Credit card fraud

Subject: Request for Legal Opinion – Online Credit Card Fraud / RBI Ombudsman Closure Dear Sir / Ma’am, I seek your legal opinion regarding an online credit card fraud dispute. I am intentionally keeping this summary anonymized while providing all material facts. Incident Summary • I attempted to make a very small online payment (₹10) through a link accessed via a social media advertisement. • The link redirected me to a website that appeared to be a normal merchant checkout flow. • During payment, I was shown a page visually resembling a genuine Visa Secure / Razorpay authentication interface. Critical Observation on Payment Page • The payment interface explicitly displayed: “Enter OTP for ₹10.” • No merchant name was displayed. • No higher transaction amount was shown. • The page design and flow looked identical to legitimate payment gateways I have previously used. Believing the page to be genuine and consistent with normal payment experiences, I entered the OTP received on my registered mobile number. What Happened Next • Immediately after OTP entry, I received a bank SMS indicating debit of a much larger amount (~₹25,000+). • Right after the debit alert, I received another OTP request for a different high-value transaction (~₹89,000+). • This clearly indicated that my card credentials had been compromised. Immediate Actions Taken • I blocked the credit card immediately. • I reported the matter to the bank without delay. • I filed a cybercrime complaint on the Government of India cybercrime portal the same day. There was no delay in reporting or blocking. Nature of Dispute with Bank The bank declined reversal/refund on the grounds that: • The transaction was completed in a “secured mode.” • Correct card credentials were entered. • OTP validation occurred. • SMS alerts were delivered. Hence, liability was attributed to the cardholder. My Core Contention • I never knowingly authorized the higher-value transaction. • The OTP was entered only because the payment page itself displayed ₹10. • The transaction amount was materially misrepresented on the authentication interface. • Therefore, consent was obtained under deception and was not “informed authorization.” • This is a phishing / cloned payment page scenario rather than voluntary credential sharing. RBI Ombudsman Proceedings • A complaint was filed under the RBI Integrated Ombudsman Scheme. • During proceedings, payment gateway and merchant responses confirmed that funds were settled to a wallet system and subsequently utilized. • RBI closed the complaint under Clause 16(2)(a), citing no deficiency of service by regulated entities. • The reasoning primarily relied on OTP SMS content and Para 7(i) of the RBI Customer Protection Circular (customer negligence where OTP entered). Concerns Requiring Legal View I seek legal guidance on the following: Whether UI misrepresentation / cloned payment interface deception can legally negate informed authorization, despite OTP validation. Whether such facts support a claim of deficiency in service / unfair trade practice before Consumer Commission. Whether payment gateway / intermediary visibility obligations (merchant name & amount display) carry legal significance. Practical viability, risks, and cost-benefit analysis of filing a consumer complaint. Whether any alternative remedy is advisable under consumer or civil law. I would greatly appreciate your candid assessment of the legal merits and practicality of pursuing this matter further. Thank you for your time and guidance. Regards, (Anonymized Cardholder)