In the verdict in the first case filed under the Information Technology Act in the country, Tamil Nadu IT secretary and adjudicator for the state, P W C Davidar on Monday directed ICICI Bank to pay Rs 12.85 lakh (Rs 1.285 million) as compensation to an NRI customer, who complained he lost money from his account due to phishing in 2007 in Chennai.
The order came on a petition filed by Umashankar Sivasubramaniam who claimed he received an e-mail in September 2007 from ICICI, asking him to reply with his Internet banking username and password or else his account would become non-existent.
Though he replied, he found Rs 6.46 lakh (Rs 646,000) transferred from his account to that of a company, which withdrew Rs 4.6 lakh (Rs 460,000) from an ICICI branch in Mumbai and retained the balance in its account.
In his application for adjudication filed under the IT Act to the State Information Technology secretary on June 26,2008, he held the bank responsible for the loss.
Davidar in his order, directed ICICI Bank to pay Rs 12.85 lakh to Sivasubramanian, saying that the bank has been found guilty.
He said there was no way by which customers could identify an e-mail as being from respondent bank (ICICI). The bank could have obtained a digital signature from the officer responsible for communicating with customers, thereby providing a layer in authentication of such mails.
There appeared to be no effort of that nature by ICICI, he said, adding that access to the petitioner's account details "reflects very poorly on ICICI's systems and procedures in the event of a customer facing this situation."
