Thiruvananthapuram: Stephen Antony found himself poorer by Rs 1.18 lakh on January 30. A private broadband company employee in Thiruvananthapuram, Antony was fast asleep in his house, debit card safe in his wallet, when hi-tech thieves drew the money from five ATMs in faraway Puri in Odisha.
The State Bank of India, however, has blamed Antony for not being vigilant enough. The bank managers have refused to refund the money since they see it as a lack of caution from the customer. They back their position with an outrageous claim that the customer had not responded to the midnight text message about the withdrawal of money.
The bank’s claim contradicts a recent order from the Kerala High Court that a customer cannot be held accountable for not responding to text messages since it is not a contractual obligation. There may be people who do not keep track of messages or who are simply out of the mobile network. If the account holder loses money from his account without his consent the bank is deemed to have failed in setting up measures to prevent such unauthorised withdrawal, the court said two months ago.
The SBI also alleged that Antony might have shared his PIN to someone else but maintained a strange silence on how the money could be withdrawn in Odisha while the debit card was in Kerala. SBI's branch at Meloor, Antony’s hometown, came up with this lame excuse when the customer lodged a complaint with an RBI ombudsman.
The money was reported to be withdrawn in seven tranches from five ATM counters in Puri. Though five text messages were sent to Antony’s phone as soon as Rs 78,000 was withdrawn in five attempts, only one was delivered. Had the customer blocked the card as soon as he received the message, he could have saved Rs 40,000, the bank said. However, the bank had no wisdom to share on how he could have saved the money stolen before the message was even delivered. The bank admitted that some of the messages were not delivered.
The bank argues that the customer might have compromised his passcode. Even if the argument is taken at face value, the theory does not explain the theft of the physical properties of the card. Any fraudster would need the info on the card’s magnetic strip if he were to steal money from an ATM counter. The bank would not say how this happened.
Antony is not the only one to lose money to hi-tech robbers. A bank account holder at Peyad near Thiruvananthapuram was shocked to see that his account was drained of Rs 2 lakh in 12 withdrawals from ATM counters in Bihar over five days. A man in Cherthala lost Rs 2.3 lakh in a similar manner.
A woman in Chemanjeri reported that someone in Delhi had withdrawn Rs 80,000 from her account on February 22. A man from Alappuzha lost Rs 21,000 on February 12.
A large underground network is at play here, as suggested by a Manorama report in December that revealed that data from thousands of magnetic strips on debit cards belonging to the people of Kerala was put up for sale on the internet. Anyone could buy the information and forge a duplicate debit card.
If the account in question has Rs 20,000, for instance, the magnetic strip data would cost just Rs 3,100. Larger accounts with a sum of at least Rs 1 lakh would sell for Rs 17,500.
Though the banking industry has moved to chip-based debit cards, banks are yet to phase out old ATM counters which still read the magnetic strips before dispensing with money. Data on magnetic strips could be easily stolen with the skimming devices secretly installed on ATM machines and point-of-sales swiping machines at shops and other commercial establishments.
The stolen data could be planted on a duplicate card with the help of a machine called magnetic strip reader and writer. Stolen data is often accompanied by pass codes recorded on surveillance cameras or key loggers clandestinely fitted on top of ATM keypads.