Hindu
Business Line: THIRUVANANTHPAURAM: Friday, 05 December 2014.
Banks have
been told to be more responsive to customers’ requests for enlightenment on
cases of Net frauds they report.
The Central
Information Commission (CIC) has issued a relevant order while dealing with an
RTI plea on hacking of a trader’s bank account in Kolhapur, Maharashtra.
Cyber
security
The issue of
cyber security brought up by the appellant cannot be underestimated, the order
said.
It is
desirable that at the end of the investigations, the banks concerned make
public a list of their findings, listing precautions they have taken and those
they would like customers to follow.
The case
involved the bank account of R Unnithan, which was hacked and ₹9.65 lakh
withdrawn in 24 transactions across the country between April 12 and 13, 2012.
The order is
significant as bankers are prompt to wash their hands off saying they cannot be
held responsible as most cases happen ‘due to customer’s negligence’.
Their stock
defence is that they periodically alert customers to be cautious in their
dealings on the Internet to prevent stealing of personal data, such as
password, by unscrupulous third parties. (It is another case that the Central
Vigilance Commission was constrained to warn banks against being lax with
respect to ensuring secrecy of employee passwords.)
Complicated
case
In Unnithan’s
case, even the Maharashtra State Ombudsman refused to intervene saying it was
not an investigative forum and the issue was “complicated in nature requiring
consideration of elaborate oral and documentary evidences.”
It,
therefore, fell on S Dheenadhayalan, an RTI activist, to pursue the matter with
the CIC, leading to the order being issued.
Dheenadayalan
had to exhaust intermediate appellate mechanisms and undergo outright
rejections before he could achieve some closure to the case.
Refused
information
IDBI Bank,
the respondent bank, had refused information on the fraud on Unnithan’s Net
banking account by taking cover under Section 8 of the RTI Act.
Its case was
that such information is held in fiduciary relationship with the customer and
was as such exempt from disclosure under Section 8(1)(e) of the Act.
This section
precludes a bank from disclosing information concerning a third-party account
even if an appellant has chosen to represent the holder of the account.
But
Dheenadayalan argued that placing of records in the public domain would not
only serve as a confidence-building measure but also act as a deterrent on
future frauds.
The exemption
that the respondent bank enjoyed found favour with both the First Appellate
Authority and the Second Appellate Authority.
But the final
order in the form of a general advice to banks seemed to override the exemption
granted by the Act, said Dheenadhayalan.
.JPG)
.JPG)
