Dentons Link Legal is pleased to share a significant ruling from the Delhi High Court in the case of State Bank of India v. Hare Ram Singh & Anr. (LPA 52/2025), which carries important implications for cyber fraud disputes and electronic banking liability in India.
In its judgment dated May 29, 2026, the Division Bench clarified that a customer’s mere denial of sharing an OTP does not automatically fasten liability on the bank. The Court emphasised that liability must be determined on the basis of evidence demonstrating bank-side security failure or non-compliance with RBI-mandated safeguards, and not on bare assertions alone. The ruling also provides important clarity on the operation of the RBI’s 2017 framework on limiting customer liability in unauthorised electronic banking transactions, particularly in distinguishing cases of “zero liability” from those involving customer negligence.
The team representing the Reserve Bank of India in this matter comprised Mr. Atul Sharma (Executive Chairman), Mr. Abhinav Sharma (Partner), Ayush Srivastava (Senior Associate) and Snehashish Bhattacharya (Associate). The ruling is a crucial marker for banks, regulators, fintechs, and consumers alike, reaffirming that robust evidence and compliance analysis are central to allocating loss in cyber incidents, and that “zero liability” cannot be presumed in the absence of bank side deficiencies.
The judgment is expected to meaningfully influence how courts and stakeholders approach phishing, link based frauds, and two factor authentication disputes going forward.