This is with reference to the3 fraudulent transactions done with my Credit Card no. ending with 6336 for a total of ~INR 3 lakh on 15th April 2024. The credit card was immediately blocked. FIR was filed with Crime Branch (copy attached).
Incident:
Axis Bank executive called to update KYC. I updated KYC on Axis mobile app post which he sent a link on Whatsapp to confirm the submission. Whatsapp No: +91-[protected]. I denied multiple times but he informed that there will be a de-linking of account if link is not accessed. Hence, I accessed the link but did not give any credit card details. It asked to provide phone no. date of birth and customer ID. As I did not know customer ID, so he asked to send a msg on [protected]. The message did not elicit any response, hence I asked him to call later and disconnected the call. In the evening I started receiving messages of debit from my credit card for the above mentioned amount. No OTP or credit card details were shared by me during the entire episode. I also received a message that my registered email id has been changed - without my consent.
Transaction 1: INR 2, 02, 006 | Tx. ID - [protected] | Beneficiary - Indian Oil Corporation (IOC), Mumbai
Transaction 2: INR 98, 982.94 | Tx. ID: [protected] | Beneficiary - Indian Oil Corporation Ltd., Mumbai
Transaction 3 - INR 2, 058.97 | Tx. ID: [protected] | Beneficiary - POI funding Tx. Insurance payment Tx.
(Details as provided by Axis Bank Customer Care executive)
I have provided Axis Bank with all required details and have had made timely intimations to all relevant stakeholders of the bank.
However, a one-sided approach taken by the bank in only trying to safeguard its own interest during this difficult time, where a third party (Scamster) has defrauded me, is very painful.
I have provided all details to Axis Bank and have repeatedly informed them that the 3 transactions are fraudulent and should not be made a part of my outstanding bill. However, Axis Bank has gone ahead and generated the credit card bill for the fraudulent transactions and is asking me to pay the same.
It has been more than a month since the incident has taken place, with no satisfactory response from Axis Bank and they have responded that the matter is under process with Principal Nodal Officer.
I would like to highlight the shortcomings on the Bank's part which has led to the fraudulent transactions -:
1. Change of Email ID without proper authentication –
My email address was changed by Scamster.
An email being one of the most critical pieces of information in this digital era, was changed with no additional authentication done from your side.
Further no sufficient gap of time was provided before allowing a vital financial transaction immediately after the change of a vital digital identity and that also of such high magnitude.
The email id was changed at 19.33 hours on 15th April 2024 and transactions were allowed immediately at 19.42 hours on 15th April 2024.
There should have been an additional layer of security before authenticating and approving the change of such a vital digital identity like an email before instantaneously approving the same.
My bank account is still reflecting the email id of the scamster, in spite of my written request for reversing the same to my original id given in person on 16th April 2024 at the Axis Bank, Sector 58 branch vide Request No: 12.
Since past month, I have been running pillar to post (Home Branch & Nearest Branch) to get the email id changed but still the email reflects the id of the scamster and critical & sensitive information is going to the scamster. Even after repeated reminders, still no bank official has reached out to change my email id.
2. Approval of a Merchant without any cooling period:
IOC Petrol Pump – The Merchant Banker was blocked for the online transaction. The Scamster removed the block and without any cooling time, the transaction was allowed to go through. This did not give me any time to protect myself from being defrauded.
In the case of most banks, if we have to add an Account or an Individual for transferring the money, most banks give a cooling period of at least half an hour before the money can be transferred to the newly added Account or an Individual.
Further in most banks there is a limit of Rs 20, 000/- beyond which the money cannot be transferred before 24 hours if one is transferring money for the first time to a particular Individual or Account. There is also an additional authentication done via a phone call on the registered number in case of a new merchant/ a high value transaction.
Allowing configuration of a Merchant account without any time delay, no cap on the first transfer to a newly configured Merchant account and no additional authentication for such a large transaction has resulted in these fraudulent transactions.
3. Multiple wrong attempts to the security questions:
There were multiple wrong attempts to the security questions which again should have been flagged by the bank by giving a cooling period or disallowing the transaction to protect the interest of the Account holder.
4. Generation of OTP:
While registering my complaint and interacting with your Bank personnel, I was given to understand that the onus is on the customer since the bank has already generated an OTP.
Mere generation of OTP is no reason enough for the Bank to absolve itself from the responsibility.
It is also important that the Bank takes steps to see that the OTP reaches the account holder in a confidential manner and enough precaution is taken by the bank to ensure that the scamster doesn’t hijack the OTP to penetrate the Bank Account.
5. OTP generation in an IOC Petrol pump
There generally should not have been an OTP generation in an IOC Petrol pump - Merchant since that transaction generally happens through a PIN. However, OTPs were generated which were hijacked by Scamster to defraud me through the fraudulent transactions.
As illustrated above, there have been enough and more incidents for the Bank to realize that the account has been hacked by the Scamster and Bank should have shown immediate restrain and alerted the Bank account holder through alternate channel other than email or SMS
At all times the credit card was in my possession,
6. FIR:
Basis the RBI guidelines, I have filed an FIR (Acknowledgement No. [protected]) on the National Cyber Crime Reporting Portal within 24 hours from the date of the incident which is proof that the transaction is fraudulent, and the Bank cannot absolve itself from all the responsibility.
Further I have my strong objection to the Bank passing off this transaction as a “disputed transaction” in its communications instead of calling it “Fraudulent transaction “. By calling it “Disputed”, they are solely putting the blame on me which is not acceptable at all.
I am a loyal bank customer and have no intention to dispute any transaction and my long standing history with the Bank would prove so.
It is the scamster who has defrauded me and instead of siding with me the Bank is conveniently doing away with your responsibility.
As a citizen of this country, I take immense pride in the digitalization journey that India has undertaken.
However, security lapses like these have posed serious doubts in my mind about digitalization as a successful journey, when a leading bank like Axis is found wanting in curbing fraudulent transactions like this one.
I would like to reiterate that I have not shared any information pertaining to credit card number or OTP(s) to anyone and hence assume no liability against these transactions and thus these transactions should not be part of my outstanding.
7. Rude Behaviour of Axis Bank Phone Banking Executive & Not providing email id/ support to raise complaint -
When I reached out to Axis Bank customer care to raise a complaint that as the matter is pending with the PNO & Crime Branch, the fraudulent transaction should not be considered in my outstanding, the customer care simply denied taking my complaint, citing that there is no option for them to take such complaints. Subsequently, I requested an email id where I could put forth my matter to the concerned authorities at the bank. To my surprise, I was not given an email id and was told no email id can be provided to address the concern that I was highlighting. It was traumatizing to spend 3 hours on calls with long holds and repeatedly explaining the case to the entire hierarchy of customer care executives to just get one email id to submit my grievance. After 3 hours the call was abruptly disconnected by the Sr. Manager (Mr. Sachin) at Axis Bank without the courtesy of calling me back.
Request -
I would request the Honorable Consumer Forum to take up this matter on an urgent basis so that the fraudulent transactions do not be a part of my outstanding bill.
Was this information helpful?
Post your Comment