Mr. Sarwar Raza, a credit card holder and practicing advocate in Delhi was issued a credit card by Citibank in January 2022. But due to multiple wrong login attempts in April 2022, the credit card was disabled. Next day the bank issued a new card but without Raza's request or activation. The credit card no.1 was disabled by the Bank on April 6, 2022 due to security reasons.
Meanwhile, Raza's registered mobile number for that card was also changed on request of the fraudsters under suspicious circumstances and the bank intimated this information to Mr. Raza's old number as well.
Fraudsters changed his registered mobile number only to make large transactions amounting Rs.76,777, of which Raza was totally unaware until he received a credit card statement on 12 April 2022.
Upon learning about the unauthorized debit, Raza immediately filed complaints with:
- The bank
- Delhi Police Cyber Cell
These unauthorized transactions occurred on platforms like Paytm and Flipkart in April 2022.
Mr. Raza was unaware about the wrong login attempts on card no.1 or the request to change his mobile number.
He called bank's customer care to complain about the credit card no. 2, and the bank's agent assured him that if he did not activate the card, it wouldn't show up in the bank's records.
Raza also approached the Reserve Bank of India (RBI) Ombudsman two times to challenge the bank's handling of the dispute. However, both complaints were rejected on technical grounds:
- First complaint rejected because it was filed through an advocate.
- Second complaint dismissed due to an alleged clerical error in the complaint form.
This case then went to Delhi High Court and on 27 November 2025 ruled in favour of Mr. Raza after examining the sequence of events, instructed the bank to pay him Rs 1 lakh for the harassment he faced and directed RBI to strengthen the Ombudsman mechanism with human supervision, avoid technical rejections, and ensure clear complaint flowcharts and hierarchies are displayed on bank websites.
The court strongly stated that even if a customer unknowingly an OTP or password shared, the bank must provide effective channels to immediately block the card and should not impose interest or penalties while a dispute is pending.
CAclubindia
