It was a family get-together far away from home. Free from the daily grind, I was enjoying some friendly banter over a second cup of tea that very pleasant April morning in 2017 when a beep on the phone distracted me. It was an SMS from my bank, warning that I had made two invalid attempts to log into my account and the same would be blocked on a third such attempt.
Two log in attempts? But I had not tried any such adventure!
Obviously, someone had mischievously tried to break into my account twice with
a correct username but incorrect passwords. What if the third attempt were
successful? Anxiety replaced happiness.
“Lest that scoundrel try again, why don’t you get your account
blocked for a day by deliberately filling in a wrong password? You can seek
help from the bank manager before the account gets unblocked tomorrow.” A wise
guy suggested.
I reacted at breakneck speed, praying that the criminal shouldn’t
succeed in submitting the correct password before I fill in a wrong one. A
beep, followed by an SMS, confirmed that my account had been blocked for a day
following three invalid log in attempts. To this day I don’t know whether the
third attempt was my creation or the intruder’s.
The bank manager answered my call—no, she had no idea about the
IP address or the location from where the fraudulent log in attempt was made;
she didn’t have the authority to change my log in username; she couldn’t help
me; but I could surely lodge a complaint.
“But what if the imposter successfully logs in before the
authorities take preventive action?” I asked.
“Why don’t you change your password?” She shot back.
“It’s the username that has been leaked, the password has so far
not been guessed correctly,” I pleaded.
“Please lodge a complaint on our helpline, on our ‘Happy Room’,
and on the site,” she barked.
I called up the helpline. It had several options for lodging
complaints under various categories but there was no category for reporting fraudulent
log in attempts. I pressed the option for speaking to an executive. Bad luck!
All executives were busy, and remained occupied throughout the day. No one ever
came on the line, which invariably kept getting disconnected after multiple
proclamations about the bank’s commitment to serve customers in a fantastic
manner.
I tried lodging a complaint on the bank’s website
but the page was malfunctioning. The ‘Submit’ link always pointed out that the
details were missing regardless of whatever I had typed in.
I
sent an SMS to the ‘Happy Room’ and was happy to receive an index number with
an assurance that I would be contacted shortly. The happiness ended there. No
one ever contacted me then or in the seven years that have since elapsed.
I
abandoned my already spoilt holiday, returned home, and submitted a formal
letter to the bank manager the next day. She reiterated her inability to
investigate into the matter while accepting that it was possible for the branch
personnel to ascertain my username.
I escalated my
complaint to the next higher authority and received an acknowledgment. Submission
of complaints became a daily routine that ended with my approaching the bank
chairman and the Centralized Public Grievance Redress And Monitoring System (CPGRAMS)
by the end of the fortnight, hosting a video on YouTube about my predicament,
and seeking attention over Twitter.
CPGRAMS deserves
credit for communicating within a month: “Your
Grievance with Registration No. … has been disposed. Logon to … for further
details.” I logged on to find that my complaint had been “satisfactorily closed
as the account holder has sufficient balance in the account.”
I
was aghast! Not only that large public sector bank had failed to prevent the
leakage of an internet banking secret but had also displayed scant concern in
resolving the depositor’s problems.
The same bank was vigorously promoting its health insurance scheme
from February that year. It looked attractive. I had filled up the proposal
form and deposited
the premium in March. The amount was debited immediately, though the policy
booklet was supplied almost after a month. It left me stunned!
The form in the booklet was not the one that I had submitted—the name of a beneficiary
was wrongly spelled, the relationship with the nominee was shown as “mother” in
place of “son”, many vital details had been left blank, and the signature on it
was not mine! Evidently, my proposal form had been replaced with a forged one.
I shot a letter and the details were corrected, but
the bank remained mum on how a forged form could find a place in the policy
document and why the bank could not check it. I decided not to renew the policy
and intimated the relevant authority. However, applicable premium was debited
from my account the next year without authorization from my end. I protested,
the amount was refunded, and the renewal was cancelled.
I
assumed that the story was over, but no! Premium was deducted again the next
year towards renewal of the policy that had lapsed a year ago! I shot an angry
missive to the agency and received the following response: “As per process Removal of Auto renewal
facility needs to be intimated 15 days prior to expiry date of the policy … In
case the premium is already debited, help us with the Journal no., date of
debit, scan copy of bank account statement reflecting the premium debit against
… and the reason for discontinuation to process the refund.”
The
fault clearly lay with me! I learnt a lesson and informed the bank on two
subsequent years to not to renew the policy that had lapsed many years ago,
exactly fifteen days prior to the date when the policy would have lapsed if
taken.
The year 2019 was nearing its
end. It so happened that I held a credit card of that bank. The card was due for
renewal on December 20, but I was scheduled to be on an overseas trip from
December 5 till March 1 the next year. Usually replacement cards are received
at least a month before the expiry of the valid card, but my case was proving
to be an exception. Afraid of its falling in wrong hands and being misused, I
sent an email to the bank with a request to despatch the replacement card only
in March next year. I received a prompt reply from one Sanjeet Mandal as under:
We wish to inform you that your … card
account will be automatically renewed and same will be dispatch at your mailing
address updated before 90 days of the card expiry.
If you do not receive the card, kindly
rewrite us when cardholder is available to receive the card.
If you are not satisfied with
the response, you can write to Nodal Officer, Customer Service by clicking here
or use the Escalate Button on the webpage. You will receive a response within 5
days.
I wrote back immediately, explaining
that my house would be totally locked during my absence and there would be no
point in despatching the card during my absence. This time one Ashmita Sandhu
replied:
We wish to inform you that in
case any card is getting expired the renewed card is dispatched 90 days prior
to card expiry further in absence of primary card holder the same can be handed
over to a family member(blood relation) post showing a valid id proof and if
there is no one the card shall return back to us undelivered.
My
overseas trip started and so did a chain of SMS from the post and telegraph
department informing about failed delivery attempts for the card, the date when
the next attempt would be made, and a final warning that no attempt would be
made a fourth time.
I
brought the matter to the attention of the principal nodal officer and was
provided with an interaction ID. Meanwhile, a second chain of post and
telegraph SMS about abortive delivery attempts began with instructions to call
up a certain number.
Another
wise guy suggested that I should seek help from the bank’s Twitter handle. I
did so and sent fresh communications in accordance with the advice received.
A
third chain of SMS followed shortly afterwards and then there was complete
silence. I spent the remaining two months of my foreign visit in bliss,
satisfied that everybody in the banking system was not apathetic to customer
needs and that a sincere executive had finally taken action on my SOS.
Barely
a week would have passed after my return when a guard of the apartment block
approached me, “The postman gave it!”
The
envelop, bearing a despatch stamp of December 2019, had my replacement credit
card in it.
Those
conversant with the credit card intricacies would have guessed that my
replacement card must be due for renewal next month. Absolutely right! It falls
due for renewal in December 2024, when I am scheduled to be on another longish
foreign trip. Seriously wounded after my previous experience, I decided to get
it cancelled in November end. But while one may still guess God’s ways, it is
impossible to forecast the next move of that bank. They sent me an SMS in
mid-September, informing that my card had been renewed with the original
particulars.
“Wonderful!
So I wouldn’t need to get the card cancelled,” I thought.
“Fine,
so the number remains the same, but how will I use it without knowing the fresh
expiry date?” The worry nagged.
The
bank card site has no provision for seeking such information. I sought it from
their Twitter handle, who assigned a complaint number with an assurance that an
executive would call me within five days.
But
how would I use the card till then?
I
called up the helpline. An executive informed that a fresh card, with a fresh
number, had been despatched to my address.
The
wait for the SMS began. Neither the bank nor the post and telegraph department
informed about the despatch of a fresh card. Almost a week passed. I started
getting jittery as another trip was to follow in a fortnight. I called the
helpline everyday but the option of speaking with an executive had been
removed! I reported the matter again on the Twitter handle to receive a response:
“Hi, Your complaint is already been highlighted to our concern department and
the same shall get the resolved by 23/9/2024. Request you to please wait till
the estimated time.”
And
then, without a warning, the replacement card was delivered! Within fifteen
minutes a brook of SMS started gushing: My card had been despatched vide
consignment number blah blah blah; my
card had been delivered; where should I complain if I had not received the
card; how to use the card; etc., etc., etc. The next day I received a mail confirming
that my complaint had been satisfactorily resolved.
That
bank never ceases to spring a surprise. It has submitted duplicate information to
the income tax department about an investment made by a colleague, who
continues to defend himself for ten months now.
You
may feel that the particular bank mentioned so far is rank bad and others may
be much better. Perhaps, but my experience with another public sector bank is also
not very good. That bank threatened to “stop” my account for want of KYC (know
your customer) documents. I was surprised, because the KYC drill is not an
annual affair to the best of my knowledge. A visit to the bank confirmed my
belief—they require KYC from my type of accounts only once in five years. When
I pointed out that I had submitted the documents only the previous year, they
suggested that I should check a bundle of pending documents on a shelf in their
office. I combed through a pile of about 200 KYC documents of customers,
retrieved my documents, sat there to ensure that the details were fed into the
system, and got the problem solved. Incidentally, this second bank mentions a
wrong name on my internet banking account, maintaining that incorrect names don’t
hamper banking if the account number is mentioned correctly!
Of
course, they can’t be more correct. I purchased bonds from a third, a private,
upcoming, and promising bank seven years ago. Few months before the maturity,
the bank informed that the proceeds would be deposited in my account, providing
details. It also added: “If there is any mismatch/change in your Name, Address
or Bank account, you are requested to update the requisite information, by
following the instructions mentioned below. This will help the Bank to pay the
Maturity proceeds to you on time.”
I
immediately informed that due to a change in the branch the IFSC code should be
corrected as blah blah blah. The bank
reverted with a repeat of the original information, and continued to do the
same regardless of my communications to various officials. Thankfully, the
money was deposited in my account in spite of the incorrect IFSC code.
As
a parting shot, consider this case of a very large private bank in India which
has been unable to change the phone number of the secondary account holder in
three months despite several requests by the account holders and efforts by the
local branch officials.
संदेश
