You have posted that:
--“Similar transactions are happening almost every day from same bank in exactly same manner. The striking similarities of cases reveal that somebody has gained excess to bank's database.”
Some one from the branch of this bank might be involved.
Does this branch of the bank has opened salary a/c of your company and has collected the docs of all employees?
Did you give your consent to obtain debit card, net banking in a/c opening form?
Do you have copy of the a/c opening form? If not then first obtain it form the branch and then get it certified under seal of the bank and sign of PB authorizer of the bank.
Did you receive the internet banking/Debit card password in sealed condition?
Did you fill the form yourself or you just signed it and executive of the bank filled it? Did you leave any column blank?
Majority of the executives of the bank are either on contractual basis { not permanent employees although they may be flasshing I cards issue by the bank} or are third party arrangements.The executive who opened your company’s salary a/c’s was permanent employee or not?
Obtain copy of the form and check which mobile numbers, phone numbers, email id’s are in record of the bank and these are yours or not?
--“ " transaction is duly authorized E-commerce transaction done using a NetSafe Card which is a one-time virtual card number linked to the above mentioned Debit Card. confidential information pertaining to the Debit Card could have been compromised by the customer knowingly or unknowingly during a Phishing attack / mail or such illegal means deployed by unscrupulous persons on the internet."
This implies you have complained to the bank in writing, even if by emnail.
This is the standard reply of the bank sent to you using cut and paste option and is sent to one and all customers facing such situation. The ides is transfer the onus on the customer as majority of the customers do not agitate beyond a limit and do not pull the bank to court. This is also an attempt to protect the bank from damages.
Did you ever receive any email or SMS?
Did you provide your mobile number and email id to the bank in a/c opening form?
--“ I immediately called HDFC customer care and inquired about it.”
Did you obtain the complaint number?
If not collect it immediately and mention it in your follow up communication.
Or did the CCE issue complaint number on his own? CCE is under obligation to issue complaint number. If not lodge a complaint and of this CCE and demand a complaint number be issued to you in writing.
--“ I never received any sms or email for authenticating this transaction.”
This is your defense.
Demand in writing from bank the copy of the communication sent by it to you for authorization and copy of the authorization given by you.
Lodge a police complaint by letter under acknowledgment by seal and signature of the police station. Lodge a complaint with cyber crime cell of the police also.
Demand in writing from the bank that bank deputes an official and to lodge a police complaint with you {jointly by bank and you}. In all probabilities bank shall deny.
Lodge a complaint with your company also and inform all other fellow employees.
Shift the a/c to another bank say SBI, Axis bank. However this time do not give mobile number and email id and keep certified copy of the a/c opening form {photocopy attested by bank}.
It is felt that banks have been penalized in such cases.
