North Goa Consumer Commission Dismisses Complaint Against HDFC Bank in Online Fraud Case
The North Goa consumer disputes redressal commission has dismissed a complaint filed against HDFC Bank Ltd by a consumer seeking reimbursement of money lost in an online fraud. The commission, comprising two members, ruled that the bank was not liable for the financial loss incurred by the complainant.
Details of the Complaint and Commission's Observations
Kenneth D'Souza from Mapusa, Goa, filed the complaint after losing Rs 89,902 from his HDFC Bank savings account. He alleged that he received a phishing SMS purportedly from the bank, offering reward redemption. Believing the link to be genuine, D'Souza entered his netbanking credentials and one-time password (OTP), leading to the fraudulent debit.
The consumer commission, with president Bela Naik and member Auroliano de Oliveria, observed that the payment was made through a vendor and completed after the mandatory procedure of 2-factor authentication. They noted that D'Souza voluntarily entered his customer ID and password to proceed with the transaction. Additionally, the commission pointed out that D'Souza, being a former banker, ought to have knowledge of netbanking practices and security measures.
Bank's Defense and Legal Arguments
HDFC Bank argued in the consumer commission court that D'Souza transferred the money to a vendor through an aggregator. The bank contended that both the vendor and aggregator must be added as necessary parties in the matter for a comprehensive resolution. Citing a judgment from the state consumer court, HDFC Bank emphasized that in cases of alleged netbanking or credit card fraud, the beneficiary is a crucial party to advance the proceedings.
D'Souza reported the fraud to the bank within 20 minutes and also filed complaints with the cybercrime unit and RBI ombudsman, but expressed dissatisfaction with their assistance. He further alleged that HDFC Bank did not acknowledge his initial complaint, highlighting a gap in customer service response.
Dissenting Opinion from Commission Member
A third member of the consumer commission, Rejitha Rajan, dissented from the majority opinion. Rajan observed that the bank failed to provide immediate help to D'Souza, noting that non-acknowledgement of the complaint underscored a deficiency in handling critical security breaches. She pointed out that the bank neither provided a copy of internal investigations nor explained how security measures were bypassed.
Rajan's analysis indicated that the bank's documents confirmed internal doubts and failed to prove customer negligence conclusively. She concluded that this made the bank's liability absolute, holding HDFC Bank accountable for deficiency in service, contrary to the dismissal by the other members.
Broader Implications and Consumer Awareness
This case highlights the ongoing challenges in online banking security and consumer protection in India. With the rise of phishing scams and cyber fraud, consumers are urged to exercise caution when responding to unsolicited messages or links. Financial institutions, on their part, are expected to enhance security protocols and provide prompt assistance in fraud cases to maintain trust and compliance with regulatory standards.
The dismissal by the majority of the commission underscores the importance of consumer vigilance and adherence to secure banking practices, while the dissenting opinion calls attention to the responsibilities of banks in safeguarding customer interests and addressing service deficiencies promptly.
