Research On Ai-Assisted Credit Card Fraud Detection Failures And Criminal Accountability
Case 1: Abid Khan v. HDFC Bank (India, 2024)
Facts:
The complainant held a credit card with HDFC Bank. He was approached by a fraudster claiming to extend his card limit.
The fraudster obtained the OTP from the complainant and executed transactions worth approximately ₹1,10,469.93.
The bank reversed only ₹28,500, claiming the transactions were “authorised.”
Legal Issues:
Was the bank negligent in detecting and preventing fraud?
Did sharing OTP constitute authorisation by the customer?
Holding & Reasoning:
The consumer forum examined call records, OTP logs, and transaction patterns.
The court evaluated whether the bank’s systems were sufficient to detect abnormal activity.
While the bank denied negligence, the judgment clarified the burden of proof lies on the bank to demonstrate adequate fraud prevention systems.
Relevance to AI:
Even though AI is not explicitly mentioned, the case highlights institutional responsibility for transaction monitoring, which is increasingly automated using AI.
Case 2: Abdu Rashid v. SBI Cards & Payment Services Ltd (India, 2024)
Facts:
Internal bank staff misused customer information to execute fraudulent transactions.
The complainant claimed the bank’s systems were deficient and failed to prevent internal fraud.
Legal Issues:
Bank’s duty to implement robust fraud-detection and internal controls.
Holding & Reasoning:
The forum held the bank liable because the internal control systems were inadequate to prevent staff misuse.
The court emphasized the bank’s obligation to protect customers from fraud even if perpetrated by employees.
Relevance to AI:
AI-based anomaly detection could have flagged unusual internal access patterns. The case underscores the importance of automated monitoring systems in detecting internal fraud.
Case 3: State Bank of India – Delhi High Court (India, 2023)
Facts:
Fraud occurred via OTP misuse and login from unusual IP addresses.
The bank’s automated monitoring failed to detect suspicious activity in time.
Legal Issues:
Does the bank have an implied duty to act promptly upon detecting signs of fraud?
Holding & Reasoning:
The court ruled that banks have a duty to act when suspicious activity is detected.
The bank cannot absolve itself of liability simply because the transactions were “authorised” via OTP.
Relevance to AI:
AI/ML systems designed to detect anomalies in transaction patterns or logins could prevent such fraud. This case illustrates potential liability when automated monitoring systems fail.
Case 4: NatWest – Automated AML/Transaction Monitoring Weaknesses (UK, 2022)
Facts:
NatWest admitted regulatory breaches due to weaknesses in monitoring customer accounts for money laundering.
Automated systems failed to flag high-risk transactions, allowing suspicious activity to go undetected.
Legal Issues:
Whether the bank’s monitoring systems (including automated/AI-assisted tools) were adequate.
Holding & Reasoning:
The bank faced regulatory penalties for deficiencies in automated monitoring.
Although not credit-card-specific, it demonstrated legal expectations for the effectiveness of AI/automated monitoring systems.
Relevance to AI:
Highlights how inadequate automated monitoring can lead to institutional accountability.
Foreshadows potential future liability in credit-card fraud cases where AI detection fails.
Key Observations Across Cases
Institutional Responsibility: Banks are held liable for fraud if monitoring systems are inadequate, even if fraud involves OTPs or internal misuse.
Automated Systems and AI: While AI-specific failures are not explicitly litigated yet, courts treat failures of automated detection systems as grounds for liability.
Preventive Duty: There is a recognized duty to act promptly upon detecting suspicious activity.
Regulatory Oversight: Banks must validate, audit, and maintain automated/AI fraud-detection systems to avoid legal and regulatory penalties.
RELATED Blog
comments