Court Found Bank Negligent In Service

Bank found wrongly seeking charges for credit card usage-Business Line-28th July 2014

A consumer court in Bangalore has found that a private bank had illegally demanded a huge sum as financial charges from a customer stating that he had exceeded his credit limit while purchasing jewellery.

Complainant Dyamanna H. Kolakar, a resident of KHB Colony, holds a savings account in HDFC Bank Ltd’s Basaveshwaranagar branch.

He had purchased jewellery worth Rs. 73,817 in December 2012 after noticing that the credit limit fixed for his credit card was Rs.75,000. But in January 2013, the bank informed that his credit limit was only Rs.19,000 and demanded a huge sum for exceeding the credit limit. The complainant paid Rs.1.09 lakh, including cess, service tax, and other charges through netbanking. However, the bank demanded another Rs. 24,000. He received several calls demanding payment.

In its order, 1st Additional District Consumer Disputes Redressal Forum expressed surprise over the bank’s failure to respond to its notice issued after the complaint was lodged in January this year.

“It is the bounden duty of the bank to address the problems of its customers in the legal way. The notice served on the bank is an opportunity for them to redress the grievance of the customer in a legal way, but the bank, for reasons best known to it, chose not to appear,” said the forum comprising its president Syed Anser Khaleem and member Niveditha J.

“If the bank is negligent in attending the proceedings of courts/forums, how can it attend to grievance of the complainant or its customers,” the forum wondered.

On perusing the records submitted by the complainant, the forum found that the bank’s conduct amounted to ‘deficiency in service’ and directed it not to demand the additional Rs. 24,000 from the complainant and issue a ‘no due certificate’.

http://www.thehindu.com/news/national/karnataka/bank-found-wrongly-seeking-charges-for-credit-card-usage/article6255016.ece

Virus stealing debit, credit card info prowling online portals-FE

Debit and credit card owners in the country have been alerted by cyber security sleuths against the damaging activities of a virus which attacks Point of Sale (POS) business counters to steal confidential data like card number and passwords.

The virus, of the deadly Trojan/Botnet family, is prowling in the domestic online media and has been identified as 'BrutPOS' by the CERT-In.

CERT-In is the nodal national agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain.

"It has been reported that malware variants targeting Point of sale (POS) systems, dubbed "BrutPOS", is spreading. BrutPOS mainly targets windows based system by leveraging web as the main infection vector apart from being downloaded by other malware families," the latest advisory by the agency said.

The advisory added that once the system is infected with the malware, it communicates with its command and control servers to update its status and receive commands or list of IP address range to be scan for RDP servers having weak or default credentials.

Successful RDP brute force attack allows an attacker to execute another malware in the compromised system that steals payment cards data including card holders name, account no, expiration data, CVV code etc from POS systems.

The virus also has tendencies to steal system information such as Operating System details, system configuration etc, the advisory said.

Once the secret data of a credit or debit card is stolen, it can be prone to a hacking or phishing attempts on the virtual currency, thereby incurring financial loss for the account holder.

The POS denotes the cash counter of a shop or a business establishment where a customer or an individual makes online payment (from debit or credit card) after a purchase.

According to existing RBI rules, while debit card owners are required to punch in their secret PIN number before making a payment at these counters, a credit card owner can simply swipe his plastic money to accomplish his transaction at the POS counter.

The agency has also recommended some counter measures to check the activities of this new virus.

Some of them include keeping all POS systems thoroughly updated including POS application software, not allowing administrative access to systems, locking out accounts after N number of incorrect login attemptsm, limiting or eliminating the use of shared or group accounts and ensuring that the networks where POS systems reside are properly segmented from the non-payment network.

The agency has also recommended enabling firewall at gateway or desktop level, not visiting untrusted websites, not downloading or opening of attachments in emails received from untrusted sources or unexpectedly received from trusted users and installing and scanning anti-malware engines and keep them up-to-date.