guides,

Ordeal of Standard Chartered Credit Card users on fraudulent transactions

Pranav Pranav Follow Apr 29, 2020 · 25 mins read · 0 comments
Ordeal of Standard Chartered Credit Card users on fraudulent transactions

There has been an alarming increase in report of fraudulent / unauthorized transactions on Standard Chartered Credit Cards by users. In majority of the cases, victims have reported the usage of their Standard Chartered Credit Card on international sites like dmarket.com, neonet.pl etc. The cumulative amount of these fraudulent transactions ranges into lakhs of rupees.

Even though the victims complied with RBI norms and reported the transaction within the time frame mandated by RBI, there has been lack of transparency and proactiveness from Standard Chartered Bank. Even after the matter being escalated to their principal nodal officer and CEO Ms. Zarin Daruwala, there is no sign of resolution.

In the majority of the cases, the bank has replied with a standard template to all victims saying that they have shared OTP on mobile/email and hence the customer is liable. Given that multiple people became victims of the same kind of fraudulent transactions, a thorough investigation from Standard Chartered was expected, but that has not been the case till now.

Below table summarizes the volume of fraudulent transactions for each victim so far:

User Total fraudulent amount
Vaibhav Aggarwal 1,00,000
Kshitij Jha 2,42,112
Sujit Kumar 1,02,000
Navneet Kumar 37,000
Dr. Satya Ranjan Patra 4,18,335
Vipul Bansal 1,34,000
Sai 3,64,175
Total 13,97,622

The common pattern that has been observed for these cases is that the card has been used on international sites in early morning India time when the majority of the people are fast asleep.

The victims came to know about each other from How to handle unauthorized / fraudulent transaction on Credit Card in India? article on CardInfo and they formed a WhatsApp group to coordinate among themselves. Transactions of only one victim have been reversed so far and the fate of others is still hanging in the middle. The stories which follow are shared by the victims to me as a last resort to make everyone aware of their experience and get a speedier resolution from Standard Chartered Bank.

Vaibhav Aggarwal

Two fraudulent international transactions were carried out by cybercriminals on my credit card which were reported within 7 days to Standard Chartered bank via complaint no SR201012112414 on 20th December 2019 and the bank provided temporary credit. I also filed a police FIR. Then after some sham internal investigations, the bank on 25th January 2020 sent a mail stating following:

We note that the said transactions were incurred post validating the credentials such as card number and the OTP triggered to your registered mobile number. A unique password (One Time Password) for each and every transaction will be generated and it serves as another level of authentication to carry out an online transaction. A review of our records indicates that the above-mentioned transactions were carried out on a 3D secured website post successful validation of your card credentials and the OTP which was sent to your registered mobile number, the said transactions were approved.

I asked them to share the VISA chargeback investigation report and facts to prove that these transactions were carried out by me. But the bank has not provided any of the following details:

  1. No proof provided that these transactions were done on my residential address and I have received any goods
  2. No proof provided about the delivery of product/services availed against the payment
  3. Evidence of ECI 3DS security and CVV Response
  4. No proof of matching of shipping and AVS matched billing address.
  5. IP address used for the two transactions

Bank is not able to prove that transaction is legitimate by sharing the details asked above. Sending an OTP doesn’t mean that the OTP has actually been used to carry out these transactions. It is common knowledge that international transactions can be carried out without OTP. The bank is also not able to prove that loss is due to negligence by a customer, such as where he / she has shared the payment credentials.

Even after complaining to the banking ombudsman, their reply and stand remains the same. So far the bank has not produced any investigation report, proving that the transaction was done by me.

Vaibhav reported that his issue has been resolved by Standard Chartered on 30 April 2020.

Kshitij Jha

My name is Kshitij Jha and I hold a Standard Chartered Manhattan Credit Card bearing no: 4541 98xx 6793. On the morning of 5th November 2019, I woke up as usual to get ready for my office at 06:45 AM and checked my mobile first. I was surprised to see a series of various messages received from Standard Chartered Bank for OTPs and transactions done. Below is the list of all messages sent to me by the bank:

VM-FROMSC 11-5 Tuesday 04:41
MSE-234108 is your one time password (OTP) for transaction of USD 195.81 at PSP*dmarket.com on your Credit Card ending 6793.Valid till 04:48 AM IST - StanChart.
StanChart: Today a transaction of INR219235.56 was charged to your card 6793 at PSP*dmarket.. SMS 1 if you made the transaction; SMS 2 if you did not to +918800475522.
Dear Client, we have tried calling you. Your Standard Chartered card ending (6793) has been temporarily blocked due to security reasons. Please call 6014444/39404444 for assistance.
CAY-303483 is your one time password (OTP) for transaction of USD 3, 088.24 at PSP*dmarket.com on your Credit Card ending 6793.Valid till 04:37 AM IST - StanChart.
QDP-600276 is your one time password (OTP) for transaction of USD 3, 088.24 at PSP*dmarket.com on your Credit Card ending 6793.Valid till 04:40 AM IST - StanChart.
StanChart: We appreciate an urgent response to verify your transaction. SMS 1 if you made the transaction; SMS 2 if you did not to +918800475522.
StanChart: For your account security, please respond urgently to verify your transaction. SMS 1if you made the transaction; SMS 2 if you did not to +918800475522.
Thank you for using StanChart Card No XX6793 on 05/11/19 for USD 1.16. Call 18002586465 if you have not done this transaction.
Thank you for using StanChart Card No XX6793 on 05/11/19 for USD 1.95. Call 18002586465 if you have not done this transaction.
Thank you for using StanChart Card No XX6793 on 05/11/19 for USD 3088.24. Call 18002586465 if you have not done this transaction.
Thank you for using StanChart Card No XX6793 on 05/11/19 for USD 1.94. Call 18002586465 if you have not done this transaction.
Thank you for using StanChart Card No XX6793 on 05/11/19 for USD 195.81. Call18002586465 if you have not done this transaction.

On seeing these SMS, I immediately sent an SMS of 2 to the number +918800475522 as advised by the Bank (StanChart: We appreciate an urgent response to verify your transaction. SMS 1 if you made the transaction; SMS 2 if you did not to +918800475522.) clearly saying these were not done by the customer.

I immediately called Standard Chartered Bank on their Standard Chartered Customer Care number 022- 66014444 and informed them of the fraudulent transactions done. However they told me that since it takes around 48 hours for the Merchant to claim the amount, you need to call the bank after 48 hours in order to raise a dispute with us. I don’t understand the logic behind the same. If the money was not claimed by the merchant they should have stopped the same on request raised by the customer. Anyways I blocked the cards immediately. I also immediately checked my Standard Chartered Internet Banking and Mobile Banking app but the same was not reflecting any transaction and messages were coming that the server is temporarily down, please try after some time.

I went to the Bank personally and submitted the dispute form for an amount of INR 2,19,235.56. I also sent the dispute form to the registered mail id with the bank [email protected], [email protected], [email protected] and [email protected]

Next day on 06/11/2019 after returning from my office in the evening, when I checked my net banking, the actual amount debited was INR 2,42,112.21 on my Standard Chartered Manhattan Credit Card No. 4541 xxxx 6793. So I again called Standard Chartered Customer Care number 022- 66014444 and got Complaint No. 201911031139 from them. Next day on 07/11/2019, I forwarded Standard Chartered Bank Dispute Form for amount of INR 2,42,112.21 to the email id [email protected], [email protected], [email protected] and [email protected] Same day, I got a call from Bank No. +918039819800 and the caller advised me that they will be giving a temporary credit for the amount of INR 2,42,112.21 within the next 10 working days and the entire investigation will take another 45 days to complete. I also filed the police complaint the very same day.

Bank responded to me via their mail dated 10/12/2019 and 11/01/2020 that the transaction was carried on a secured website and OTP was delivered to your phone, hence the customer has to pay the same. They did not provide me with any detailed investigation report.

To the same, I responded with my following points with my mail dated 11/01/2020:

  1. OTP received by me were alphanumeric in nature which is not possible as we always receive the numeric characters only.
  2. All the OTPs involve USD amounts which are amounting to $1.95, 1.94, 1.16, etc. which is a clear indication that the hacker tried to do the transaction using small amounts first to determine the validity of the card. Once the hacker knew that the transactions were going through, he performed larger transactions.
  3. The OTPs received were for more than around 5-6 transactions but only two amounts totaling upto INR 2,42,112.21 are only appearing in the statement.
  4. The hacker not only fully utilized the full credit limit but also used the buffer limit available with the card.
  5. The merchant named is PSP*dmarket.com Gibraltar GI which is domiciled outside of India.

Bank Response - NIL

Further to the same I responded with mail dated 12/01/2020, I would like to mention following things:

  1. The card was with me in my possession at all times during fraudulent transactions. I was not using the card for the last 1.5 years till the date of the fraudulent transactions happened. It means NIL transactions on my card.
  2. I did not click on any spam or phishing link as I am totally aware that I do not need to disclose my card details with any third party.
  3. As per my trail mail, you will find that I have got almost 6 to 7 OTP SMS early in the morning as per trail mail, when I was sleeping which also means I did not share them with anyone, but only two transactions were reported on statement, Why? And please tell me out of these OTPs received, which OTPs were used with evidence.
  4. As per your saying, if these transactions were secured, why did standard chartered block my card as per the SMS I received.

    Dear Client, we have tried calling you. Your Standard Chartered card ending (6793) has been temporarily blocked due to security reasons. Please call 66014444/39404444 for assistance.

    The card should have been active if it was done by a customer only however it means that when hacking happened, your bank system immediately blocked the card, which is really appreciable but it was too late as transactions happened without me sharing the OTP with anyone, WHY?

  5. When I woke up in the morning, I observed the following SMS also, to which I immediately responded.

    StanChart: For your account security, please respond urgently to verify your transaction. SMS 1 if you made the transaction; SMS 2 if you did not to +918800475522.

    I immediately sent 2 to +918800475522 which you can check from your records that you received sms from my registered mobile number. My number is postpaid and the same is appearing on my mobile bill also.

    Now it was the bank system’s fault that it should have stopped the transaction immediately and should not have allowed merchants to claim these transactions. Why does the same happen and?

  6. I further request you to please provide me the IP address of the system from where the secured transaction (as indicated by you) happened, you can check the IP location of the hacker by the same. I was in Mumbai with my family and I have eye witnesses for the same. Same can be confirmed with the tower location of my mobile. I request you to prove that it was definitely done by me with concrete evidence.

  7. Further to that, I request you to please check the shipping and billing address with the merchant to prove my involvement whether my name is appearing or not and it was me who have only availed the services from the merchant.
  8. The transactions were done in USD but initially I was only informed of the below SMS to which I responded by sending 2 to +918800475522. You can check your records. If I responded with 2, why did not the bank immediately stop this transaction and allow the merchant to claim it? Again, your bank system’s flaw.

    StanChart: Today a transaction of INR219235.56 was charged to your card 6793 at PSP*dmarket.. SMS 1 if you made the transaction; SMS 2 if you did not to +918800475522.

  9. Most importantly, I called your bank immediately the same day at 7:00 AM regarding these fraudulent transactions and informed them regarding these frauds, but your bank said, let us wait for 48 hours and let it be claimed by the merchant and then you can raise the dispute. I was assured that I will be helped in every possible way but now the bank is saying that I carried out these transactions.

    My simple question to you all is that if I had informed on the same day and at same time, why the bank does not immediately stop the payment when the customer immediately says that these were not done by the customer, please explain?

  10. I as a vigilant and aware customer have done my duty by immediately informing the bank regarding these unauthorized transactions immediately same day and at same time which comes under zero liability policy of RBI.

  11. The merchant name is PSP *dmarket Gibralter GI which is domiciled outside India and is not known to me by any means. I also don’t know what kind of goods or services they provide?

Bank Response - NIL

Later on, vide my mail dated 14.01.2020, I raised VISA chargeback with the Bank under following categories:

  1. Visa Code 10.4 Other Fraud-Card Absent Environment
  2. Visa Code: 81 (DEPRECATED) Fraud (card-present)/No cardholder authorization CRIMINAL FRAUD
  3. Visa Code: 83 (DEPRECATED)Fraud (card-not-present)/No cardholder authorization CRIMINAL FRAUD
  4. VISA CODE: 62 (DEPRECATED) Counterfeit transaction/Chip liability shift/Chip/PIN liability shift
  5. Visa Code: 30 (DEPRECATED) Services not provided or merchandise not received.

Bank Response - NIL

Despite various reminders, no response from the bank. Then with no options left, I raised a complaint with Banking Ombudsman vide Complaint No. 201920013012639. Bank vide their last mail dated 16/03/2020 informed me that these were secured transactions, OTP was delivered on my number and onus is on the customer. This is clearly an open and shut case, I wrote my mail to them on same day in response to their trail mail sent on 16/03/2020 with following points:

  1. You are saying transactions happened on 04/11/2019 but I got SMS alerts only on 05/11/2019 early morning at 04:30 AM. Copies of all my SMSs have already been provided to you. Card was in my possession at all times. Within 2 hours, I informed your bank regarding fraudulent transactions. What do you expect from me now? Now as your system is recording transaction date as 04/11/2019 which means whoever the hacker used it was sitting on some other country in the EU where it was still 04/11/2019 and in India it was 05/11/2019. Can you please explain why is that so?
  2. The credit limit of my card was only INR 1,77,000 but the Bank allowed it to debit INR 2,42,112.21. This is your discrepancy in the bank’s system.
  3. I never requested to enable international transactions on my card, but you allowed and hackers exploited the same. This is against the RBI guidelines.
  4. Please respond to my mail dated 11/01/2020, 12/01/2020 & 14/01/2020 on an urgent basis.
  5. I was in possession of my card for the last 1.5 years and did NIL transactions. This also means I have not shared my card details with anyone as I was not using it, but still fraudulent transactions happened. It clearly states that the bank shared my credit card data with the hacker and allowed them to do this fraudulent activity.

Bank Response - NIL

Now the Onus is on the Bank to prove that it was indeed done by a customer only as per RBI Circular No . RBI/2017-18/15 DBR.No.Leg.BC.78/09.07.005/2017-18 dated July 6th, 2017 and in absence of any detailed investigation report, they cannot prove the same. I also understand that as an honest customer, I have given all my facts and figures to the bank which clearly indicates that I am innocent and hacking happened with the bank. I would also like to clearly mention that till my lifetime, I will not pay a single penny to the Bank as I did not use the card for these fraudulent transactions. All the communication can be downloaded from here .

After escalating the matter to the CEO of Standard Chartered Bank, Ms. Zarin Daruwala on 12/04/2020, they reinvestigated and did reversal of the charge by 20/04/2020. Hence finally my case was solved.

My Standard Chartered credit card **9543 was used for fraudulent international transactions without my knowledge on 17th February, 2020 between 02:30- 02:35 AM. The amount debited was $512 (INR 37,000). I immediately called Standard Chartered customer care informing them about these fraudulent transactions. Customer service representative blocked my credit card immediately. When I asked the representative as to how the transaction was carried out without OTP, they informed me that it’s an international transaction and hence it was approved without an OTP. OTP is generally not required for international transactions.

To give you some background, I haven’t done even a single transaction with this credit card. Standard Chartered increased my credit limit automatically and just after that, this incident happened.

Next day I got a call from the fraud department about this transaction and I was informed that there was a fraud attempt on my card from a MacBook. When I enquired about the IP address and location of the device, they refused to reveal the same and told me they will investigate and come back to me.

After a few days the investigation was closed without informing me of the outcome of it. When I called again, they informed me that they have found this transaction authentic in their investigation. When I asked for the proof they didn’t reply. I am still waiting for a resolution from the bank.

One more thing I would like to highlight is that despite many requests to close my credit card, Standard Chartered has not closed my card. Below are some details for your reference:

Request Number for closing of card: SR200006364 Dispute Number: 9142

Dr. Satya Ranjan Patra

I am Satya Ranjan Patra and was holding Standard Chartered Credit Card. My horror story started on the night of 14 January 2020, when I woke up to drink water. Before going to bed again, I checked my phone only to be shocked by a series of messages regarding online transaction on my credit card. I immediately informed the bank regarding the fraud transaction on 18002586465 which they provided in their SMS.

The very next morning I reported this incident to CyberCrime Division, Bhopal and raised a dispute for this transaction with Standard Chartered.

After taking all necessary actions from my side, I waited for a resolution from the bank side. After one month they replied saying “Transaction was done on the secured website and OTP is sent to registered mobile number” and rejected my dispute.

I just want to put some facts for you:

  1. The card was with me in my possession at all times during fraudulent transactions. I was not using the card for the last 6 months till the date of the fraudulent transaction happened. It means NIL transactions on my card.
  2. I did not click on any spam or phishing link as I am totally aware that I do not need to disclose my card details with any third party.
  3. As per my trail mail, you will find that I have got only one OTP sms early in the morning as per trail mail, when I was sleeping which also means I did not shared it with anyone but two transactions were reported on statement, why? and please tell me OTP is used for smaller amount or for bigger amount with evidence.
  4. When I woke up in the night, I observed the following SMS also to which I immediately responded.

    StanChart: For your account security, please respond urgently to verify your transaction. SMS 1 if you made the transaction; SMS 2 if you did not to +918800475522.

    I immediately sent 2 to +918800475522 which you can check from your records that you received sms from my registered mobile number. My number is postpaid and the same is appearing on my mobile bill also. Now it was the bank system’s fault that it should have stopped the transaction immediately and should not have allowed merchants to claim these transactions. Why did the same happen? It is due to a flaw in your bank’s system?

  5. I further request you to please provide me the IP address of the system from where the secured transaction (as informed by you) happened. You can trace the IP location of the hacker by the same. I was in Bhopal with my family and I have the eye witness for the same. Same can be confirmed with the tower location of my mobile. I request you to prove that it was definitely done by me with concrete evidence.
  6. Further to that, I request you to please check the shipping and billing address with the merchant to prove my involvement whether my name is appearing or not and it was me who have only availed the services from the merchant.
  7. The transactions were done in USD but initially I was only informed of the below sms to which I responded by sending 2 to +918800475522. You can check your records. If I responded with 2, why did not the bank immediately stop this transaction and allow the merchant to claim it? Again, your bank system’s flaw.
  8. Most importantly, I called your bank immediately the same day at 4:05 AM regarding these fraudulent transactions and informed them regarding these frauds but your bank said, let us wait for 48 hrs and let it be claimed by the merchant and then you can raise the dispute. I was assured that I will be helped in every possible way but now the bank is saying that I carried these transactions. My simple question to you all is that if I had informed on the same day and at same time, why the bank did not immediately stop the payment when the customer, please explain?
  9. I, as a vigilant and aware customer, have done my duty by immediately informing the bank regarding these unauthorized transactions immediately same day and at same time which comes under zero liability policy of RBI.
  10. The merchant name is PSP *dmarket Gibralter GI which is domiciled outside India and is not known to me by any means. I don’t even know what kind of goods or services they provide?

Now the onus is on the Bank to prove that it was indeed done by the customer only as per RBI Circular No. RBI/2017-18/15 DBR.No.Leg.BC.78/09.07.005/2017-18 dated July 6th, 2017 and in absence of any detailed investigation report, they cannot prove the same. I also understand that as an honest customer, I have given all my facts and figures to the bank which clearly indicates that I am innocent and hacking happened with the Bank. I would also like to clearly mention that till my lifetime, I will not pay a single penny to the bank as I did not use the card for these fraudulent transactions.

Vipul Bansal

I faced 2 fraudulent transactions on dmarket.com and alsen.pl on Feb 5, 2020 at 3:44 AM and 3:51 AM respectively. I was sleeping at that time. When I woke up in the morning, I complained about the same to SCB customer care. They blocked my card and advised me to dispute the transactions within 2 days. I disputed the transactions on Feb 7, 2020 and also made a police complaint to the cyber cell in my city. Bank subsequently made a temporary reversal.

After a few days I again contacted them for the status and they informed me that they have closed the complaint. Allegedly, they found that this was a 3d secure transaction and OTP was used to carry out the transaction and hence making me liable for the same. I asked for the investigation report but till now, they have not been able to provide anything at all. I am really dejected due to this non-cooperative stance of Standard Chartered Bank.

Bottomline

The victims believe that the security of Standard Chartered is compromised and hackers are taking advantage of this. They are shocked that the bank is not trying to investigate such a huge number of scams with shockingly similar patterns. If you believe in their cause, you can sign their online petition. Victims want these fraudulent transactions to be reversed immediately and investigated for any security lapse in their system. Not doing so will tarnish the image of one of the prestigious banks in India.

Personally I am really sympathetic to the cause of victims and I know how mentally stressful this can be as I have gone through a similar experience in the past. Through this article, I hope to bring the attention of Standard Chartered Bank towards these fraudulent transactions and want them to come clean by sharing their investigation reports with corresponding victims. Though the case of Kshitij was resolved by Standard Chartered Bank after escalating to the CEO of the bank, the case for other victims still remains unsolved.

Have you even been a victim of credit card fraud? Do you have any tip which can help these victims? Leave a comment below to let them know.

Join Newsletter
Get the latest post right in your inbox. We never spam!
Pranav
Written by Pranav Follow
Hi, I am Pranav! I love to acquire, review and earn reward points/cashback from Credit Cards. Guiding people about benefits and optimal utilization of credit cards for years.
Exclusive Offer on Citi Rewards Card
  • Rs. 1,000 Amazon Gift Card on spending Rs. 5,000 in first 60 days*
  • 2,500 activation bonus reward points*
  • 10X rewards on online and physical apparel & department stores spends
  • 300 bonus points on spending Rs. 30,000 monthly
  • 20% instant discount on Zomato & Swiggy*
  • 2 Months additional on 12 Months recharge of Tata Sky*
  • Earned Reward Points never expire
  • Fee waiver on annual spends of Rs. 30,000
Apply Now
* T&CA, Limited Period Offer
Read next

How to get free CIBIL Report in India?

CIBIL is the most popular credit bureau in India. Most banks check for CIBIL score to know the credit worthiness of an individu...

Guides, May 14, 2020