While observing that the bank failed to produce evidence to establish that the complainant had knowingly or voluntarily shared the OTP/PIN or other confidential credentials with any unauthorised person, the District Consumer Disputes Redressal Commission, Chandigarh has directed Axis Bank to refund Rs 97,000 debited fraudulently from the account of the consumer.
The Commission has also directed the bank to pay Rs 20,000 as compensation for causing harassment and mental agony, along with litigation expenses.
The Commission said that mere receipt of SMS does not by itself establish that the complainant authorised the transactions, particularly when he has consistently denied having carried out the same.
In the complaint filed before the Commission, Raja Sachdeva, a city resident, stated that he is having a savings account with Axis Bank Ltd at Sector 26, Chandigarh. He had also registered with Google Pay, a Unified Payments Interface (UPI) platform used for cashless and online transactions.
On September 9, 2023, he started receiving some unsolicited messages requiring him to authorise payment on the application, but he did not initiate the same and deleted his bank account from there.
Thereafter, on September 11, 2023, he received a message from the bank for opening a new UPI account with Google Pay, but he did not initiate the request.
However, later the same day, he received a message from the bank stating that an amount of Rs 97,000 had been debited from his bank account. He immediately called the customer care number of the bank and reported the fraud, but nothing happened.
The bank, in its reply before the Commission, denied any fault. It said that mere information given to the bank or the police does not mean that fraud had actually taken place with the complainant.
The bank argued that the transaction was a secured two-factor authentication transaction with OTP/PIN. It further stated that refund is applicable only in cases where OTP had not been shared by the complainant, and in this case OTP was allegedly shared with a third party, indicating that the complainant had himself carried out the transaction.
After hearing the arguments, the Commission held that no evidence was produced by the bank to establish that the complainant had knowingly or voluntarily shared the OTP/PIN or other confidential credentials with any unauthorised person.
No record of the alleged OTP, its delivery status, device identification, or IP logs was produced on record by the bank to substantiate its defence.
The Commission further observed that mere receipt of SMS does not by itself establish that the complainant authorised the transactions, particularly when he has consistently denied having carried out the same.
In view of this, the Commission directed the bank to reverse the entry of Rs 97,000 in the account of the complainant along with interest at 6% per annum, and also to pay Rs 20,000 as compensation for harassment caused as well as litigation expenses.
