In an unprecedented and stunning case of e-transaction fraud, a State Bank of India (SBI) account holder lost money amounting to around Rs 50,000 in multiple transactions. Jayakrishnan S, an advocate practising in the Kerala High Court, owns an account at the Kaloor branch of SBI.
The complainer received a message from the bank’s SMS alert system indicating his balance from which he came to know that a huge amount of money had been lost from the account without his knowledge. Jayakrishnan blocked the debit card immediately and filed a formal complaint with the bank on Monday morning. A police complaint has also been lodged on the same day against the fraudulent transactions believed to have taken place on Friday and Saturday last week.
“On Friday night, I received some messages on my mobile in Hindi from some unknown site. It was not mentioned that a particular amount have been deducted from my account. On Saturday night I received an SMS alert from SBI showing my balance and when I crosschecked it was noted that Rs.49,909 has been deducted from the account through multiple transactions (around 800 transactions). It was also noticed that in each of these transactions, an amount of Rs 64.95 was deducted,” Jayakrishnan said.
Jayakrishnan contacted the bank’s IT department on Monday to get information about the site from which he received the message. He was informed that it was from a Chinese website. “I have no idea on what occasion my account details were exposed. I am not a tech-savvy kind of person. I use internet for specific purposes and till date have not activated net banking facility. There is very rare chance for the disclosure of the account details from my side,” he said.
“The bank officials said that I had availed of a Google service and this particular Chinese site deducts money for that service. They asked me to send a mail to the service providers to refund the money. This is a clear case of security breach. Even if it had happened because I availed service, I should have been properly intimated by the bank that this much amount of money has been deducted from my account at the moment of transaction. I am pretty sure that I have not availed of any such service from any Google service providers and I have no idea about the Chinese site they mention. Anyway I have plans to contact the cyber cell to get the details about my recent internet searches,” Jayakrishnan said.
The bank has however accepted Jayakrishnan’s complaint and has asked for a 45-day period to process the complaint. When contacted, SBI Kaloor branch manager refused to comment on the issue.
Dileep U M, an employee at SBI, said there was very rare chance for such a massive security breach from the part of the bank. “The bank’s online security system have no options to detect whether the transactions take place with a real party or fake. But we also make it sure that in no way we expose the customers’ account details to other parties without their knowledge. We continuously educate the public on cyber security through advertisements and workshops. It is everybody’s duty to make sure that the internet sites one visits are secure,” he said.
Meanwhile, Paul Augustine, a builder based in Kochi pointed out that some of his friends had felt difficulties in the recent times with the bank’s ATM facilities. “There were cases when money was deducted even when the ATM had no money in it,” he said.
RBI’s guidelines to banks regarding fraudulent money transactions
In a recent circular issued last week, the Central bank had directed banks to strengthen their electronic transaction system with improved security measures. The RBI observed that there was a clear increase in the number of erroneous debits through unauthorised transactions in the recent past which has caused the customers’ dissatisfaction with the banks’ online transaction systems.
The banks have been asked to immediately find a solution to this issue and customers have been exempted from the liability if they have reported the third-party fraud transaction incident within three days of its occurrence. If the victim reports the incident between four and seven days, the bank can charge up to Rs 5,000 from the customer. If the fraudster is an employee of the particular bank, the RBI directs the banks to exempt the customer from any sort of liability irrespective of the time at which the transaction fraud is notified.
A detailed note on “Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions” from the Reserve Bank of India can be read here.