The state department of information technology has ordered the State Bank of India (SBI) to pay Rs.40 lakhs as compensation to NRIs Chander and Romi Kalani who were victims of email hacking and a subsequent unauthorised transfer of funds from their account. The complainants are senior citizens who hold a joint NRI account and fixed deposits with SBI, and when Chander visited the SBI branch in Bandra in 2013, he realised their fixed deposits had been fraudulently transferred to another account without his authorisation. The bank had transferred the funds based on emails received from his ID. It was discovered that the fraudsters had initiated an email conversation with the bank using the complainant's ID and under the pretext of a medical emergency requested the bank to transfer 40,000 pounds to a London account that did not belong to the complainants. The bank transferred 60,000 pounds (Rs. 63 lakhs). When the crime was discovered the bank registered an FIR at the cyber crime police station and coordinated with the banks in UK to stop the payments. It then refunded 16,710.05 to the complainant. In the IT department's order Rajesh Aggarwal the principal secretary and adjudicating officer said the complainant had conducted transactions with the banks only through emails "which is an insecure way of doing things, and SMS alerts and other mechanisms were not used. The complainant also did not inform the bank about his defunct mobile number, and therefore, both the complainant and the respondent bank have to share the blame. However more proactive and consumer friendly policies are needed for banks to safeguard their customers' interests".