It’s every account holder’s dread — the discovery that you’ve just become the victim of a financial fraud perpetrated via any number of methods, chiefly hacking, skimming, phishing, cloning, account takeover, card-not-present (CNP) and so on.
Bharat (not his real name), an expatriate Indian executive working for a well-known Omani firm based in the city, found himself the target of what is suspected to be a cloned card scam that left his savings account depleted by around RO 4,000 over a span of three days.
But adding insult to injury was the ordeal he endured trying to prove to his local lender — the branch of an international bank — that he was a victim of financial fraud, and thus liable to full restitution under Omani laws. Recently, after a year-long struggle, he entered into a settlement with his lender against which he received less than half of the stolen funds.
The case, while thankfully uncommon in the Sultanate, nevertheless illustrates the potential pitfalls that await victims of financial fraud fighting for reimbursement from their respective banks. It also highlights the need for a customer-friendly redressal platform to be set in place by the industry regulator, the Central Bank of Oman, for want of an independent consumer watchdog dedicated to the banking and financial sector, say experts.
Unauthorised transactions
In July 2016, fresh from his annual holiday in India, Bharat discovered that his debit card had been swiped at multiple locations in the south of the country without his authorization. Using what is suspected to be a clone of Bharat’s debit card, the fraudster was found to have splurged on jewellery, exotic dried fruits and other luxuries during a three-day spree. Puzzlingly, all of these fraudulent purchases took place while Bharat was back here in the Sultanate.
The executive was alerted to the scam during a routine visit to an ATM at a shopping mall in the city, when he discovered that his account had been mysteriously drained off RO 4,000 in funds. He promptly contacted his lender’s call centre and requested that his account be blocked pending a full investigation.
Over the ensuing weeks, the victim was informed that his card had been used at a number of merchant stores, ATM outlets and luxury stores in Chennai — a city that Bharat claims to have never set foot in. A native of the north Indian state of Haryana, the victim said he had used his debit card only on three occasions in an area close to his hometown, and on all three occasions his attempts to withdraw money from his account were declined by the ATMs in question.
For about a year since he was scammed, Bharat alleges that the lender dragged its feet in investigating his complaint. It was only on the intervention of the Central Bank of Oman (CBO) that the complaint received the required attention of officials at the local bank, he claims.
At first, the lender rejected his claim for compensation, citing a number of grounds. Firstly, it contended that the complainant was in India at the time of the fraud — a claim Bharat contested with documentary proof of his presence in Muscat when the fraud was perpetrated. He also argued that the debit card in question was securely with him at all times.
Evidence uncovered by the lender through its network in India revealed that the fraudster had swiped the victim’s debit card a total of 17 times. In almost all of these instances, the suspected criminal had used the correct PIN to validate the transactions.
Citing this evidence, the lender subsequently left it to Bharat to pursue legal action against the perpetrator — a process that would necessarily require the complainant to travel to Chennai, where the fraud took place, and lodge a criminal complaint with the local police authorities. Given the fact that the perpetrator took meticulous care to leave no trace of his identity at any of the locations where the unauthorized transactions took place, tracking him down would have proven to be a daunting — and likely futile — task.
In the circumstances, and eager to put this painful chapter behind him, the complainant eventually reached a deal with his lender to close the issue against a settlement amounting to around 40 per cent of the stolen funds.
Rights and liabilities
The episode illustrates challenges that potential victims face when safeguarding their rights and interests in the face of online hacking, credit card fraud and other financial scams.
Banks and card-providers can hold the customer or cardholder liable if the latter is found to have acted negligently or without reasonable care in keeping, for example, the PIN details safe. Another ground for rejecting liability is the customer’s purported failure to promptly alert the lender when a card is either lost or stolen, or if the PIN is accidentally revealed to an unauthorized party. Besides, failure to use the card-provider’s 3D Secure system (for example, Verified by Visa or MasterCard Secure Code) can go against the customer as well.
In Bharat’s case, however, the illegal transactions took place in India when he was physically present here in the Sultanate. Equally baffling was how the fraudster got hold of what is believed to be a duplicate debit card and PIN when the original was all the time with the victim — unanswered questions that, according to experts, must be investigated to help stave off further scams of this nature.
Oman Observer is now on the WhatsApp channel. Click here
