Negligence In Sharing Credit Card Details, Hyderabad District Commission Dismisses Complaint Against Citi Bank For Fraudulent Transactions

Brief Facts:

The Complainant held a platinum credit card issued by Citi Bank and had been using it for eight years. On 27.06.2023, he received a notification via Google Chrome purportedly from D-Mart, offering special discounts on groceries. Upon selecting items and proceeding to payment, the Complainant filled in his credit card details and opted for Cash on Delivery (COD). Subsequently, he received notifications of two unauthorized transactions, totalling Rs. 68,598/-. Despite immediately reporting the fraud to the bank and following Cybercrime and police procedures, no satisfactory resolution was provided. The Complainant, trusting the bank's promise to investigate, paid the disputed amount to avoid interest charges. However, the bank allegedly failed to conduct a thorough investigation and instead labelled the disputed transactions as secure. Feeling aggrieved, the Complainant filed a complaint in the District Consumer Disputes Redressal Commission–I, Hyderabad, Telangana (“District Commission”) against the bank.

In response, the bank argued that upon receiving the complaint, it promptly blocked the credit card for security reasons. According to bank records, the disputed transactions were authorized using one-time passwords (OTPs) sent to the Complainant's registered mobile number which adhered to industry standards. The bank stated that it is committed to customer security, regularly educating customers about fraudulent activities and providing security guidelines. It maintained that the Complainant's negligence in safeguarding his confidential information led to the fraudulent transactions.

Observations by the District Commission:

The District Commission referred to email correspondence between the bank and the Complainant and noted that the bank initiated an investigation upon receiving the complaint about disputed transactions. Subsequent communication confirmed that the transactions were carried out securely, with the OTP sent to the Complainant's registered mobile number used for authorization.

The District Commission found no contributory negligence on the part of the bank. Thus, it held that the zero liability provision outlined in the RBI Circular dated 06.07.2017 did not apply to the Complainant. It held that the Complainant was negligent in sharing payment credentials which led to the loss. According to RBI guidelines, the customer bears the entire loss in cases of negligence until reporting the unauthorized transaction.

The District Commission noted that the Complainant admitted that he clicked on the link and provided the payment details and OTP. It held that this demonstrated negligence on the part of the Complainant. Therefore, in the absence of documentary evidence proving deficiency of service or unfair trade practices on the part of the bank, the District Commission dismissed the consumer complaint.

Case Title: Kotturi Sharath Babu vs The Branch Manager, CITI Bank

Case Number: C.C. No. 484/2023

Date of Order: 29.05.2024