The Incidence
My father (a Senior Citizen) has an account with one of the largest public sector banks in his hometown. He has a Debit Card from the bank, which he uses only for cash withdrawal from ATMs and no other transactions.
On 30th October last year (2018), when he visited the branch ATM to withdraw the money, there was no money left in the account. He was expecting a balance of ₹ 76,000. The branch told him that 20 e-commerce transactions, each with value in the range of (₹ 24 to ₹ 12,999) has been done from Amazon, Flipkart, IRCTC and MobiKwik over a period of 15 days. My father told the branch that he had not done any such transactions. The branch asked him if he had shared his mobile phone with any known person who would have done those transactions. My father vehemently denied it. The branch then told my father that similar kinds of transactions had happened with other customers and the chances of getting money back is negligible. He can pursue the case but for all practical purposes, the effort is not worth it.
Dogged Perseverance, Lost Hope
Based on the bank’s input, my father while updating me about the incident, discouraged me from pursuing it. I was not comfortable letting a single penny go out of our pocket for no fault of ours.
On 31st October, I sent the first email to the Chairman of the bank (manned for higher priority issues) hoping that it will get better attention. There was a positive response. I got a reply that the local Head Office will pursue the case. We then got an email from the branch office to file a complaint in their CMS system and file an FIR. I tried to raise the complaint in the system but failed. My father was a little reluctant to file FIR as he was not sure how complicated the process will be. Since my cousin’s friend is Superintendent of Police (SP) for the region, he was able to file FIR easily. I emailed a screenshot of the failed attempt of online complaint filing and a digital copy of the FIR to the bank.
6 follow up emails from my side and then got a confirmation from the bank on 15th Nov that the bank has lodged the complaint on our behalf and the case is being pursued.
After 9 additional follow up emails with escalation, got an email on 10th Jan that the branch office had sent the SOP and documentation to the concerned authority to take it forward.
After 3 additional follow up emails, received a denial letter from the bank on 2nd Feb stating that the transactions had happened through OTP received through mobile phone and the bank is not liable for loss as the confidential information has been shared with the fraudsters.
Throwing Darts in The Dark
With no more hope from the bank, I started multiple activities in parallel.
Tried to initiate a complaint with the RBI Banking ombudsman but could not file it online as it required the father’s signature.
Initiated a complaint in CPGRAMS (Centralized Public Grievance Redress and Monitoring System).
Took Twitter handle of CEO of private vendors involved in the transaction i.e. Amazon, Flipkart (new owner Walmart) and MobiKwik for help. It did get their attention. All responded and were professional. One of them blocked the account of the fraudster but none of them did anything beyond and suggested me to come through the bank and the local police authority.
With the help of SP, initiated a case with the local Cybercrime Investigation Unit.
Light at The End of The Tunnel
Filed RTI with the bank and IRCTC. First got an RTI response from IRCTC and came to know about the fraudster registered mobile number. Next came the RTI response from the bank with details of the mobile number to which OTP was sent. Fortunately, it was not my father’s mobile number but the fraudster’s mobile number.
Appears that the local branch in parallel had figured out that the OTP was not sent to my father’s mobile number and were investigating the case vigorously. On 12th Feb, the Branch Manager brought the fraudster to my father’s house and asked him to apologize. On 13th Feb, money with interest was credited to my father’s account.
Reason for The Fraud
A contractor at the bank’s local branch was supporting their chequebook operation and had gained good confidence of all the employees at the branch. His contract was discontinued after 2 years because of the cost-cutting measures but he stayed on at the branch and nobody questioned as to why he was still showing up at the branch. They assumed that he continued to be paid by the contracting agency, which he was not. To make his ends meet, he used to bypass two levels of authentication at the local branch office to change the mobile number on the account to his mobile number at odd hours, place the e-commerce transaction and then change the mobile number on the account back to the original mobile number.
Learnings
For Banks
- More needs to be done to educate employees and implement the process at all branches in the banks in letter and spirit
- The bank should not pre-check (check by default) the e-commerce transaction option in the new debit card application as it may hurt Senior Citizens who intend to use it only for cash withdrawal. The customer should be required to select this option if he prefers so.
- Once a fraud happens, the learning from that should be implemented in all the bank branches to prevent similar incidents in future
General
- You will get a timely response from CPGRAMS
- Twitter will get you the desired attention
- RTI is very helpful. You just need to ask the right question.
- While I did not further use the services of the Cyber Crime Investigation Unit, understanding the cell is effective.
As we embrace more and more of the digital economy, it is important that we weave strong digital safety and security features in the system, set up processes around it and train people to provide a wonderful experience for all.
The writer is a SEBI Registered Adviser and Founder of FinMyn (https://finmyn.com). He provides Fee-Only Financial Planning and Investment Advisory services. If you want to know more about him, click on https://finmyn.com/about/.
Wonderful and very informative write up, Shashi. And a big salute to your persuasive approach. The common men don’t have such determination and patience, finally leave such issues as it is.
Excellent article Shashi. Getting money back is never easy with all the bureaucratic hassles and general apathy of the authorities. If it is an insider job as it is in this case it will be all the more difficult to get to the bottom. Thanks to your perseverance and determination you were able to get your father’s hard earned money back.
Nice article, It help us lot. Very good Shashi.
Banks need to create a alert system to make sure the owners acceptance is looped on online purchases but more importantly Banks need to provide fraud coverage and guarantee safe keeping of investment especially for senior citizens who are vulnerable to scams. They should also provide a insurance coverage on investment like FDIC in US.