This article tells the real story of Sourav Ghosh, who faced problems because of an unknown transaction. It explains what customers should look out for to avoid fraud and what steps to take if something goes wrong. The case also shows where the system fails and how these issues can be fixed. Most importantly, it teaches us that even when everything seems to go against you, it’s important to stay strong and fight for what is right.
“Fraud can happen to anyone. But the real betrayal begins when the very institutions meant to protect you turn their backs.”
Introduction: how i became both a victim and a fighter
In May 2024, a fraudster robbed me of more than just money; they stole my peace of mind, my trust in the system, and nearly a year of my life. Yet, the most painful lesson I learned is this: the system doesn’t just fail you, it fights against you.
Today, I’m still buried under growing debt, battling to prove that I’m a victim, not a defaulter. This is my story, not just to share my struggle, but to find others like me, and to appeal to legal warriors who believe this fight is worth continuing.
Things I wish I knew one year ago
Looking back, there are some critical lessons I learned the hard way, knowledge that could have saved me from financial loss, mental agony, and wasted time. I’m sharing them here in the hope that others don’t have to go through the same painful journey.
Never, ever trust phone calls claiming to be from your bank
- Only trust phone numbers you personally collected from verified bank officials during in-person visits to the branch.
- If you receive a call from an unknown number claiming to be from your bank, redirect them to your trusted contact or independently verify by calling the branch directly.
- Scammers today sound extremely professional; they rely on your momentary trust. Don’t give them that chance.
Don’t rely on SMS alerts alone, and check your emails regularly
- SMS alerts can fail or get delayed. Make it a habit to regularly check your email notifications for all transactions.
- Missing an alert doesn’t just delay your reaction, it can cost you your legal protection under time-sensitive reporting guidelines.
Time is critical; report unauthorised transactions immediately
- For any fraudulent or unauthorised transaction, remember that most protections under RBI guidelines depend on reporting within 24 hours.
- Use all available channels, customer care, emails, app chats and ensure you receive confirmation that your complaint was registered within this crucial window.
Be careful when filing cybercrime complaints online
- If possible, lodge the complaint by calling Cybercrime directly instead of relying solely on the online portal.
- If you do file online, review the acknowledgement form thoroughly, especially to verify the transaction date and amount.
- Any mismatch could lead to your complaint getting stuck for months, as it did in my case. If you notice errors, call Cybercrime immediately and have them corrected without delay.
File an FIR without delay, you don’t need to know the fraudster’s identity
- Contrary to popular belief, you can file an FIR even without knowing who scammed you.
- If your local police station refuses, consult a legal professional immediately. There are legal provisions to escalate non-registration of FIRs and hold police accountable.
Be ready to guide investigating officers and cybercrime officials
- Many officials handling these cases may not fully understand how credit card transactions work, how credit scores are impacted, or how payment gateways and merchant liabilities operate.
- Be proactive, stay involved in the investigation, and keep pushing for accountability. You can’t assume that officials will have all the answers or take the necessary actions without your persistence.
Final Reminder
Always document every communication, including emails, call logs, complaint acknowledgements, and any verbal assurances received. Maintain a personal log of every action you take, with dates and times. This not only strengthens your case legally but also ensures you don’t miss critical follow-ups during what can often become a long and exhausting process.
Timeline of my fight for justice
May 11, 2024 – The day it all started
A fraudster called me pretending to be from my bank. They knew my last four card digits, the type of cards, the last bill generated & PID, and even my credit limit.
They directed me to a fake website resembling my bank’s co-branded CPP portal and convinced me to enter my name and phone number, not my card details. An OTP followed, supposedly for waiving the Annual Maintenance Charge.
Right after I gave the OTP, I felt a sinking feeling in my stomach. Something didn’t feel right. Within minutes, I dropped the call, changed all my passwords, blocked my cards, and even told my partner that I had probably managed to contain the situation just in time.
For a brief moment, I believed I had acted fast enough to stop any real damage. But I had no idea that while I was trying to secure my accounts, the damage had already been done quietly, and without even an SMS alert to warn me.
May 21, 2024 – Discovery and first complaint to the bank
I only found out about the transaction when the next credit card bill arrived. Yes, technically, the bank had sent an email alert, but let’s be honest, how many of us check every transaction email when we’re not even aware that a transaction occurred?
At that moment, it didn’t even cross my mind that a transaction like this could happen without me ever entering my card details. I couldn’t imagine that just by sharing my name, phone number, and an OTP, such a massive CVV-less transaction could be processed.
By the time I saw that bill, it was already too late.
I immediately raised a dispute. The bank’s cold response:
“The transaction was authenticated using OTP. The liability remains with the customer.”
They refused to acknowledge that I never received an SMS alert or that the transaction was highly unusual based on my spending patterns.
May 2024 – Cybercrime complaint filed but stuck in limbo
We promptly filed a complaint through the Cybercrime Online Portal, hoping it would expedite the investigation. For nearly a year, the status simply showed “Under Process”. Each time we enquired at the local police station, we received the same vague response.
It wasn’t until we took our advocate to the Cybercrime Head Office that we uncovered the real issue, the complaint had effectively bounced because the transaction amount we entered didn’t match the actual disputed amount. Due to a technical glitch, the full amount hadn’t been submitted, but the system still generated an acknowledgement.
Shockingly, neither the authorities nor even the legal professionals we consulted noticed this error in the complaint acknowledgement. It was only after directly contacting Cybercrime support that the record was corrected within 24 hours of our call.
Only after this correction were we finally able to register an FIR on March 1, 2025, nearly a year after the fraud took place.
This experience made it painfully clear that systems meant to protect us are so poorly designed and monitored that even critical complaint errors go undetected. And while we waited in good faith, time slipped away, and the financial burden grew heavier.
May – Dec 2024 – The escalation begins
- Level 2 (Nodal Officer): My concerns were dismissed again with a templated response.
- Level 3 (Principal Nodal Officer): Their final stance:
“We deny your claim of these transactions being fraud.”
My questions were never answered:
- Why wasn’t I sent a mandatory debit SMS for a high-value transaction?
- Why didn’t the fraud detection system flag a transaction using 90% of my credit limit despite no prior large transactions?
- Why wasn’t the payment gateway or merchant held accountable?
I couldn’t help but wonder what exactly this Digital Transaction Monitoring System is that banks talk about.
Even when we try to make legitimate purchases and enter OTPs ourselves, haven’t we all experienced situations where the bank blocks the transaction, temporarily freezes the card, and immediately floods us with SMS alerts, emails, and even verification calls asking if we authorised the transaction?
If their system reacts so aggressively for much smaller amounts, why didn’t any of those safeguards trigger when nearly 90% of my credit limit was wiped out in a single, highly unusual transaction? This is the question no one from the bank’s grievance officers to the regulatory authorities has ever cared to answer.
And this raises another critical distinction that’s often ignored: a credit card transaction isn’t like a simple account-to-account transfer through NEFT or UPI. In those cases, only the two bank accounts are involved. But with credit card transactions, two additional intermediaries are always part of the process: the payment gateway and the merchant.
If you’ve ever run a business and tried to sign up with payment gateways like Razorpay, Paytm, or PayU, you’ll know how stringent their KYC verification processes are. It’s no easy task to even open an account with these platforms. And think about it, how often do you hear about new payment gateways popping up? You don’t, because getting a license to operate as a payment gateway or aggregator, especially for card-not-present transactions, requires rigorous policy compliance and regulatory approvals from the RBI and other authorities.
So, isn’t it strange and frankly unacceptable that despite these layers of accountability, and despite the payment gateway and merchant having full identity information of who processed the transaction, they are not being held liable at all for facilitating this disputed transaction?
It feels like the very system built to prevent such fraud is instead shielding the wrong players, while leaving victims like me to suffer alone.
There’s also a very simple, common-sense question that no one seems to ask: We don’t use credit cards to just send money to individuals for personal reasons, do we? Credit cards are meant for purchasing products or services.
So, when the bank rejected my appeal, stating that “it was a successful e-commerce transaction done in a secure environment,” I asked a basic question:
If this was indeed a legitimate e-commerce transaction, why isn’t the bank asking the merchant to furnish proof of the products sold or services delivered?
Shouldn’t the burden of proof fall on the merchant to show what exactly was sold to me? After all, that’s standard practice in any legitimate business transaction. But instead of holding the merchant accountable or investigating what goods or services were supposedly purchased, the bank simply closed my case and pushed the liability onto me.
Isn’t that the exact opposite of how consumer protection is supposed to work?
July 2024 – RBI ombudsman complaint
I filed a formal complaint under the RBI Integrated Ombudsman Scheme. Outcome:
“No deficiency found in the bank’s service. Please approach law enforcement.”
March 1, 2025 – FIR finally registered
For nearly a year, I didn’t know I could file an FIR without knowing the fraudster’s identity. No one, neither the bank nor the police, told me. The FIR was finally lodged under Sections 406 and 420 IPC.
March 2025 onwards – Submitting FIR to Axis Bank again
Despite submitting the FIR, the Principal Nodal Office replied:
“In case if you have filed any FIR with the police, please share the copy with us.”
This, even after I’d already shared it multiple times, including through a Google Drive link after their email system kept rejecting attachments.
April 2025 – Submitting FIR to RBI again and facing yet another closure
After finally registering the FIR, I submitted it once again to the RBI Ombudsman, hoping this critical development would prompt them to reconsider my case.
But the response was as disappointing as it was dismissive. Despite acknowledging receipt of the FIR, the RBI Ombudsman refused to reopen the case, citing procedural closure and stating:
“The case has already been closed as per the Integrated Ombudsman Scheme guidelines. We regret that no further action can be taken on this matter.”
Even after fulfilling every requirement they previously cited, submitting the FIR, sharing all case details, and providing direct contact information for the investigating officer, I was met with yet another closed door.
The never-ending financial strain
- Every lawyer visit to the police station and letter drafting has cost me over ₹10,000.
- Even after the FIR, the bank refuses to stop sending monthly bills and adding interest.
- I have already paid over ₹1.5 lakh under protest, paying the minimum payment, to avoid credit score damage, but the debt only grows.
My back is against the wall. I am fighting with dwindling financial resources and mounting emotional distress.
The legal protections that were ignored in my case
Customer protection
- Limiting Liability of Customers in Unauthorised Electronic Banking Transactions (6 July 2017)
Read Here
I reported the fraud immediately after discovering it. Yet, the bank refused to apply the zero-liability clause.
Mandatory SMS alerts (RBI Circulars)
Fraud monitoring and prevention
Chargeback and merchant accountability
Relevant legal precedents
Jesna Jose v. HDFC Bank (NCDRC, 2021)
Jarnail Singh v. SBI (NCDRC, 2022)
Refund granted due to lack of SMS alerts.
Jyoti Bezbarua Goswami v. SBI (Gauhati High Court, 2023)
The court ordered a refund of ₹4.44 lakh; the bank failed to prove customer negligence.
Why I’m sharing this
To connect with others like me
If you’ve faced something similar, let’s connect. Together, we can exchange information and stand stronger.
To appeal for volunteer legal help
I am seeking legal professionals or law students willing to help me fight this injustice.
When I win, I fully intend to claim all legal costs from the bank as part of the compensation.
Your rightful fees will be my first priority from any recovery. But until then, I need someone who believes in standing up for what’s right, even when the odds are against us.
To understand my real legal options now
I am done wasting more time and money drafting legal notices and sending letters to the bank or RBI that lead nowhere. I’ve already spent enough on legal fees without seeing any real progress.
What I really need now is clear, actionable advice on the next step:
- Should I approach the Consumer Court under the Consumer Protection Act?
- Is it possible to file a Writ Petition under Article 226 in the High Court against the bank and regulatory failures?
- Are there any other regulatory bodies or forums where I can hold the bank and the RBI accountable for negligence?
- Could this case qualify for a Public Interest Litigation (PIL), considering the larger issue of systemic failure affecting many others?
I’m not getting straight answers from my current legal counsel. I need someone who understands both the legal framework and the most practical, effective way forward to finally bring this fight to the right forum.
Closing thoughts: I’m not done fighting
Despite everything, I’m still standing. I refuse to give up, even when every institution I trusted has turned away.
If you’re someone who believes in justice, whether you’re a fellow victim or a legal professional, I ask you, please reach out. Help me fight this battle, I should have never had to fight alone.
For personal and legal reasons, I have chosen to stay anonymous in this article.
However, I will be actively monitoring the comments to gather any advice, learn from others facing similar issues, and explore possible solutions.
If any legal professionals or individuals willing to help prefer a private introduction, I kindly request that you reach out directly to the publication’s editorial team.
They can facilitate a confidential connection without compromising my privacy.
