The national consumer disputes redressal commission (NCDRC) has upheld a Kerala state consumer commission order holding Axis Bank and Vodafone Mobile Services jointly and severally liable for losses suffered by a customer due to a SIM-swap-enabled online banking fraud, dismissing appeals filed by both entities.
In its order pronounced on 4 December 2025, the NCDRC bench comprising presiding member Dr Inder Jit Singh and member Dr Justice Sudhir Kumar Jain refused to interfere with the state commission’s November 2016 ruling that directed Axis Bank and Vodafone to pay ₹11.14 lakh along with 9% interest from 31 March 2012, ₹5 lakh as compensation for mental agony, and ₹10,000 as litigation costs to the complainant, Dr Shabir Khan Ranjan Rawther.
NCDRC says, "As regards role and liability of the Bank, notwithstanding the liability of Vodafone for deficiency in service on their part, we are of the considered view that Axis Bank has not placed on record any acceptable evidence or documents to show as to what was the per transaction and/or per day limit in the accounts of the complainant. When and how were such limits set by the complainant or the bank? Had such limits been observed meticulously, the loss could have been restricted to a maximum of per transaction or per day limit, as the case may be...we hold that the Bank was at fault with respect to non-observance of the per day transaction limit. Hence, even as per the (Reserve Bank of India-RBI) circular, the Bank has to compensate the customer without demur."
Moreover, the bench pointed out the non-updating of the customer compensation policy by Axis Bank. It says, the Bank placed on record an undated customer compensation policy, which states that in cases where neither the Bank nor the customer is at fault, but the fault lies elsewhere in the system, the Bank will compensate the customer up to a limit of ₹5,000 only, which too would be paid only once in a lifetime.
The case arose from a series of unauthorised electronic transactions in March 2012 after a duplicate SIM card was fraudulently issued in Dr Rawther’s name. Dr Rawther, a Vodafone subscriber and Axis Bank customer, discovered that his mobile phone had suddenly gone dead on 30 March 2012. When he approached a Vodafone store the following day, he learnt that a duplicate SIM had been issued to an unknown person. Shortly thereafter, multiple unauthorised online banking transactions were carried out using the duplicate SIM, resulting in funds totalling ₹11.14 lakh being siphoned off from two of his Axis Bank accounts.
Dr Rawther promptly reported the matter, leading to the blocking of his accounts and the registration of a first information report (FIR). A criminal investigation followed, resulting in the arrest of several accused persons. Parallelly, he approached the Kerala state consumer commission, alleging deficiency in service by the Bank as well as the telecom operator.
The state commission found that Dr Rawther was an innocent victim of fraud and had neither shared his credentials nor contributed to the loss. It concluded that Vodafone had issued a duplicate SIM in a casual manner without proper verification of identity, despite the original SIM remaining active at the time. The commission also found fault with Axis Bank for allowing online transactions to exceed permissible daily limits and for failing to demonstrate that adequate safeguards were in place to prevent such losses.
Challenging the order, Axis Bank argued before NCDRC that there was no deficiency in service on its part, that the fraud was committed using valid credentials after two-factor authentication and that the loss had occurred before the Bank could take remedial action. Vodafone, for its part, contended that the dispute involved criminal acts beyond the scope of consumer jurisdiction and that due verification had been carried out before issuing the replacement SIM.
After examining the evidence and rival submissions, NCDRC rejected both appeals. The commission held that Vodafone had clearly failed in its duty of care by issuing a duplicate SIM without adequate verification, noting that the SIM replacement form was incomplete, lacked a photograph and bore signatures that did not match Dr Rawther’s admitted signatures. The bench observed that a simple verification check, including confirming whether the original SIM was still active, could have prevented the fraud.
On the Bank’s liability, NCDRC held that Axis Bank had failed to place convincing evidence on record to establish what the applicable per-day or per-transaction limits were at the time of the fraud. The commission further relied on RBI guidelines on unauthorised electronic banking transactions, which require banks to compensate customers without demur where deficiencies in bank systems or controls contribute to the loss.
While acknowledging that the fraudsters ultimately carried out the unauthorised transactions, NCDRC agreed with the state commission that consumer protection law places a higher duty of care on service-providers entrusted with customers’ money and personal data. It held that both, the bank and the telecom operator, were deficient in service and that joint and several liability was justified in the facts of the case.
Finding the state commission’s order to be well-reasoned and supported by evidence, NCDRC dismissed both appeals filed by Axis Bank and Vodafone Mobile Services, thereby confirming the compensation awarded to Dr Rawther.
(First Appeal Nos573 & 1950 of 2017 Date: 4 December 2012)
