Several credit card users of private lender Axis Bank took to social media on Wednesday to report fraudulent international transactions made using their cards.
"Something is VERY WRONG at @AxisBank credit card. One of my cards was used for a fraudulent txn at Uber Eats Canada. Card was reissued - suddenly fraudulent txns on new card WHICH I DONT HAVE YET. Investigation SAK 0000 233 6061 raised at Axis Bank. They REFUSED to investigate," writes Sandeep Srinivasa on social media platform X.
Another user Aadil Bandukwala claims his Axis Bank Reserve credit card was used, too, without his permission and without OTP for two transactions at Air France. "Registered a complaint and Axis says they need 90 days to investigate. Emailed them and got the same templatised response," Bandukwala writes on X.
Axis Bank acknowledged that these unauthorised transactions did happen. A spokesperson of the bank called it "a malicious attempt" from certain merchants. "We have seen a few unauthorised transactions, as reported by our customers. This is a malicious attempt from certain merchants, and we have seen a few transactions hitting our system, affecting only a few cards. We have taken the due steps to block these merchants, and reported them to the associations as well," Sanjeev Moghe, president and head of Cards and Payments at Axis Bank, tells Fortune India.
"Since these are international ecommerce transactions, hence not authenticated through the two-factor authentication process, our customers have full chargeback rights and the amounts are fully recoverable. We will work with our customers on the same, and ensure they are not disadvantaged," Moghe says, adding that there has been no breach of any Axis Bank's systems.
In a post on X, Axis Bank credit card user Ajay Awtaney writes, "The stream of attack on my @AxisBank card continues. Blocked the card. Per Twitter, happening to many other folks."
"Any reissued card is being pushed via Automatic Billing Update to the fraudsters and they are able to use the new card number immediately after," Srinivasa says, adding that reissue is not enough.
Prasad Lingawar, another user on X, says, "Same thing happened with me. Multiple transaction attempts total worth more than 10 lakhs. Fortunately my card was temporarily blocked so nothing went through."
The Reserve Bank of India earlier this month issued directions to banks for giving options to customers to choose from multiple card networks. The directions will come into effect beginning September 6, 2024.
The RBI has also tightened norms for credit and debit cards used for business accounts. The banking regulator told business card issuers to put in place an effective mechanism to monitor the end use of funds.
The central bank said that card issuers will not share card data (including transaction data) of the cardholders with the outsourcing partners unless sharing of such data is essential to discharge the functions assigned to the latter. "In case of sharing of any data as stated above, explicit consent from the cardholder shall be obtained. It shall also be ensured that the storage and the ownership of card data remains with the card-issuer," the RBI said.
The RBI further said that card issuers should inform customers of the implications of paying only "the minimum amount due".