On 20 November 2019, I got an SMS of the unauthorised transaction by deducting USD 328.27 from my Standard Chartered Credit Card. But before that, I neither got an OTP on my mobile phone nor in my email id. I reported the same to the bank, and then the bank blocked my credit card and started investigation for this unauthorised electronic transaction. Bank comes out with the finding that said the transaction was secured and verified by the customer.
But I didn’t receive any “OTP” on my mobile or email. I also registered the same in cybercrime.gov.in. I need to know how the transaction happens via a 3D secured website without asking OTP from me. What to do next so that I don’t have to pay the bill for unauthorised transactions also I found the person who made the transaction also I want to know how did this incident happen so that I can make sure that this not happens to me again.
It is the prime liability of the bank to maintain a robust security system to protect its customers from any fraud. Fraud may be committed by the fault of bank, customer or a third party. Where fraudulent transaction takes place due to system failure or any technical lapses, it is called third-party fraud. In case of third-party fraud, the bank and customer have no role in the commencement of such fraud.
Following mistakes are the examples of third-party fraud:
- Sending OTP on the wrong mobile number,
- Authorisation of the transaction without permission of customer or
- Approve the transaction without explicit instruction of the customer
A customer is entitled to the zero liability where an unauthorised transaction occurs in the following events:
- Contributory fraud of the bank
- Negligence of the bank
- Deficiency of service of the bank
- Third-party breach/fraud
- System failure
In your case, the bank did not send you the message or/and email towards the fraudulent transaction. It is contributory fraud and negligence of the bank because the bank must send alerts to the customers for every online transaction and receive their response. The bank committed negligence by not addressing the warning to the customer before authorising the transaction.
Customer will entitle to zero liability if he notifies the bank within three working days of receiving the information about the unauthorised transaction. If you have informed the bank that an authorised transaction made from your credit card, then you will not pay a single penny to the bank. According to the data of RBI, banks had reported 6,801 cases of fraud involving ₹71,543 crore in this FY.
The bank mandatorily takes all the records of SMS as well as email alerts. It has to produce that logs to the customer for its satisfaction. Merely saying that the said transaction was successfully approved after validation of OTP and credit card credential is not enough.
RBI circular: zero & limited liability of customer
The Reserve Bank of India has issued circular on 6 July 2017 for customer protection and limited liability of customer on the unauthorised transaction. According to that circular, a customer is not liable to bear any loss if the unauthorised transaction took place due to negligence of the bank.
You can file a case before the consumer forum because it is lack of deficiency on the part of the bank. The bank did not follow the standard of protection required in respect of the online transaction. Sending alerts to the customer is a mandatory duty of the bank, and any such failure shall liable the bank to bear the loss.
The bank cannot transfer its liability to the customer in case of its contributory negligence. When the mistake occurred on the part of the bank, then it shall bear the loss. It is good that you have filed a case on the cybercrime portal.