Noida girl fights for Rs 1.5 lakh stolen sans OTP or PIN
Noida-based Neha Chandra had a shock of her life when, on a New Year vacation to Paris, got her wallet stolen in the Metro and within 15-20 minutes, hackers stole over Rs 1.5 lakh from her debit and credit cards without any OTP or PIN.
 
The three fraudulent transactions -- two on her HDFC debit card worth Rs 52,499.99 and Rs 44,544.24 and one on HDFC credit card worth Rs 52,499.99 were done at the same merchant called ASHANTI, PARIS 10/FR, on New Year's Eve.
 
Neha, who works with a PR firm, immediately informed the HDFC customer care, got both the cards blocked, transferred the rest of the amount from the affected savings account to another joint HDFC account, and lodged an FIR in Paris.
 
"All the necessary information and paperwork required was done well within time as per the RBI guidelines (within one hour of the transaction happening, I blocked my card and within 12 hours, I sent all the paperwork to HDFC Bank)," Neha told IANS.
 
As per the Reserve Bank of India (RBI) guidelines, there is a three-day window for the affected customers to do the necessary formalities in case of a fraudulent online transaction and once done, the bank will reverse the amount stolen on credit card within 10 working days.
 
"I am yet to receive any amount from the bank despite following the RBI guidelines. I was even asked by the bank to get the FIR translated into English that will cost me Rs 8,000. Instead of reversing my stolen money, they are asking me to spend more," Neha added.
 
HDFC Bank said they are investigating the case.
 
"Prima facie, the customer's money is safe, We will intimate the customer upon the completion of the investigation," said an HDFC Bank spokesperson.
 
Neha's plight, however, is far from over after 20 days of the incident first reported to the bank.
 
She is not alone as such cases have grown in the past and since the money is lost in foreign countries where hackers have devised novel way, it is at times difficult to explain the case to the authorities back home.
 
According to Rahul Tyagi, co-founder of the cybersecurity firm Lucideus, when using debit cards issued in India abroad, one does not receive an OTP while making an online transaction up to a certain amount.
 
"All a hacker needs is the card number and CVV. For ATM transactions, there are multiple ways a hacker can get access to the user's PIN, depending on the scenario. For example, a hacker can reset the PIN, use compromised ATMs to track data or can perform a skimming attack," Tyagi told IANS.
 
Manan Shah, Founder and CEO of Mumbai-based Avalance Global Solutions, agreed: "Hackers have devised unique ways to bypass PIN and OTPs on both debit and credit cards. There are point of sale (PoS) machines in use that do not need OTP for a transaction for a certain amount and I have seen such cases growing in the near past".
 
From a user's perspective, when travelling abroad, users should request the bank to decrease the minimum transaction amount, continuously monitor the usage of their card and immediately report any anomalies to the bank.
 
"In the past, we have seen similar incidents happen and as technology continues to develop, people will have to be more aware and be trained when it comes to cybersecurity to tackle such situations better," Tyagi added.
 
However, despite alerting the bank well within time, Neha is still unable to recover her hard-earned money.
 
Disclaimer: Information, facts or opinions expressed in this news article are presented as sourced from IANS and do not reflect views of Moneylife and hence Moneylife is not responsible or liable for the same. As a source and news provider, IANS is responsible for accuracy, completeness, suitability and validity of any information in this article.
  • Like this story? Get our top stories by email.

    User

    COMMENTS

    Harinee Mosur

    1 month ago

    Never ever use a debit card for anything other than withdrawing money from ATM and always ensure you only carry the debit card with the least balance or just as much you need to withdraw.Maintain an account just with minimum balance for using debit cards and transfer to these only what you need to withdraw.

    YOGESH CHANDRASHEKHAR KATEKAR

    1 month ago

    One way to protect yourself is to memorise / write down CVVs in a safe place and to scratch those numbers off the cards.

    gcmbinty

    1 month ago

    Thanks Moneylife for such a wonderful alert to the consumers. Regret, this much of consumer education is not provided by the RBI in its Consumer Education scheme.

    Now, Add Extra Security to Your Debit and Credit Cards, Set Transaction Limits
    The Reserve Bank of India (RBI) on Wednesday asked all banks and card issuers to enhance security of card transactions and provide more options to protect debit and credit card customers from unauthorised transactions.
     
    This includes, limiting usage of debit and credit cards in India or overseas and setting up limits in terms of value, for card transactions. This will apply for transactions carried out with the physical card, or online or where contactless card is used for making a payment. 
     
    In a notification, RBI says, "For existing cards, issuers may take a decision, based on their risk perception (of the customer), whether to disable the card in card not present transactions for domestic and international transactions, card present in international transactions and contactless transaction rights.”
     
    This means, based on the customer's risk profile, the bank would make sure that the card must be physically presented for carrying out transactions in India and overseas. Also, for all transactions carried out overseas, the card issuer will make sure the card is physically present.  
     
    RBI says, “Existing cards, which have never been used for online for all physical card present or not present transactions should be mandatorily disabled for this purpose."
     
    While issuing new cards or renewing old cards, the lenders are mandated to enable it for use only at contact based points of usage like at automated teller machines (ATMs) and point of sales (PoS) devices within India. For these cards, "Issuers should provide cardholders a facility for enabling card not present for domestic and international transactions, card present for international transactions and contactless transactions," it added.
     
    RBI's decision to disable cards that have never been used for online transactions is a welcome step and would protect several poor customers as well as senior citizens from online frauds. 
     
    In addition, the central bank has asked all lenders to allow a facility to customers to switch on or off as well as set or modify transaction limits within the overall card limit, if any, set by the issuer for all types of transactions, including domestic and international, at PoS (point of sale), ATMs, online transactions and contactless transactions. 
     
    "The above facility on a 24x7 basis through multiple channels - mobile application, internet banking, ATMs, interactive voice response (IVR) and this may also be offered at branches or offices. (Lenders should provide) alerts, information and status through SMS or e-mail, as and when there is any change in status of the card," the RBI says.
  • Like this story? Get our top stories by email.

    User

    COMMENTS

    Sunil Prakash

    1 month ago

    Well it is a good move. The RBI should also make it mandatory that the consent for all these be taken in writing when the card is being issued for the first time. There after all those who are tech savvy be given the choice to modify them online as the requirement may vary from time to time.

    Ramesh Poapt

    1 month ago

    Implementation crucial.

    K C Gangadhar

    1 month ago

    This will be especially useful when we carry the card as "Just in case" needed on foreign travel and some of the other cards are left behind in India

    K C Gangadhar

    1 month ago

    A good initiative. We will have to wait to see how flexible the Card issuers are able to facilitate the suggestions.

    REPLY

    Meenal Mamdani

    In Reply to K C Gangadhar 1 month ago

    This should be fairly simple because all that is needed is a code that automatically flags the transaction when it breaches the limit and puts the transaction on hold while it sends a message to the cardholder.

    Developer’s Dilatory Tactics Fail To Impress National Consumer Forum
    It is neither unusual nor surprising to come across cases involving harassment of property buyers at the hands of unscrupulous developers. They, often, go to any length to deny customers their rights. 
     
    In a recent appeal, the National Consumer Disputes Redressal Commission (NCDRC), even in the absence of a specific prayer, upheld certain reliefs granted by the state commission to...
    Premium Content
    Monthly Digital Access

    Subscribe

    Already A Subscriber?
    Login
    Yearly Digital Access

    Subscribe

    Moneylife Magazine Subscriber or MAS member?
    Login

    Yearly Subscriber Login

    Enter the mail id that you want to use & click on Go. We will send you a link to your email for verficiation
  • We are listening!

    Solve the equation and enter in the Captcha field.
      Loading...
    Close

    To continue


    Please
    Sign Up or Sign In
    with

    Email
    Close

    To continue


    Please
    Sign Up or Sign In
    with

    Email

    BUY NOW

    online financial advisory
    Pathbreakers
    Pathbreakers 1 & Pathbreakers 2 contain deep insights, unknown facts and captivating events in the life of 51 top achievers, in their own words.
    online financia advisory
    The Scam
    24 Year Of The Scam: The Perennial Bestseller, reads like a Thriller!
    Moneylife Online Magazine
    Fiercely independent and pro-consumer information on personal finance
    financial magazines online
    Stockletters in 3 Flavours
    Outstanding research that beats mutual funds year after year
    financial magazines in india
    MAS: Complete Online Financial Advisory
    (Includes Moneylife Online Magazine)
    FREE: Your Complete Family Record Book
    Keep all the Personal and Financial Details of You & Your Family. In One Place So That`s Its Easy for Anyone to Find Anytime
    We promise not to share your email id with anyone