Innocent Bank Customer Suffers of ATM Card Cloning Fraud
An ATM fraud involving a customer of Bank of India
has been reported from Bangalore which indicates the distinct
possibility of an ATM Card cloning syndicate being in operation in 
Bangalore.
In this reported incident, Canara Bank ATM was involved. It appears that
the banking Ombudsman has informed the customer orally that he has
received a satisfactory explanation from the Bank and may be unable to
resolve the dispute.
When the customer is still holding the Card and the
ATM Bank is unable to produce evidence in the form of CCTV that the
customer has not himself withdrawn the amount it is surprising how the
Banking Ombudsman can come to the conclusion that RBI direction has not
been violated by either Bank of India or Canara Bank. RBI needs to take
a closer look at the incident and needs to come up with a proper
explanation for the decision of the Banking Ombudsman.
In a similar incident in Gurugaon under a complaint
no BO Complaint No. 201011014004856, where money had been drawn from a
customer's account in Axis bank through ATMs in some foreign countries,
the Ombudsman had ordered that payment had to be made by the Bank which
held the customer's account. There are also other instances where
Banking Ombudsman have held Banks liable in Phishing cases also and some
of these cases are reported in the Compendium of cases reported by RBI
and it is not clear why the Banking Ombudsman in Bangalore should take a
divergent view. There is also a case of Bank of India in Bangalore
itself in the past where the Ombudsman intervened and settled a claim of
Rs 29000/- to a phishing victim. RBI needs to ensure consistency in the
decisions of their officers acting as Ombudsman.
It must be
observed that while the Complaint with the Banking Ombudsman is mainly
decided on the basis of the failure of any of the Banks in following RBI
guidelines, the customer has the option to approach the Adjudicator of
Karnataka to hold the Banks involved in the case also liable under
Section 85 of ITA 2008. If ITA 2008 is invoked in this case, both Bank
of India and Canara Bank may be held liable along with the executives of
the respective Banks.
We are forwarding
a copy of this report to both the Banks and hopefully they would
initiate some action at the earliest to redress the grievance of the
customer.
It is suspected
that some establishments such as malls have no security ethics while
swiping customer's cards for genuine purchases. It is learnt that
some of the cashiers swipe the details of the card into a skimmer and
sell the data to some card information seekers. When a complaint of this
nature is reported to the Police, it is necessary for the Police to take
up the investigation in all seriousness and ensure that bigger frauds
are prevented. I suppose the Commissioner of Police in Bangalore takes
notice of this case in which an FIR has already been filed with the
Chandapur Police Station.
There is a
possibility that Key Loggers could have been used at some ATM centers to
capture card data and hence banks need to ensure that their security has
not failed in this regard.
If this happens
to be a "ATM Card cloning" incident, then this would only be a tip of an
iceberg and several more such incidents reported or unreported would
have occurred and the Police need to take action in this regard without
further delay.
Further,
according to the ITA 2008, the Adjudicator can take suo moto action and
order an enquiry whenever a contravention of ITA 2008 is observed. In
the instant case there is an unauthorized access to an electronic system
leading to a wrongful loss to a citizen. This is sufficient for the
Adjudicator to order a suomoto enquiry. If such an action is taken it
would be the first time in the country that any Adjudicator would have
taken such a Citizen Friendly decision.
Hope Karnataka
Adjudicator would be taking cognizance of the crime and order that all
commercial establishments that use card swiping machines confirm that
they have undertaken "Reasonable Security Practices" as required under
Section 43A of ITA 2008.
Naavi.org will
bring this to the notice of the Adjudicator of Karnataka and the Police
authorities in Bangalore and follow up on action taken in due course.
Report
in Deccan Chronicle
Naavi
2nd July 2011
Comments are Welcome at naavi@vsnl.com
