The Legal Challenges To Internet Banking

Banking is considered to be the lifeline of the Indian economy. The present and the future of the nation depends upon the development and success of such banking. A radical change can be traced in the industry due to advancements in the information and technology sector. The sector within the passage of time has become highly competitive. The one with better digital facilities in this era has been able to survive. Beyond one’s imagination, the changes like easy loan approval, uploading of documents online, net banking, bill payments etc. can be done with a single click. IT has brought a revolution in the sector which has led to the automation of the activities.

However, with the increase in such advancements, increased legal issues and cyber-crimes. For instance, as it is done remotely, banks find it difficult to use traditional methods to detect and prevent undesirable criminal acts like money laundering. However, the Prevention of Money Laundering Act imposes a duty on the financial institutions to take care of such transactions. Similarly, cyber-squatting has shoot up, wherein one registers a famous domain name and sell it for money. This has also been left unattended by the legislators of Information Technology Act, 2000. Security risk is another challenge which forces people to opt-out of internet banking.[1]Privacy risk, i.e. the risk of disclosing personal information and vulnerability towards identity theft poses another challenge.[2]The study conducted by PwC sheds light on the two major roadblocks of internet banking, i.e. data security concerns and lack of clarity.

Sometimes, due to expansion of service bank is unaware of the jurisdiction’s local laws and rules, whether they are supposed to take a license or not or any other requisite formality. If a license is not required, then the bank lacks contact with the country and they may find it difficult to stay side by side of the regulatory changes. They might unknowingly violate customer protection laws. they by his also expose themselves to losses through law suit or increasing crimes that cannot be prosecuted due to disputes regarding jurisdiction. There has been lacuna in the functioning of banks specially in terms of jurisdiction where international transaction takes place.

The Information Technology Act, 2000 ensures penalty for denial of access to a computer system[3] under Section 43 and for hacking under Section 66. However, in such a case, the liability of banks is not clear. Section 72 of the Act provides for penalty in case of breach of privacy and confidentiality[4] and Section 79 highlights about exclusion of liability of a network service provider with various conditions when data travels through their network.[5] But it is noteworthy that the liability of the banks for privacy breach travelling through data is unclear and hence, requires examination. Another issue pertains to the ownership of transactional data that is stored in the computer systems of banks which requires deep inspection.

The banks providing online services, required proper introduction and verification. Section 131 of the Negotiable Instruments Act, 1881 provides for banks to not only to establish identity but also to inquire about reputation and integrity of the customer.[6] However, with the introduction of Information Technology Act, 2000 it relies merely on the digital signature of the prospective customer. The present legal regime fails to set the extent to which individual is bound to the electronic instructions.

Section 3(2) of the Information Technology Act, 2000 provides for use of asymmetric cryptosystem and harsh functions for authentication of electronic records.[7] The banks presently use PIN, codes, encryption etc. for authenticity. This raises a question if the methods used by the banks fall under the valid prevailing methods of authentication? The current regime provides for a little scope for banks to act on stop-payment instructions from their customers. The banks should notify the time period to the customers along with the circumstances in which any such stop-payment instruction could be accepted by them.

The Consumer Protection Act highlights the rights of the consumers in India and the same applies on the banking services. The rights and liabilities of the consumers are determined by the bilateral agreement between the bank and the prospective customer. However, it is debatable if any bilateral agreement defining the rights and liabilities of the customers which proves to be detrimental for the customer than those which are enjoyed by them under the garb of traditional system shall be legally justifiable. The Banking Companies (Period of Preservation of Records) Rules, 1985 and Section 11 of Prevention of Money Laundering Act provide for the banks to keep a track of all the records for a time period of 5 to 8 years.[8]These apply to all banking transactions and hence, there lies an assumption that it applies equally to internet banking as in the traditional system.

Section 40A (3) of the Income Tax Act, 1961, pertains to deductible expenses, the cases where the amount exceeds Rs. 20,000, then the benefit will be available only when the payment is made through crossed cheque or crossed bank draft.[9] However, the service provided by the bank through online means does not provide for this facility and hence, the primary objective of Section 40A relating to check of tax evasion by requiring payments to accounts designated gets defeated. The transfer of the amount takes place only between the identified accounts.[10]

Reserve Bank of India has from time to time issues various guidelines in order to combat such legal challenges like physical security, security issues, infrastructure for backing up data etc. Along with these, there shall be an obligation on the banks to maintain secrecy and confidentiality by recognized statutes or legislation. The Apex Bank must conduct security audits periodically. Misappropriation and fraud must be tackled even at the micro-level. More secured methods like thumbprint instead of PIN in order to protect the transactions from Automated Teller Machine.


[1]Miss Ameena Farooqui and Miss P Rajani, e-banking issues and challenges, IOSR Journal of Business and Management, 2017, Vol. 19, Issue 10, 31-39.

[2]Dr. Lekshmi Bhai. P.S, e-banking in India-Problems and Prospects, Technical Research Organization India,

[3] Section 43, Information Technology Act, 2000.

[4] Section 72, Information Technology Act, 2000.

[5] Section 79, Information Technology Act, 2000.

[6]Section 131, Negotiable Instruments Act, 1881.

[7] Section 3(2), Information Technology Act, 2000.

[8]Section 11, Prevention of Money Laundering Act.

[9]Section 40A (3), Income Tax Act, 1961.

[10]GunjanBhagtani, Janvi Pandya,Contemporary Legal Issues in Indian e-Banking System, Journal of Banking and Insurance Law, 2019, Vol. 2, Issue 1, 17–24.

This article is authored by Naina Agarwal, Second-Year, B.A. LL.B (Hons.) student at Rajiv Gandhi National University of Law, Patiala

Also Read – What is Illegal to Watch on the Internet in India?

Law Corner

Leave a Comment