Will Axis Bank Explain?

Naavi.org recently was informed of a bizarre instance involving Axis bank and ATM transactions. This incident is a matter of serious concern to all Axis Bank customers and hence we would like to bring this to the notice of all including Reserve Bank of India.

I am reproducing verbatim a comment posted by one Mr Sharad Updhyay about his experience in an ATM in Gurgaon for one of our earlier articles titled “Axis Bank ATM license should be cancelled by RBI

“Recently I tried withdrawing Rs. 2000 using my IDBI Debit card from an AXIS BANK ATM based at Sahara Mall, Gurgaon. The ATM asked me if I want a receipt for the transaction. I opted yes, the transaction was automatically aborted. Wondering what happened to the ATM, I tried again and again (with option “Yes” for transaction receipt) – a total of 5 times, but encountered the same problem everytime.

Meanwhile I noticed that another person who opted “No” for printed receipt was able to withdraw money from the same machine. I followed him – went ahead for withdrawal without transaction receipt, and this time machine dispensed the desired amount i.e. Rs. 2000.

Next day I noticed that my IDBI account was debited twice: first for a sum of Rs. 10000, and once again for Rs. 2000 (which I actually withdrew there). I was wondering what made the ATM cause a debit of Rs. 10000 in a single go – while I never entered this amount at ATM console.

I raised an official complaint with my bank (IDBI), and they escalated the case on my behalf with Axis Bank, however, Axis Bank rejected my claim – stating that their ATM balancing reports, switch files, and other transaction logs show that Rs. 10000 transaction was carried out successfully, and they do not owe me anything.

At this stage my bank i.e. IDBI has been helpless, and I’m just wondering whom to report this fraudster in order to get my money back. It appears that something fishy is going on there in Axis Bank ATMs with help of CMS (the agency which replenishes cash in ATMs) and the Axis Bank staff itself. How is it possible that there was no surplus sum recovered from ATM for my failed transactions, and how is it possible that an ATM automatically converts 5 subsequent transactions of Rs. 2000 each in to a single transaction of Rs. 10000?

Please let me know what can be done in this case, and how can I get my money back. Also, isn’t there any authority to punish the bank owning such malicious ATMs and ripping off the customers like this?”

First comment I would like to make on this incident is that there is apparent fraudulent mis-management by Axis Bank. It is clear that the ATM has been deliberately tweaked to ensure that fraudulent transactions donot come to the notice of the customer when he is withdrawing the amount.

The responsibility for this fraud lies squarely on the management of Axis Bank all the way up to the Chair person.

The reported incident is a report of possible hacking of a critical computer resource belonging to the Banking system. It represents a cognizable offence under ITA 2008. Mumbai police who closely monitor even facebook “likes”  and go the extent of arresting persons, must be considered as being aware of the occurrence of this crime. They should therefore take suomotu action and register a Cyber  Crime under Section 66 of ITA 2008 making unknown Axis Bank employees as suspects. It should also investigate “Negligence” from Axis bank ATM division and the Chair person for not taking adequate information security measures to protect the ATM transactions.

The Reserve Bank of India at the same time initiate its own investigation and take penal action against the officials of the Bank.

Now coming back to the customer and what he can do.

1. Normally  money fraudulently debited to the account should have been reversed immediately on filing of a complaint with the Bank.

2. IDBI Bank cannot absolve itself of its responsibility since they have used Axis Bank as it’s agent and hence they are responsible for their client’s loss.

3. Customer need not go to the Banking Ombudsman since that is a sham run by RBI and most Ombudsman are biased in favour of the banks and simply reject the claim with a further proviso that you cannot appeal to RBI.

RBI is aware that the scheme is a sham and yet has not shown any interest in correcting the same. This is not a reflection on the Banking Ombudsman in Mumbai but a general reflection on the scheme and how it is run.

 If possible I advise the customer to personally meet Mr Raghuraman Rajan, the Governor of RBI and check why he is not considering himself responsible for running a secure banking system.

 4.The customer is fortunate to be in Mumbai where the IT Secretary is one Mr Rajesh Aggarwal. He is also the “Adjudicator” under ITA 2008. For any financial loss arising due to contravention of any of the provisions of ITA 2008, in Mumbai, he is the sole authority having judicial powers to conduct an enquiry and award a compensation.

I advise the customer to make an adjudication complaint to him immediately. If he remains in office for some more time, he will definitely give him justice.

However, since Maharashtra is likely to have a change of Government soon and it is customary to shuffle secretaries if a new Government comes, it is possible that this great officer who is upholding justice under ITA 2008 like no other IT Secretary in India may be shifted out.  Hence the customer should at least get his complaint registered before any such change occurs.

5. It would also be better if a complaint is filed with the commissioner of Police, Mumbai against the officials of IDBI Bank and Axis Bank  for running a fraudulent ATM system and causing loss to you. The customer should not fall into the trap of filing the complaint against the unknown fraudster who might have drawn the money. That person will never be traced since IDBI bank is unlikely to have maintained the CCTV footage or other evidence that may be required for this purpose. Police and Banks will try to hold that only that unknown person is responsible and no body in the Bank is responsible. This is a way of driving the complaint to a dead end. For the customer it is always a transaction with the Bank and hence should hold the Bank alone responsible.

The Police complaint should also mention that RBI has been negligent in enforcing ATM security and is also responsible for pushing customers to such frauds.

If necessary, the customer may take the assistance of a Consumer activist to pursue the complaint.

It may appear that  the money lost may not be substantial and hence may not be worthy of the trouble of complaining. It is this attitude of most of us that emboldens criminals to resort to this type of small ticket frauds which we refer to as “Salami” attacks. It is our duty to bring this to public knowledge and wake up regulators like RBI to remind them of their responsibilities.

In the meantime, I demand that Axis Bank makes an official statement about this incident.

Naavi

Share Button
Print Friendly

Technology used to strangle Bank Customers

Reserve Bank of India is slowly losing focus on customer service aspects of Banking service. Acceding to a request from the Indian Bank’s association, RBI has imposed an ATM transaction limits of 3 withdrawals per month after which the customer would be charged Rs 20 per transaction. (Refer report)

Many of the Banks have already imposed a limit for direct withdrawals at the Bank counters and are charging fees for withdrawing cash at the counters. With the current notification customers are made to pay whether they withdraw cash at the counters or at the ATM. It appears that RBI wants customers to move back into the cash economy and withdraw all their monthly requirements in one go.

When technology was introduced in Banking, customers were promised of better services at lower costs. However over the years Banking transaction costs have only been on the increase and at a pace higher than the inflation. I would be happy if IBA releases data of “Weighted Average Banking Transactions Cost” in India and check how it has been increasing year after year say from 1980 when technology at higher levels was brought in to the system.

While the Government will start subsidizing the costs to select sections of privileged sectors for political reasons, other ordinary “Neglected Class of Bank Customers” will end up paying more than proportionate costs for the Banking services they may avail or even not avail.

Will the RBI Governor Mr Raghuraman Rajan respond?

Naavi

Share Button
Print Friendly

RBI limits Customer’s Loss on Phishing

In an excellent but long awaited move, RBI has directed Banks that the liability of customers on “Phishing” loss should be limited to Rs 10000/-

See Report

The new Banking Service code of ( Banking Codes and Standard Board of India -BCSBI)  says that for any unauthorised internet banking transactions, the customer’s liability is limited to Rs 10000, irrespective of the funds moved out of the account. An unauthorised transaction is one that doesn’t have the express and implied approval of the account holder.

According to the code, “If a third party manages to get hold of the user ID or password in an unauthorised manner and any debit takes place and which he notifies the bank, the maximum loss will be Rs 10,000.”  Also, the code says that customers will not be liable for any losss due to unauthorised fund transfers taking before they receive the password for internet banking transactions.

Further, the onus will be on the banks to establish that customers have compromised the secrecy of their password.

In some instances, the liability could be lower than Rs 10,000. The new code says that in the event of any unauthorised transactions, this would be the lower of the following options: the actual loss at the time of notifying the bank; the limit set for such transactions; the balance available for withdrawal; a maximum of Rs 10,000.

For instance, if a customer has a balance of Rs 5,000 but the fraudster transfers Rs 25,000 by taking a temporary overdraft, the loss would be limited to the minimum balance of Rs 5,000 in the account.

It may be recalled that many such cases of frauds have been reported earlier at Naavi.org. The undersigned has been relentlessly following legal action against many Banks in this regard. Damodaran Committee report had also spoken about such cases.

The current guidelines come as a great relief to the Bank’s customers.

Naavi.org congratulates RBI for taking these steps.

Naavi

Share Button
Print Friendly

New Security Risk..data stolen through mobiles just with electromagnetic waves

A new Cyber Threat that is far ahead of the Stuxnet threat has been reported by security researchers.

Ref: here

This threat works through a mobile phone which is near a computer. The electro magnetic waves emanated by the phone and the computer during their regular operations establish a contact with which a malware is first introduced into the computer and then the computer transmits the data through FM frequency to the mobile and later sent through the mobile network to the hacker.

This means that no mobile phones can be allowed near a sensitive computer if this threat need to be eliminated.

 

Naavi

Share Button
Print Friendly

No bank has proper Information Security Guidelines

An RTI query filed by Nagpur based NGO Cyber Awareness Organization (CAO) recently revealed that none of the banks in the country had drafted information security guidelines which are mandatory as per RBI’s guideline on electronic banking. 

Speaking to the press during his visit to Nagpur recently, Naavi said “When RBI started allowing internet banking way back in 2001, it clearly laid the responsibility of data security and educating customers about the dos and don’ts on the banks. It was also advised that all banks offering the service take cyber crime insurance. None of that has happened even today”

Details here

Share Button
Print Friendly

Does Nachiket Mor Committee report impress to deceive?

One of the first initiatives that the new RBI Governor Mr Raghuram Rajan took after assuming office a few months back was the formation of the Nachiket Mor committee on “Comprehensive Financial Services for Small Businesses and Low Income Households”.

Now the committee which was set up only in September 2013 has submitted its report at the same speed with which Raghuram Rajan displayed on the licensing of new banks. RBI released a copy of the report on january 7th for public comments. The Comments may be emailed or sent by post to the Principal Chief General Manager, Rural Planning and Credit Department, Reserve Bank of India, Central Office, 10th floor, Shahid Bhagat Singh Marg, Mumbai 400 001 on or before January 24, 2014.

The committee has made several radical recommendations and while laying down its vision statement for financial inclusion and deepening, has suggested providing a universal bank account to all Indians above the age of eighteen years and has recommended a Vertically Differentiated Banking System with Payments Banks for Deposits & Payments and Wholesale Banks for credit outreach with relaxed entry point norms of ` 50 crore.

On priority sector, the Committee has recommended Adjusted Priority Sector Lending Target of 50 per cent against the current requirement of 40 per cent with sectoral and regional weightages based on the level of difficulty in lending. The Committee has also recommended risks and liquidity transfers through markets.

The Committee has advocated regulatory convergence between banks and NBFCs based on the principle of neutrality with regard to classification of non-performing assets and the Securitisation and Reconstruction of Financial Assets and Enforcement of Security Interest (SARFAESI) Act, 2002 eligibility.

The Committee has suggested that a State Finance Regulatory Commission (SFRC) be created into which all the existing State Government-level regulators could be merged and functions like the regulation of Non-Government Organisations-Micro Finance Institutions and local Money Services Business could be added on.

The Committee has desired that the Reserve Bank should issue regulations on suitability, applicable specifically for individuals and small businesses, to all regulated entities within its purview so that the violation of such regulations would result in penal action for the institution as contemplated under the relevant statutes through a variety of measures, including fines, cease-and-desist orders, and modification and cancellation of licences.

The recommendations are radical and will have significant impact on the Banking and Financial sector in India and will also significantly affect the stock markets. It will also affect the proposed new Banking licensee aspirants.

In view of the nature of some of the recommendations that may also affect security of public money, it is essential for experts in the field to study the report and submit their comments to RBI in time.

Mr M.S.Sriram, a former professor of IIM Ahmedabad opines has published an interesting article titled “Why the Nachiket Mor committee report on financial inclusion disappoints” in livemint.com which makes a good reading to begin your exploration of the report.

Naavi

Copy of the report is available here.: 

Additional comments of two of the members can be found here:

aap_subsidies

Share Button
Print Friendly