mrs. Chimmalagi Rama V. OSG (CSC) 13.07.2021 16:54:27 DEFECT WITH SIM
    200402816-Smt Suvarna Jadhav, OSG, (CSC) 14.07.2021 12:44:22 DEFECT WITH SIM
    198105118-Mrs. Chimmalagi Rama V. OSG (CSC) 15.07.2021 16:09:45 DEFECT WITH SIM

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    93/100 WP-11990-23.odt

    76. From the affidavit filed by BSNL, it is, therefore, clear that

    it is the case of SIM swapping.

    SIM swapping is a technique used by criminals to obtain a

    duplicate or clone of a SIM card linked with a phone number to

    impersonate identity of line holders and gain access to their bank

    account by sending an SMS (OTP Code) used as two factors

    authentication. BSNL has stated in its affidavit that since an

    application was made for SIM replacement on the count that the

    mobile phone was lost, a new SIM is provided with the same

    number and from the affidavit of BSNL, it is evident that the SIM

    was replaced on four occasions, right from 12/07/2021 to

    15/07/2021.

    As far as the Petitioner is concerned, he admitted that

    there was some issue with his SIM card and he had approached

    the service provider on 15th i.e. on one occasion.

    The Indian Cyber Crime Coordination Centre (I4C), which

    is operated through Ministry of Home Affairs, has floated

    national cyber crime helpline 1930 (Call Immediately To Report

    Fraud and Freeze Bank Accounts) and Sanchar Saathi Portal.

    The precautionary and safety tips and advisory from the

    Coordination Centre is, ‘act on ‘no signal’….if your phone

    suddenly loses signal unexpectedly, immediately contact your

    service provider’.

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::

    94/100 WP-11990-23.odt

    SIM swapping has received attention from the Ministry

    of Home Affairs as a sophisticated form of identity theft, where

    fraudsters take over a victim’s phone number and this has

    been expressed to be a rising concern in India. The fraudsters

    collect personal details via phishing social media or previous

    data licks and they adopt procedure of impersonation. The

    fraudsters tricks the mobile operator claiming the SIM is

    lost/damaged and request for a new one and in such a scenario,

    the victim’s actual SIM loses connectivity (no network). The

    fraudsters then receive OTPs and banking alerts on the new

    SIM enabling them to drain bank accounts, often by bypassing

    two fold authentication. The net-banking frauds involve access

    to the bank account basic details and the mobile number and

    then approaching the service provider, impersonating the

    owner of the number with fake papers and a request to swap

    the SIM. After verification, the service provider deactivate the

    old SIM and the fraudsters get access to the new active mobile

    SIM, when the original one fails to operate as a result all

    financial SMS, OTP alerts as regards the transactions are

    arrived on new active card, which is in the hands of the

    fraudster.

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::

    95/100 WP-11990-23.odt

    This is precisely the methodology, which has been

    adopted here and this is evidently clear to us from the affidavit

    of BSNL, as the Petitioner has pleaded that he faced trouble in

    connectivity and even approached to his service provider and

    his SIM was replaced. That is the specific reason why the

    Petitioner did not receive any OTP on 14th or 15th when the

    beneficiaries were added or the financial limit of transaction

    was increased and the actual transaction took place on

    15/07/2021 and it is obvious that the message must have been

    received on a cloned/duplicate SIM and the Petitioner did not

    receive any message/OTP.

    In no case, we find that the Petitioner was careless or

    that he had shared the password with anyone and ultimately

    the burden is upon the bank to establish that he was careless

    or negligent, which the bank in our view, has failed to

    establish.

    77. In consonance of the circular dated 06/07/2017, since

    the Petitioner has not contributed to the fraud nor he was

    negligent and he immediately reported about his accounts

    being debited, or he receiving only one message and that too,

    after a lapse of time and with the specific stand of the BSNL,

    reflecting that there was swapping of his SIM card, according

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    96/100 WP-11990-23.odt

    to us, the Petitioner is a victim of cyber fraud. The

    transactions from his account, including addition of

    beneficiaries, increase of TPT limit and the debit of the amount

    from his two accounts through eight transactions were all

    unauthorized. Surprisingly, the Bank, despite the alert

    created, has not taken any serious steps and has adopted a

    stand simplicitor that it had discharged its obligations, once it

    sent OTPs. The Petitioner never received the OTPs nor did he

    receive any e-mail communication in respect of the

    unauthorized transactions.

    The reason now is very clear, being that his SIM card was

    cloned/swapped and, therefore, somebody else other than him,

    has received the OTP and probably, shared the OTP so as to

    authenticate the transaction. The Petitioner, however, acted

    promptly, once he realised that some amount is debited to his

    account and he reported the matter to the higher officer and

    did whatever was possible to him to do. The Petitioner is,

    therefore, entitled for the benefit of ‘zero liability’, as we do not

    conclusively say that the Bank was deficient, but it appears

    that the Bank was casual in stating that it had sent the OTP

    and put the blame on the Petitioner, of being negligent in

    sharing the password, which the Petitioner never did.

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::

    97/100 WP-11990-23.odt

    78. We also note that not a single original log of sending

    messages or e-mails and its receipt by the Petitioner is placed

    before us on behalf of the Bank and merely some excerpts

    from the Log Book of private agency are placed before us to

    urge that the Bank has sent OTPs and e-mails, which are in fact

    are never received by the Petitioner.

    It is also pertinent to note that, as per the investigation

    report of the HDFC Bank, IP location of four transactions

    adding beneficiary and the transaction modifying the TPT limit

    is Chennai and the same IP location is to be found in respect of

    the transaction on 15/07/2021 right from 3:06:57 PM IST.

    The IP of the aforesaid transaction is different from the IP of

    the genuine transaction of the Petitioner, when it was

    compared against the transaction of July 4, 2021, the IP

    location being shown as Pune.

    Therefore, the IP investigation of the Bank has clearly

    inferred that the disputed transaction IP do not match with

    the genuine transaction IP of the customer. Therefore, there is

    no merit in the stand of the Bank that somebody messed up

    with the device of the Petitoner or he shared the password as it

    not uncommon for the fraudster to mimic devised ID, but for

    all the unauthorized transactions, the IP is different than the

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    98/100 WP-11990-23.odt

    genuine IP and the IP location is different than the genuine IP

    and this is also a indicator that the Petitioner has not done the

    transaction.

    79. The internal investigation report, which has disclosed

    the reason that transaction not being alerted is very specific,

    namely, “Decline Add Payee-Blacklisted Accounts”. The report

    also state that the Bank has automated risk based on

    authentication system, where the risk score is calculated

    based on the usage pattern of the customer nature of

    transaction and other factors and high risk transaction is

    declined. But, in this case, the risk score was 691, hence it is

    not declined/alerted. The Bank has, therefore, clearly

    admitted that the transaction was not alerted and we find it

    surprising that Bank blames the Petitioner.

    In Rider 3 of the investigation report, for every

    transaction, which according to the Petitioner is unauthorized,

    there is a report of ‘not alerted’ and despite this, the Bank has

    projected its case that in every situation, the OTP was sent. It

    is also evident from the internal investigation report that since

    the HDFC Bank was aware that no alert was created and has

    also set out the reasons, why it was not alerted because the

    account was described as “Blacklisted Account” and the

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    99/100 WP-11990-23.odt

    customer could not be contacted, when the amount was

    debited, HDFC Bank itself made a request to ICICI Bank for

    reversal of the amount under the transactions.

    It is, therefore, evident that the HDFC Bank attempted to

    take necessary steps and was conscious that no alert was

    created and when beneficiary addition attempt got alerted, the

    report disclose “tried calling the customer, but unable to

    establish contact”. This is repeated in the transactions adding

    beneficiary and also when the transaction limit was enhanced.

    The alert was sounded since even according to the HDFC Bank,

    it was a super high value case and thus the officers in helm of

    affairs of the Bank immediately initiated the investigation.

    80. In no case, we put the blame of the unauthorized

    transactions on the Bank, but when the fault is neither with

    the Bank nor with the customer/Petitioner, the RBI circular

    dated 06/07/2017 and in particular, the clause fixing zero

    liability on the customer gets triggered and the Petitioner is

    entitled for its benefit.

    Though it is a contention advanced on behalf of the Bank

    that in absence of any investigation by the cyber cell or a

    conclusion being derived that a cyber fraud has been

    committed, the Bank cannot be fastened with the liability, but

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::
    100/100 WP-11990-23.odt

    we refuse to accept the said contention. The whole purpose of

    the circular/guidelines issued by the RBI is to provide a buffer

    to a customer, who is diligent, and is not responsible for

    negligence or contribute to the fraud by sharing OTP/password

    and since, the Bank has failed to establish that the Petitioner

    did so, in our view, the Petitioner is entitled for the benefit

    under the circular of RBI dted 06/07/2017 and he deserve the

    amount of which he is deprived back in his account.

    Since the Bank had denied him the benefit, despite clear

    directions from the RBI, we deem it appropriate to direct HDFC

    bank to remit the amount of Rs.38,04,000/- to the Petitioner’s

    account within a period of eight weeks alongwith interest at

    the rate of 6% p.a., as for no fault of his, the Petitioner was

    deprived of his own money.

    The HDFC Bank shall make the aforesaid remittance

    within a period of eight weeks and if it failed to do so within the

    aforesaid period, it shall carry interest at the rate of 8% p.a.

    The Writ Petition is made absolute in the aforesaid terms.

    (MANJUSHA DESHPANDE, J.) (BHARATI DANGRE, J.)

    ::: Uploaded on – 09/04/2026 ::: Downloaded on – 10/04/2026 22:06:02 :::



    Source link

    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here