Credit card /aadhar fraud
A story that I picked off Facebook…keeping the name as Xyz. does not matter. See how getting support from the BANK IS ALMOST IMPOSSIBLE…if you are layman….read on…
Here is a story that will surprise you or rather shock you. If you think you are safe from online fraud and Aadhar faking just because you use your credit and debit cards responsibly and keep your Aadhar safe, then you are mistaken. This is what happened to me on Jan 3rd 2018.
I got the notification of a transaction on my IndusInd debit card at 9:50 p.m– one that I had not authorised. No OTP was raised either. I only received notice by email and sms that my account was debited. I immediately called the call centre and had my debit card cancelled and my account frozen but while I was on hold, a second transaction went through. I was told by the call centre executive that I had to go to the nearest police station, file a complaint and drop a copy to the bank.
The next morning, I sent a message on the merchant website (which I got from the transaction alert) asking to please cancel the fraudulent transaction if possible or help me out as I was not the one who made the order. We then approached the police station and were directed to the cyber crime police station in central Bangalore. Meanwhile we also went to the bank which was not at all helpful. The call centre executive had more knowledge than the bank employee. The bank took no responsibility for an authorisation on a customer’s debit card without OTP clearance.
Shortly after that to my pleasant surprise (I was completely frustrated by that time) the merchant site refunded the amount that had been debited. The site owner wrote me personally giving me all the details of the fraudster. I took this to the cyber crime police and filed a complaint. I also dropped off a copy to the bank. Later that night the site owner also sent me the pictures of the Aadhar card and debit card he used to prove his authenticity. All of it was faked of course. I mailed that as well to the SI in charge.
Upon further investigation the next day, my husband and I found out that the QR code on the fake Aadhar was real and belonged to a Mr Ankit. The Aadhar number was invalid. The shipping address had a contact number which we traced to Mr Janak Patel (76007 66394) in Gandhinagar. The email id dngandhinagar@gmail.com given to us by the merchant site belonged to a Darshan Patel (9427385660) whom we believe is the fraudster himself. My address and phone number are known to him somehow as is my debit card details. I have no idea how he got that information since this card is used by me on only two sites – amazon and bookmyshow primarily and never in any physical transaction (I shop only with credit cards).
To date I have received neither an apology nor an explanation from the bank. I have also not received an update from the cyber crime police despite giving them all the information they needed to determine the fraudster’s identity but of course that will take time. I have the deepest gratitude to the person in France who helped me and refunded my money.
The scary part here is the fact that someone can wipe out your entire account while you are sleeping and there is no safeguard that the bank offers you. Your Aadhar card can be faked and used as proof for some online transaction. If this can happen to me, a conscientious user who does not click on random links, who has not even once shared her debit card info with anyone other than the two sites mentioned, who uses it for ATM transactions very rarely – then it can happen to you. It can happen right now. And even knowing who did it doesn’t mean that you will get justice. What can an ordinary Indian citizen do? Please spread the world all of you who read this and please share – also tag any individual or organization you think can spread awareness and please be careful!
I DO NOT HAVE THE ANSWERS…..BUT ALL OF YOU MUST ASK YOUR BANKERS…….whose responsibility is it?
Arun
Shocking!
Also if the merchant site did not have the wherewithal to verify the aadhaar card, why were they collecting it.
Actually the title seems to paint Aadhaar in bad light (and I am myself resisting giving Aadhaar to authorities till now), but actually, if Aadhaar authentication was truly performed, then Aadhaar would not have matched the debit card holder details and txn would have got declined.
dr m kishan
Mind boggling really.
I too follow the principle of not sharing my debit card details and using only credit cards online or in stores. I thought such a practice would safeguard me from cyber crime, but after reading this, I feel even such practice is not safe.
From the write up I understand that it was not an Indian website. I too had faced such a surprise some years back when I was paying some amount on a US website for a friend of mine. I punched in the card number etc and was waiting for an OTP, but the transaction went through without the OTP.
The writer is lucky that he could get the details of the website and that person helped.
The onus of fraud prevention is the responsibility of Banks also. Unless they setup their systems for this, we the customers will keep losing this way. But UIDAI should also take note of this. How is it possible to generate a fake Aadhar card with a fake number, some other QR code and even upload that fake card. Unless the system is strengthened, Aadhar will lose all its credibility.
Kishan
SriNivas
I think for international transactions OTP not required. If we dont need, we should disable international use.
Unclear
I’m against Aadhaar and have resisted getting one till now, but I don’t understand the connection of Aadhaar in this case. Later in the article the writer says that the merchant in France refunded the money. The point to note for online transactions using credit or debit cards is that only those businesses that operate on Indian soil and are governed by the laws (and RBI regulations) here must provide the second factor of authentication, which is usually done by a password on the bank’s site or an OTP. For merchants in other countries/jurisdictions, this second factor is very rarely used (if ever).
Anyone who has someone else’s credit card or debit card details, including the CVV number, can perform an online transaction on a foreign website without a second factor/OTP (the person being defrauded would get an SMS from their bank *after* the transaction is done, like in this story).
If this blog could figure out how exactly this fraud worked and published here, that would be very informative. And if it is due to gaps in Aadhaar and how it leaks information, everybody needs to know that too!
LuckyOye
Modern Jungle! Different resources, different predators, same prey! Rules? What are they?
Mahesh B
If I read it correctly, the Merchant was in France. This might be the reason for not getting the OTP. Ask the bank to block all international transactions without OTP.
Just adding a layer of security (by no means this will solve all the above issues with the bank or Cyber crime department).