Defrauded? Don't always blame your bank-Business Standard 02.02.2015
Avoid common mistakes pertaining to credit card transactions, online fund transfers and closing of credit cards and loans
When one loses money during a transaction, one is often quick to blame her/his bank. But most such cases relate to the use of technology in banking. While technology has undoubtedly made life easier, it could prove costly if one isn't cautious.
Sharing credit card PIN, OTP
There are several ways in which fraudsters clone credit card details. Skimming (a point-of-sale terminal or a website copying details from the magnetic strip of a card) and phishing (customers being directed to fraudulent websites that store details such as PIN and password) are common. So is vishing, or fraudsters calling customers and convincing them to divulge personal details, such as name, date of birth and expiry date on the card (details required for online transactions). Using these, fraudsters generate a one-time PIN (OTP) that is sent to the customer's mobile number. Then, the customer is convinced to disclose this, too, along with the CVV number (the three-digit number on the reverse of a card); fraudsters might say it is a verification process to redeem reward points, etc.
If the customer discloses these details, there is nothing the bank can do about the transaction.
"If your card has been compromised and the money withdrawn using a correct PIN or OTP number, for all legal purposes, that person is someone who knows the number and therefore, the customer. The possibility of the OTP, which has come only to the customer's mobile, being compromised at three or four levels is very difficult," says Anil Ramachandran, head (retail unsecured assets-credit cards and personal loans), IndusInd Bank.
However, all isn't lost. In most cases, banks help in filing a police complaint, as well as in other legal matters.
Kartik Kaushik, country business manager (consumer banking), Citibank India, says, "For certain categories of disputes, Citibank might provide provisional immediate credit to customers as a service gesture. This could be made permanent, on the basis of the facts of the case and investigation findings. The bank provides support and information to law enforcement, as appropriate."
One should never disclose one's PIN to strangers at automated teller machines (ATMs) or use a public Wi-Fi network for online transactions. Many customers, especially those in rural areas and senior citizens (who aren't tech-savvy) have been cheated by strangers swapping ATM cards and asking for PINs. "This could be a security hazard, as it could reveal sensitive account information to strangers and hackers. Such instances could compromise the security of the account without the bank being at fault," says Adhil Shetty, chief executive of BankBazaar.com.
Kaushik says, "Ensure you use an official mobile banking application by downloading it from the official website. Remember, official apps never ask for storage of personal information on the phone or sharing it with a mail ID."
Transferring funds online to a wrong account
Today, most of us use net banking to transfer funds. If you enter a wrong account number, you have to convince your bank it was an error on your part. All the bank can do is put you in touch with the unintended beneficiary. As banks check only the account number while transferring funds, not the name of the beneficiary, customers should exercise caution while entering the details.
"The bank does not take any responsibility and shall not be liable for claims for incorrect details or data keyed-in by the customer. Since the bank has already remitted the funds to the beneficiary, the transaction will be considered valid," says an official at a private bank.
That is why while transferring funds, banks ask one to key in the beneficiary details twice. As a precaution, most banks don't allow instant transfer of funds. The customer has to first add the beneficiary, which takes up to a day. As such, another level check is introduced.
"Most banks also send SMSes to customers, informing them of the beneficiary being added. If you notice any anomaly, alert your bank immediately. Don't wait till you actually make the transfer because once that is done, reversing it can be a hassle," added the official.
If you enter an account number or IFSC code that is not valid, the transaction is reversed by the second or third day. If that does not happen, contact your bank, which could help get you in touch with the beneficiary branch.
While transferring funds through the Immediate Payment Service or mobiles, customers must be careful about keying in the right mobile number, mobile money identification number, account number and the IFSC code.
Pending credit card payments
There are cases in which customers, seeking to cancel a credit card, stop using it after making the final payment. But if at that point, there are unbilled transactions not reflected in the credit card bill, the card isn't cancelled. Since the customer assumes the card is cancelled, she/he doesn't check the subsequent credit card statements.
"There could be a one- to three-day gap between a credit card transaction and it being reflected on the bill. It might happen that a customer is unaware of this and assumes she/he has repaid all dues. But the amount concerned will continue as outstanding and the customer could be declared a defaulter. This will also impact the customer's credit bureau records. Through a period of, say, five years, the amount could add up to quite a bit," says Ramachandran.
To cancel your card, send a mail to your bank and insist on a written confirmation, he adds.
Not removing hypothecation on your car loan
When you repay your home loan, your bank returns all the original documents relating to the property. Similarly, when you repay a car loan, you must ensure the hypothecation is removed from your car's registration certificate (RC) book. Until this is complete, you will not be able to sell your car. "This document shows who owns the vehicle. So, as long as it remains in the name of the bank, it could be construed the bank is the owner," said the bank official quoted earlier.
Once a car loan is repaid, ensure you get a 'no objection certificate' from the bank. After this, you have to go the regional transport office to get the hypothecation removed from the RC. Also, you have to inform your insurance company the hypothecation has been removed. If not, there could be hassles in case of an insurance claim.
Sharing credit card PIN, OTP
There are several ways in which fraudsters clone credit card details. Skimming (a point-of-sale terminal or a website copying details from the magnetic strip of a card) and phishing (customers being directed to fraudulent websites that store details such as PIN and password) are common. So is vishing, or fraudsters calling customers and convincing them to divulge personal details, such as name, date of birth and expiry date on the card (details required for online transactions). Using these, fraudsters generate a one-time PIN (OTP) that is sent to the customer's mobile number. Then, the customer is convinced to disclose this, too, along with the CVV number (the three-digit number on the reverse of a card); fraudsters might say it is a verification process to redeem reward points, etc.
If the customer discloses these details, there is nothing the bank can do about the transaction.
"If your card has been compromised and the money withdrawn using a correct PIN or OTP number, for all legal purposes, that person is someone who knows the number and therefore, the customer. The possibility of the OTP, which has come only to the customer's mobile, being compromised at three or four levels is very difficult," says Anil Ramachandran, head (retail unsecured assets-credit cards and personal loans), IndusInd Bank.
However, all isn't lost. In most cases, banks help in filing a police complaint, as well as in other legal matters.
Kartik Kaushik, country business manager (consumer banking), Citibank India, says, "For certain categories of disputes, Citibank might provide provisional immediate credit to customers as a service gesture. This could be made permanent, on the basis of the facts of the case and investigation findings. The bank provides support and information to law enforcement, as appropriate."
One should never disclose one's PIN to strangers at automated teller machines (ATMs) or use a public Wi-Fi network for online transactions. Many customers, especially those in rural areas and senior citizens (who aren't tech-savvy) have been cheated by strangers swapping ATM cards and asking for PINs. "This could be a security hazard, as it could reveal sensitive account information to strangers and hackers. Such instances could compromise the security of the account without the bank being at fault," says Adhil Shetty, chief executive of BankBazaar.com.
Kaushik says, "Ensure you use an official mobile banking application by downloading it from the official website. Remember, official apps never ask for storage of personal information on the phone or sharing it with a mail ID."
Transferring funds online to a wrong account
Today, most of us use net banking to transfer funds. If you enter a wrong account number, you have to convince your bank it was an error on your part. All the bank can do is put you in touch with the unintended beneficiary. As banks check only the account number while transferring funds, not the name of the beneficiary, customers should exercise caution while entering the details.
"The bank does not take any responsibility and shall not be liable for claims for incorrect details or data keyed-in by the customer. Since the bank has already remitted the funds to the beneficiary, the transaction will be considered valid," says an official at a private bank.
That is why while transferring funds, banks ask one to key in the beneficiary details twice. As a precaution, most banks don't allow instant transfer of funds. The customer has to first add the beneficiary, which takes up to a day. As such, another level check is introduced.
"Most banks also send SMSes to customers, informing them of the beneficiary being added. If you notice any anomaly, alert your bank immediately. Don't wait till you actually make the transfer because once that is done, reversing it can be a hassle," added the official.
If you enter an account number or IFSC code that is not valid, the transaction is reversed by the second or third day. If that does not happen, contact your bank, which could help get you in touch with the beneficiary branch.
While transferring funds through the Immediate Payment Service or mobiles, customers must be careful about keying in the right mobile number, mobile money identification number, account number and the IFSC code.
Pending credit card payments
There are cases in which customers, seeking to cancel a credit card, stop using it after making the final payment. But if at that point, there are unbilled transactions not reflected in the credit card bill, the card isn't cancelled. Since the customer assumes the card is cancelled, she/he doesn't check the subsequent credit card statements.
"There could be a one- to three-day gap between a credit card transaction and it being reflected on the bill. It might happen that a customer is unaware of this and assumes she/he has repaid all dues. But the amount concerned will continue as outstanding and the customer could be declared a defaulter. This will also impact the customer's credit bureau records. Through a period of, say, five years, the amount could add up to quite a bit," says Ramachandran.
To cancel your card, send a mail to your bank and insist on a written confirmation, he adds.
Not removing hypothecation on your car loan
When you repay your home loan, your bank returns all the original documents relating to the property. Similarly, when you repay a car loan, you must ensure the hypothecation is removed from your car's registration certificate (RC) book. Until this is complete, you will not be able to sell your car. "This document shows who owns the vehicle. So, as long as it remains in the name of the bank, it could be construed the bank is the owner," said the bank official quoted earlier.
Once a car loan is repaid, ensure you get a 'no objection certificate' from the bank. After this, you have to go the regional transport office to get the hypothecation removed from the RC. Also, you have to inform your insurance company the hypothecation has been removed. If not, there could be hassles in case of an insurance claim.
Card fraud: Retd banker loses 50,000-TOI-03.02.2015
MUMBAI: A retired banker has lost almost Rs 50,000 in unauthorized online purchases done with his debit card.Dadar resident Pheluram Ghosh (63) received an SMS last month from his bank, informing him of the transaction. When he complained to the bank, its officials told him that he must have unwittingly shared confidential card information. Ghosh denies this, saying he never even applied for the authentication system that would have enabled the transaction, which occurred on January 10.
"I am a victim of an incident similar to what TOI reported just over a week ago ('Dadar resident loses nearly Rs73,000...', January 25). The bank (ICICI) is blaming me for the fraud," Ghosh told TOI.
He complained to the bank's Prabhadevi branch and mailed a copy of it to the cyber cell of the police. He also filed an FIR at the Dadar police station.
An ICICI spokesperson said the online transaction went through a two-level authentication process: card verification value (CVV) and card expiry date in the first, and six digit 3-D secure PIN in the second. "These bits of information are known only to the customer, who is responsible for their safe-keeping. Without these, an online transaction cannot be completed. It is possible that the customer inadvertently shared the details with someone, who may have misused the information," the spokesperson said.
Gosh says there is no question of him sharing the 3-D secure PIN with anyone since he never applied for it. "The bank told me... it is not liable to compensate me. If I had applied for the PIN, I would have received an alert about the same on my mobile number, which is registered with ICICI Bank. But I got no such message. The bank so far is silent on this
Bank to pay NRI couple Rs 40 lakh over unauthorised funds transfer-DNA-03.02.2015
The state department of information technology (IT) recently ordered a public sector bank to pay Rs 40 lakh as compensationto two non-resident Indians (NRIs) who were victims of email hacking and subsequent unauthorised transfer of funds from their account.
In his order, Rajesh Aggarwal, the IT department's outgoing principal secretary and adjudicating officer, said that the complainant had been conducting transactions with the banks only through emails, "which is an insecure way of doing things. Mechanisms like alternate email, SMS alerts etc. were not used. The complainant had also not informed the bank about his defunct mobile number. Hence both the complainant and the respondent bank have to share the blame."
Complainants Chander and Romi Kalani are senior citizens and NRIs who hold a joint NRE account and fixed deposits with the State Bank of India (SBI). When Chander, who had not opted for services like transaction requests through email or phone, Internet or phone banking, visited the SBI branch at Bandra on December 13, 2013, he came to know that their fixed deposits had been fraudulently transferred to another account without his authorization. The bank had transferred funds based on emails received from his ID.
The fraudsters had initiated an email conversation with the bank from October 2013 using the complainant's ID, and under the pretext of a medical emergency, requested the bank to transfer $40,000 to a London account, which did not belong to the complainants. The bank transferred £60,000 (Rs 63 lakh).
The Kalanis said the bank had not been "diligent to cross check such fake emails with the complainants" and claimed Rs 1 crore as damages. The SBI said that apart from the email id, the complainant's phone number was also registered with them but the phone was defunct, which they had not been informed about.
The bank said that in September 2012, they got an email from his registered ID requesting to create FDs by using the amounts in his NRE saving account, which they did. In October 2013, they received a request from Kalani's registered email ID to break his FDs and transfer the funds to his offshore account in UK. "The respondent requested to forward him the Form A2 application, a procedural requirement for transfer of funds to offshore accounts. After receiving it by mail, the respondent verified the signature and after examining all documents and confirming that the signature is genuine, they remitted US $40,000 to an offshore account in the UK," said the order
The bank registered a FIR at the cyber crime police station at BKC on December 30, 2013, and coordinated with the banks in UK to stop the payments. It refunded £16,710.05, to the complainant.
Aggarwal asked the SBI to pay Rs 40 lakh to the Kalanis to partly cover their losses. "Most banks in the USA and other developed nations insure their customers against online/ATM fraud etc. beyond a liability of $50. On similar lines, in January 2014, the Banking Codes and Standard Board of India (BCSBI) unit had issued a 'Code of Bank's Commitment' wherein victims of such fraud will only be liable to pay Rs 10,000 while the bank has to make good the remaining amount. But acceptance of this code by banks is not visible," said Aggarwal.
"More proactive and consumer friendly policies are needed on behalf of banks to safeguard the interests of customers," he added.
No comments:
Post a Comment