The Ernakulam District Consumer Disputes Redressal Commission has ordered the cards and payment services division of a nationalised bank to refund a sum of ₹39,507 to a credit card holder and pay another ₹35,000 towards compensation. The amount was withdrawn using his card without his authorisation over and above the remaining balance.
The Commission comprising president D.B. Binu and members V. Ramachandran and Sreevidhia T.N. passed the verdict on a petition filed by Aliyar T.M. of Puthuppady in Muvattupuzha against SBI Cards and Payment Services Limited. The petitioner held a credit card with a limit of ₹1.32 lakh. On October 17, 2020, ₹39,705 was debited from his card without his authorisation though at that point his card only had a balance of ₹39,000. The petitioner claimed that he had not availed an over-the-limit transaction and hence held that the opposite party was obliged to reject it.
On the said day, the complainant had received three phone calls from three different numbers. Since one of the calls appeared to be from the bank, he shared his card number following which the amount exceeding his remaining credit limit was fraudulently withdrawn from his card. The petitioner argued that the opposite party had a responsibility to establish a secure electronic banking system to prevent any unauthorised activities causing financial loss to customers and hence it amounted to deficiency of service on their part.
The opposite party reasoned that the fraudulent transaction occurred because the complainant himself shared his card number and one-time password (OTP) and hence could not deny liability. The negligence lies solely with the complainant, and there is no deficiency in service or negligence on the part of the opposite party. Transactions exceeding the credit limit are not automatically declined but only incur additional charges. They also pointed out that customers had been informed through various channels never to share personal information, including OTP.
The opposite party also cited the Reserve Bank of India’s ‘limited liability’ circular, which stated that customers were liable for losses due to unauthorised transactions resulting from their negligence, and that the customer was responsible for the entire loss until reporting the unauthorised transaction to the bank, while the bank was responsible for any loss incurred thereafter.
However, the Commission cited a Kerala High Court order that ruled that even when the customer does not respond to SMS alerts related to a fraudulent withdrawal, the bank cannot deny the liability despite the limited liability circular of the RBI. “The RBl’s circular specifically states that customers bear no liability in cases of third-party breaches where the fault does not lie with the bank or the customer, but elsewhere in the system. The only requirement for customers, as per the circular, is to promptly report any unauthorised transactions to their bank to enable account blocking,” the Commission noted.
Incidentally, the complainant did not choose to engage in an over-the-limit transaction, which places the onus on the opposite party to decline the transaction. The bank should not have approved these transactions, as they exceeded the established limit. This underscores a flaw in the technical system of the opposite party and represents a clear violation on their part.
