Bombay HC Orders HDFC Bank To Refund ₹38 Lakh To Pune Businessman In Cyber Fraud Case
Bombay HC Orders HDFC Bank To Refund ₹38 Lakh To Pune Businessman In Cyber Fraud Case
Mumbai, April 11, 2026: In a significant ruling on rising cyber fraud cases, the Bombay High Court has directed HDFC Bank to refund ₹38.04 lakh to a Pune-based businessman after cyber criminals siphoned off the money through a SIM-swap fraud without any fault of the account holder.
The court observed that the victim, a businessman from Pune, had no negligence in the incident and was deprived of his own funds for more than five years. The bench ordered the bank to repay the amount within eight weeks along with 6% annual interest, failing which an 8% interest rate will apply.
The order was passed by a bench of Justice Bharati Dangre and Justice Manjusha Deshpande.
How the Fraud Happened:
According to the case details, cyber criminals used SIM-swapping or SIM-cloning techniques on July 15, 2021. In such frauds, the original mobile SIM is deactivated by the attackers, allowing them to impersonate the customer and carry out unauthorized banking transactions.
The fraudsters added three unknown beneficiaries to the businessman’s account and also allegedly increased the transaction limit from ₹4 lakh to ₹40 lakh. Within a span of just 41 minutes, eight fraudulent transactions were carried out, transferring the entire amount.
Court Findings:
The court noted that no OTP alerts were received by the customer via SMS or email during the transactions. It also observed that despite security alerts such as “declined payee” and IP mismatch warnings in the bank’s system, the transactions were still processed.
The businessman, represented by senior counsel Sharang Jagtiyani and advocate Akshay Pansare, argued that he never shared his password and was not negligent in any manner. He also cited RBI guidelines stating that customers are entitled to zero liability if they are not involved in fraud and report it promptly.
Key Observations:
The court further noted that the suspicious transactions were traced to an IP address in Chennai, which was inconsistent with the customer’s regular activity. It also highlighted that the account involved had been flagged in a blacklist, indicating known risk factors.
The court held that the bank failed to adequately protect the customer despite internal security alerts and even attempted recovery of the lost funds from another bank after the fraud was detected.
