Chandigarh: Bank told to refund Rs 96,000 debited online without OTP

The District Consumer Disputes Redressal Commission-I here has directed IndusInd Bank to refund Rs 96,000 to a consumer whose savings account was debited online in two unauthorised transactions without generating OTPs.

The commission further ordered the bank to pay the consumer Rs 15,000 as compensation for mental agony, harassment and litigation expenses.

The complainant, Amrit Kaur, a resident of Sector 32-D, here had reported that two unauthorised debits of Rs 50,000 and Rs 46,000 were made from her savings account on May 7, 2023, through Internet banking.

Advocate Gurminder Singh Phull, appearing for the complainant, asserted that no OTP (one time password) was received before these transactions were carried out.

However, the complainant received two messages on her mobile that the amount has been debited online from the account.

Despite promptly reporting the matter to the bank and the Cyber Cell, Chandigarh Police, Sector 17, no redressal was offered by the bank.

IndusInd Bank claimed the transactions were authenticated through the login and swipe pattern method, arguing that no OTP was necessary under such a process.

However, the commission found the bank’s claims to be unsupported by evidence and noted the absence of any record proving the complainant’s role in the authentication process.

The commission observed: “There is no force in the submissions of the counsel for the bank as admittedly, no OTP was ever sent to the complainant by the opposite party before the disputed transactions had taken place.” The commission also said, “Moreover, the bank has also failed to place on record any material showing that the complainant had used the login details and swipe pattern on the basis of which the disputed transactions had taken place.”

Phull cited the RBI’s guidelines on “Zero Liability of a Customer”. The commission emphasised that when a third-party breach or banking deficiency results in unauthorised transactions, particularly when promptly reported by the customer, the bank bears full responsibility.

The commission concluded that the bank’s failure to prevent the unauthorised debits and its inadequate response amounted to a deficiency in service and unfair trade practice. It has given the bank 45 days to comply, failing which interest will accrue at the rate of 12% per annum on the refund amount.