Whatsapp
Digital Arrest Scams: Holding Banks and Telecom Companies Liable for Victim Losses Due to Negligence
Introduction
The rising wave of digital arrest scams has become a pressing concern for law enforcement and regulatory authorities across India. In a significant development aimed at combating this menace, the Ministry of Home Affairs has constituted a high-level inter-departmental committee that has recommended holding banks and telecom companies accountable for victims’ losses when such losses result from their negligence or service deficiencies. This landmark recommendation was made pursuant to directions from the Supreme Court in a suo motu case registered as “In Re: Victims of Digital Arrest Related to Forged Documents” [1]. The committee’s first meeting took place on December 29, 2024, where representatives from various ministries and regulatory bodies deliberated on enforcement gaps, victim compensation mechanisms, and necessary regulatory reforms to address the growing threat of digital arrest frauds.
Digital arrest scams represent a sophisticated form of cybercrime where fraudsters impersonate law enforcement officials, judicial authorities, or government personnel through audio and video calls. These criminals employ intimidation tactics, often displaying forged court orders and official documents, to coerce victims into transferring substantial sums of money under threats of immediate arrest or legal action. The Supreme Court’s intervention came after a harrowing case involving a 73-year-old woman from Haryana who was defrauded of over one crore rupees using fabricated Supreme Court orders bearing forged signatures of judges. The gravity of this issue is underscored by staggering statistics that reveal victims across India have collectively lost nearly three thousand crore rupees to such scams [1].
Understanding Digital Arrest Scams and Their Impact
Digital arrest scams operate through a carefully orchestrated methodology designed to exploit fear and create urgency. Perpetrators typically initiate contact through phone calls or video conferencing platforms, presenting themselves as officers from agencies such as the Central Bureau of Investigation, Enforcement Directorate, or customs departments. They fabricate allegations ranging from money laundering and drug trafficking to involvement in illegal activities, creating a sense of panic in their targets. The fraudsters then proceed to display documents that appear to be official court orders, arrest warrants, or investigation notices, complete with forged seals and signatures of judicial officers.
The psychological manipulation employed in these scams is particularly insidious. Victims are often placed in what criminals term as “digital arrest,” where they are instructed to remain on video calls for extended periods, isolated from family members and prevented from seeking external advice. This sustained psychological pressure, combined with the apparent authenticity of forged documents and the authoritative demeanor of the fraudsters, leads many victims to comply with demands for money transfers. The Supreme Court has observed that the forgery of judicial documents and misuse of the court’s authority strikes at the foundation of public trust in the judicial system and constitutes a direct assault on institutional dignity [1].
The impact of these scams extends beyond financial losses. Victims, particularly elderly citizens, suffer severe psychological trauma, erosion of trust in genuine law enforcement, and long-lasting emotional distress. The sophistication of these operations, often involving international networks operating from jurisdictions beyond easy reach of Indian law enforcement, makes detection and prosecution exceptionally challenging. Furthermore, the rapid evolution of technology has enabled fraudsters to employ increasingly convincing tools, including deepfake technology and spoofed caller identifications, making it difficult for ordinary citizens to distinguish genuine official communications from fraudulent ones.
The Supreme Court’s Suo Motu Intervention
The Supreme Court registered Suo Motu Writ Petition (Criminal) No. 3 of 2025 titled “In Re: Victims of Digital Arrest Related to Forged Documents” following a detailed complaint submitted by Shashi Sachdeva and Harish Chand Sachdeva on September 21, 2025. A bench comprising Justice Surya Kant and Justice Joymalya Bagchi took cognizance of the matter, recognizing the alarming scale and impact of digital arrest scams across the country [1]. The Court’s order emphasized that the fabrication of judicial orders bearing forged signatures of judges strikes at the very foundation of public trust in the judicial system and the rule of law.
In its proceedings, the Court issued notices to the Union Home Ministry, Central Bureau of Investigation, and all state governments and union territories, seeking details of First Information Reports registered in connection with digital arrest cases. The bench also sought assistance from the Attorney General for India, recognizing the need for coordinated legal and enforcement responses. The Supreme Court directed the Haryana Police and the Superintendent of Police, Cyber Crime, Ambala, to file status reports on investigations conducted in the specific case that prompted the suo motu action. The Court emphasized that coordinated efforts between central and state police are required to unearth the full extent of enterprises involving forgery of judicial documents and extortion of innocent citizens, particularly senior citizens [1].
Justice Surya Kant, during the hearings, characterized the situation as “alarming” and indicated that the Court would issue strong and strict directions to curb the menace. The bench called for an “all-India coordinated response” to dismantle the scam networks operating across the country. The Court also took the unusual step of directing that individuals accused in a specific digital arrest case involving a 73-year-old Advocate-on-Record should not be released from custody, restraining any grant of bail even as the statutory period for default bail approached. This exceptional measure underscores the seriousness with which the Supreme Court views these offenses and their impact on vulnerable citizens [1].
Constitution and Mandate of the MHA Committee
Following the Supreme Court’s directions, the Ministry of Home Affairs constituted a high-level inter-departmental committee under the chairmanship of the Special Secretary (Internal Security). The committee’s composition reflects a whole-of-government approach, bringing together expertise from multiple regulatory and enforcement domains. The committee includes Joint Secretary-level representatives from the Ministry of Electronics and Information Technology, Department of Telecommunications, Ministry of External Affairs, Department of Financial Services, Ministry of Law and Justice, Ministry of Consumer Affairs, and the Reserve Bank of India. Additionally, senior officers of Inspector General rank from the Central Bureau of Investigation, National Investigation Agency, and Delhi Police are members, along with officials from the Indian Cyber Crime Coordination Centre at the Joint Secretary level and above. The Chief Executive Officer of the Indian Cyber Crime Coordination Centre serves as the Member-Secretary, with the Attorney General attending meetings on a bi-weekly basis [1].
The committee’s mandate encompasses several critical areas. It is tasked with examining real-time issues faced by enforcement agencies while responding to digital arrest scams cases, including delays in information flow, jurisdictional hurdles, difficulties in tracing digital footprints, and coordination issues between banks, telecom service providers, and police agencies. The committee is also responsible for considering recommendations made by the amicus curiae appointed by the Supreme Court, studying relevant legislations, rules, circulars and identifying implementation gaps, and suggesting corrective measures and policy reforms. The comprehensive scope of the committee’s work reflects recognition that addressing digital arrest scams requires coordinated action across multiple sectors and regulatory domains [1].
Key Recommendations on Bank and Telecom Liability
During its first meeting held on December 29, 2024, the committee considered the amicus curiae’s suggestions regarding victim compensation and reached unanimous agreement on a critical principle. The committee agreed that where loss to victims is attributable to negligence, deficiency of service, or fraud on the part of banks, telecom service providers, or other regulated entities, accountability of such entities must be ensured. The committee observed that victims should not suffer due to systemic failures or regulatory non-compliance, and that victim compensation mechanisms should function without prejudice to other remedies available under existing laws [1].
This recommendation represents a significant shift in the approach to addressing cyber fraud losses. Rather than placing the entire burden of recovery on individual victims who must navigate complex legal processes, the committee has recognized that financial institutions and telecommunications companies have systemic responsibilities to maintain security measures that prevent their infrastructure from being exploited for fraudulent purposes. The principle underlying this recommendation is that entities operating in regulated sectors, particularly those handling sensitive financial and communication data, must be held to higher standards of care and diligence. When their negligence or service deficiencies create conditions that enable or facilitate fraud, they should bear responsibility for resulting losses to customers [1].
The committee directed the Reserve Bank of India, Department of Telecommunications, and Ministry of Electronics and Information Technology to review existing mechanisms for addressing such cases and suggest improvements and changes for effective implementation. This directive acknowledges that while general principles of liability can be established, specific operational frameworks need to be developed to ensure these principles translate into practical relief for victims. The focus on reviewing existing mechanisms rather than creating entirely new structures suggests an approach that builds upon current regulatory frameworks while addressing identified gaps and weaknesses [1].
Regulatory Framework for Banking Sector
The banking sector in India operates under a multi-layered regulatory framework that already contains provisions for protecting consumers and ensuring accountability. The Consumer Protection Act, 2019 recognizes banking as a service, bringing it firmly within the jurisdiction of consumer forums. The Act establishes a three-tier adjudicatory mechanism through District, State, and National Consumer Disputes Redressal Commissions, empowering consumers to seek redress for banking grievances. The Act provides for enhanced compensation amounts, product liability for deficient services, coverage of e-commerce and digital banking services, and the possibility of class action suits for similarly affected consumers [2].
The Reserve Bank of India has issued a crucial circular dated July 6, 2017, titled “Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions.” This circular establishes the framework for determining customer liability in cases of unauthorized electronic transactions. The circular provides that a customer’s entitlement to zero liability arises where the unauthorized transaction occurs due to contributory fraud, negligence, or deficiency on the part of the bank, irrespective of whether the transaction is reported by the customer. Zero liability also applies in cases of third-party breach where the deficiency lies neither with the bank nor with the customer but elsewhere in the system, provided the customer notifies the bank within three working days of receiving communication regarding the unauthorized transaction [3].
The circular mandates that upon being notified by the customer, the bank shall credit the amount involved in the unauthorized electronic transaction to the customer’s account within ten working days from the date of notification, without waiting for settlement of insurance claims. This provision, known as shadow reversal, ensures immediate relief to victims while investigations proceed. Critically, the circular places the burden of proving customer liability in cases of unauthorized electronic banking transactions on the bank itself. Banks may also exercise discretion to waive customer liability even in cases of customer negligence. The Reserve Bank has also issued advisories for using artificial intelligence-based tools to detect fraud and is finalizing Standard Operating Procedures regarding freezing of bank accounts involved in suspicious transactions [2][3].
Judicial Precedents on Banking Liability
Indian courts have established robust precedents holding banks accountable for negligence and service deficiencies. In the landmark case of Canara Bank v. Leatheroid Plastics Pvt. Ltd., the Supreme Court held that when a bank undertakes to effect insurance of hypothecated assets, it has a duty to ensure adequate coverage of the entire set of hypothecated assets. The Court ruled that any loss arising out of inaction and negligence on the part of the bank constitutes deficiency of service compensable under the Consumer Protection Act. The judgment emphasized that contractual clauses cannot absolve banks of their fundamental duty to provide adequate services to borrowers [4].
The National Consumer Disputes Redressal Commission has consistently held that banks bear responsibility for unauthorized transactions when they fail to implement adequate security measures or neglect proper verification procedures. In several cases involving fraudulent electronic transactions, the Commission has awarded compensation while noting that if an account is maintained by a bank, the bank itself is responsible for its safety and security. Any systemic failure, whether by malfeasance on the part of bank functionaries or by any other person except the account holder, is the bank’s responsibility and not the consumer’s [3].
The Delhi High Court’s ruling in a case involving vishing fraud provides important guidance on the standard of negligence in cyber fraud cases. The Court held that falling victim to malware-based cyber fraud does not constitute contributory negligence, as modern phishing techniques can compromise devices without the customer’s direct involvement. The judgment clarified that negligence under consumer protection law requires a standard of gross recklessness, and the burden of proving such negligence lies with the bank. The Court awarded zero liability protection to the victim, emphasizing that banks must implement systems to detect unusual login activities, facilitate immediate customer reporting of fraudulent transactions, and establish inter-bank fraud reporting mechanisms [5].
Information Technology Act and Adjudication Mechanism
The Information Technology Act, 2000 provides a statutory framework for addressing cyber contraventions and imposing liability on entities that fail to maintain adequate data security. Section 46 of the Act empowers the Central Government to appoint adjudicating officers not below the rank of a Director to the Government of India or an equivalent officer of a State Government for the purpose of adjudging whether any person has committed a contravention of provisions of the Act or rules made thereunder. The section states: “For the purpose of adjudging under this Chapter whether any person has committed a contravention of any of the provisions of this Act or of any rule, regulation, direction or order made thereunder which renders him liable to pay penalty or compensation, the Central Government shall, subject to the provisions of sub-section (3), appoint any officer not below the rank of a Director to the Government of India or an equivalent officer of a State Government to be an adjudicating officer for holding an inquiry in the manner prescribed by the Central Government” [6].
The adjudicating officer appointed under Section 46 exercises jurisdiction to adjudicate matters in which the claim for injury or damage does not exceed rupees five crore. For claims exceeding this amount, jurisdiction vests with competent courts. The adjudicating officer possesses powers of a civil court and all proceedings before the officer are deemed to be judicial proceedings. Section 46(5) provides that every adjudicating officer shall have the powers of a civil court conferred on the Cyber Appellate Tribunal, and all proceedings shall be deemed to be judicial proceedings within the meaning of sections 193 and 228 of the Indian Penal Code [6].
The Ministry of Electronics and Information Technology, during the committee meeting, emphasized the need for strengthening and activating the adjudication mechanism under Section 46. This recognition reflects concerns that while the statutory framework exists, its implementation has been inadequate in addressing the scale and complexity of current cyber fraud challenges. The Secretary of the Department of Information Technology of each state serves as the adjudicating officer for that state, creating potential capacity constraints given these officials’ other administrative responsibilities. The committee’s focus on strengthening this mechanism suggests possible reforms to enhance resources, streamline procedures, and improve effectiveness in providing remedies to victims [1][6].
Telecommunications Regulatory Framework
The telecommunications sector’s regulatory framework has evolved significantly with the enactment of the Telecommunications Act, 2023, which replaced the Indian Telegraph Act, 1885 and the Indian Wireless Telegraphy Act, 1933. The new Act aims to consolidate the law relating to development, expansion, and operation of telecommunication services and networks, addressing technological advancements and emerging security challenges. The Act was passed by Parliament in December 2023, received Presidential assent on December 24, 2023, and various provisions have been brought into force in phases [7].
The Department of Telecommunications informed the MHA committee that draft rules under the Telecommunications Act, 2023 have been framed and are at the stage of stakeholder consultations. Once notified, these rules would address critical concerns including negligence in issuance of SIM cards, multiple SIM issuance to a single individual, and related matters. The Act provides for biometric-based identification for issuing SIM cards and limits the number of SIM cards an individual can possess. Provisions that came into effect from June 26, 2024, restrict individuals to a maximum of nine SIM cards, with the limit being six for residents of Jammu and Kashmir and northeastern states. Violations attract penalties ranging from fifty thousand rupees for first-time breaches to two lakh rupees for repeat violations [7].
The Act prescribes stringent penalties for fraudulent acquisition of SIM cards. If a SIM card is obtained by deceiving someone and using their identification documents, the penalty can include imprisonment for three years, a fine of up to fifty lakh rupees, or both. These provisions reflect recognition that SIM cards have become critical enablers of digital arrest scams and other cybercrimes, and stronger controls are necessary to prevent their misuse. The Act also provides for measures to protect users, including requiring prior consent to receive specified messages and creation of a do-not-disturb register. Commercial messages sent without user consent can result in fines of up to two lakh rupees on telecom companies and potential service bans [7].
Coordinated Enforcement Measures
The Indian Cyber Crime Coordination Centre, operating under the Ministry of Home Affairs, plays a central role in coordinating responses to cyber fraud. The Centre has informed the committee that Standard Operating Procedures for immediate freezing and de-freezing of accounts, recovery and restoration of money to victims, are under final consideration. Additionally, the Centre is actively considering revamping of the National Cybercrime Reporting Portal and the helpline number 1930 to reduce response times and enhance effectiveness. These measures aim to create a seamless mechanism where victims can quickly report fraud, enforcement agencies can rapidly freeze suspect accounts, and recovery processes can be initiated without prolonged delays [1].
The Central Bureau of Investigation has proposed establishing a monetary threshold for digital arrest fraud cases. Cases falling above this threshold would be dealt with by the CBI, while those falling below could be handled by State and Union Territory agencies with requisite assistance from the Ministry of Home Affairs. This approach recognizes that while local police agencies are better positioned to handle smaller-value cases and those with limited geographic scope, complex cases involving large sums, multiple states, or international dimensions require centralized investigation by agencies with greater resources and specialized capabilities. The proposal seeks to balance efficient resource allocation with the need for coordinated action against organized fraud networks [1].
The Ministry of External Affairs’ inclusion in the committee reflects the transnational nature of many digital arrest scams. Fraudsters often operate from overseas locations, using Voice over Internet Protocol technology to mask their actual locations and routing calls through multiple countries to evade detection. Effective response requires international cooperation, including information sharing with foreign law enforcement agencies, coordination with telecommunications regulators in other jurisdictions, and in appropriate cases, extradition proceedings. The committee’s composition ensures that diplomatic and international legal cooperation dimensions receive adequate attention in developing comprehensive responses to these crimes [1].
Consumer Protection and Systemic Accountability
The committee’s recommendation that banks and telecom companies should be held accountable for losses attributable to their negligence or service deficiencies aligns with fundamental principles of consumer protection law. Consumer protection jurisprudence in India has consistently recognized that service providers, particularly those operating in regulated sectors, owe duties of care to their customers that extend beyond mere contractual obligations. When these entities fail to maintain adequate systems, ignore warning signs of fraudulent activity, or demonstrate laxity in implementing security measures, they contribute to conditions that enable fraud and should bear corresponding responsibility [2].
The concept of deficiency in service under the Consumer Protection Act encompasses situations where service providers fail to meet standards reasonably expected by consumers. In the context of banking services, this includes failures to implement adequate security protocols for electronic transactions, delays in responding to customer reports of unauthorized transactions, inadequate verification procedures that allow fraudulent account openings, and failure to monitor accounts for suspicious patterns of activity. Courts have held that banks cannot shield themselves behind technical contractual clauses when their negligence causes substantial financial harm to customers. The principle that victims should not suffer due to systemic failures or regulatory non-compliance represents a consumer-centric approach that prioritizes protection of individuals over institutional convenience [2][4].
For telecom service providers, deficiency in service can arise from inadequate verification procedures during SIM card issuance, failure to detect and prevent fraudulent acquisition of multiple SIM cards by individuals using fake or stolen documents, inadequate monitoring systems to identify SIM cards being used for fraudulent purposes, and delays in blocking SIM cards reported for misuse. The Telecommunications Act, 2023 and rules being developed thereunder aim to address these gaps through stricter identity verification requirements, limits on the number of SIM cards per individual, and enhanced penalties for violations. The committee’s recommendation extends this regulatory approach by introducing potential liability for losses caused when deficiencies in telecom provider systems or processes enable fraud [7].
Implementation Challenges and the Path Forward
Implementing the committee’s recommendation to hold banks and telecom companies liable for fraud losses attributable to their negligence presents several practical and legal challenges. Establishing causation between specific institutional failures and resulting fraud losses requires careful evidentiary assessment. Determining appropriate standards of care for banks and telecom providers necessitates balancing reasonable security expectations against the reality that no system can provide absolute protection against sophisticated criminal enterprises. Creating fair adjudication processes that can efficiently handle potentially large volumes of claims while ensuring thorough consideration of individual circumstances demands significant institutional capacity [1].
The committee has sought at least one month from the Supreme Court to enable further deliberations and provide inputs. This extended timeframe recognizes the complexity of issues involved and the need for careful consultation with stakeholders. The Reserve Bank of India, Department of Telecommunications, and Ministry of Electronics and Information Technology must develop detailed frameworks that translate general principles of liability into operational guidelines. These frameworks need to specify what constitutes negligence or service deficiency in different contexts, establish processes for victims to lodge claims, create mechanisms for investigating claims and determining liability, and define quantum of compensation based on factors such as the nature and extent of institutional failure and the amount of victim losses [1].
The matter is scheduled for the next hearing on January 20, 2026, when the committee is expected to present its further recommendations to the Supreme Court. The Court’s continued monitoring of this issue ensures that momentum toward meaningful reforms is maintained and that institutional responses remain focused on effectively protecting citizens from digital arrest scams. The involvement of the Attorney General and the comprehensive composition of the committee suggest that recommendations emerging from this process will carry significant weight and are likely to result in substantive regulatory and legislative changes [1].
Conclusion
The Ministry of Home Affairs committee’s recommendation to hold banks and telecom companies liable for victim losses attributable to their negligence or service deficiencies represents a watershed moment in India’s approach to combating digital arrest scams and other forms of cyber fraud. This principle recognizes that regulated entities operating critical financial and communication infrastructure have responsibilities that extend beyond narrow contractual obligations to their customers. When these entities fail to maintain adequate security measures, ignore warning signs, or demonstrate deficiencies in their systems and processes that enable or facilitate fraud, they should bear accountability for resulting losses. The recommendation aligns with established principles of consumer protection law while extending them to address the unique challenges posed by sophisticated cyber fraud.
The Supreme Court’s suo motu intervention in this matter reflects judicial recognition that digital arrest scams represent not merely individual crimes but systemic threats that undermine public confidence in law enforcement and judicial institutions. The fabrication of judicial orders and misuse of court authority strikes at the foundation of the rule of law, demanding coordinated responses that address both immediate law enforcement challenges and underlying systemic vulnerabilities. The high-level inter-departmental committee brings together expertise from multiple domains, ensuring that solutions developed are holistic and address technical, legal, regulatory, and operational dimensions of the problem. The involvement of regulatory bodies such as the Reserve Bank of India and the Department of Telecommunications, along with investigative agencies like the Central Bureau of Investigation and National Investigation Agency, creates a framework for sustained, coordinated action [1].
Moving forward, successful implementation will require translating principles into practical frameworks that provide meaningful relief to victims while creating incentives for regulated entities to strengthen their security and verification processes. Banks must enhance their fraud detection systems, improve response times when fraud is reported, and implement robust verification procedures to prevent unauthorized transactions. Telecom service providers must tighten identity verification during SIM card issuance, monitor for suspicious patterns indicating SIM card misuse, and respond promptly to reports of SIM cards being used for fraudulent purposes. Regulatory bodies must develop clear standards defining what constitutes negligence or service deficiency, create efficient processes for adjudicating liability claims, and ensure consistent application of standards across institutions [1][2][7].
The broader significance of these developments extends beyond digital arrest scams to the entire domain of cyber fraud and digital financial crimes. As India’s digital economy expands and more citizens conduct financial transactions online, the need for robust consumer protection frameworks becomes ever more critical. The principles being established through this process, holding institutions accountable for systemic failures that enable fraud, can inform approaches to other forms of cybercrime and create incentives for continuous improvement in security practices. The Supreme Court’s continued oversight and the commitment of multiple government agencies to addressing these issues provide grounds for optimism that meaningful progress will be achieved in protecting citizens from the growing threat of digital fraud.
References
[1] LiveLaw. (2026, January 15). Digital Arrests | Banks, Telecom Cos Be Held Liable If Victim’s Loss Attributable To Their Negligence: MHA Committee. https://www.livelaw.in/top-stories/supreme-court-digital-arrests-victim-compensation-inter-departmental-committee-mha-liability-of-banks-telecoms-victim-loss-negligence-fraud-519132
[2] Law Blend. (2025, May 10). Banking Services Consumer Protection in India: Rights, Legal Remedies, and Regulatory Safeguards. https://lawblend.com/articles/banking-services-consumer-protection/
[3] India Law Offices. (2024, June 19). Are Banks Liable To Refund Account Holders For Unauthorised Transactions Made By A Third Party? https://www.indialaw.in/blog/civil/banks-refund-unauthorised-transactions-third-party/
[4] Bindal Law Associates. (2020, May 23). Consumer Protection Act, 1986 – Deficiency in service – Any loss arising out of inaction and negligence of Bank. https://bindallawassociates.com/2020/05/23/consumer-protection-act-1986-deficiency-in-service-any-loss-arising-out-of-inaction-and-negligence-on-the-part-of-the-bank-such-deficiency-is-compensable-under-the-provisions-of-the-consumer-pro/
[5] MetaLegal. (2025, April 30). Cyber Fraud and Bank Liability: Delhi HC Ruling on RBI Consumer Protection. https://www.metalegal.in/post/cyber-fraud-and-bank-liability-delhi-hc-ruling-on-rbi-consumer-protection
[6] Indian Kanoon. (n.d.). Section 46 in The Information Technology Act, 2000. https://indiankanoon.org/doc/1076139/
[7] Press Information Bureau. (2024, July 5). The Telecommunications Act 2023: Ushering in a New Era of Connectivity. https://www.pib.gov.in/PressReleasePage.aspx?PRID=2031057
[8] The Law Institute. (2025, April 21). Banking Services Under Consumer Protection: A Legal Analysis. https://thelaw.institute/consumer-protection-issues/banking-services-consumer-protection-legal-analysis/
[9] Ikigai Law. (2020, July 3). Dispute resolution framework under the Information Technology Act, 2000. https://www.ikigailaw.com/article/261/dispute-resolution-framework-under-the-information-technology-act-2000
