Aman Mahajan, a 15-year loyal HDFC Bank customer, reported a ₹2 lakh fraud due to weak IPIN reset security. Read full complaint details and how Choice4Voice.com is amplifying his case.
Complaint Summary : Aman Mahajan ₹2 Lakh Fraud Complaint Against HDFC Bank – Security Lapse in IPIN Reset Process
| Complainant | Aman Mahajan |
|---|---|
| Location | Khargone, Madhya Pradesh |
| Company | HDFC Bank |
| Issue | ₹2 Lakh Fraud – Security Vulnerability in IPIN Reset Process |
| Duration of Relationship | 15 Years (Customer) |
| Complaint Filed With | Local Police Station, Cyber Crime Branch, HDFC Bank |
| Key Concern | IPIN Reset Process based only on OTP, making accounts vulnerable |
| Status | Awaiting Strong Security Action from HDFC Bank |
Full Complaint Details
Aman Mahajan, a Senior Data Management Analyst at CBRE, has been a loyal customer of HDFC Bank for over 15 years. Recently, he became the victim of a ₹2 lakh online banking fraud.
Immediately after noticing the fraudulent transaction, Aman filed complaints with both the local police station and the cyber crime branch. However, upon further investigation, he identified a serious security flaw in HDFC Bank’s internet banking system.
Unlike several other banks that require debit card details and additional verification for resetting internet banking passwords (IPIN), HDFC Bank only relies on OTP authentication sent to registered mobile and email. This makes it alarmingly easy for fraudsters to exploit customers—particularly if the mobile device is compromised.
Aman strongly believes that this is not just a case of fraud but also a failure of HDFC Bank’s security infrastructure. He argues that if his account had been with another bank, the fraudsters would have faced far greater difficulty in resetting the IPIN and stealing money.
With deep disappointment, Aman has announced that he will be closing all his current and savings accounts with HDFC Bank after 15 years of trust, citing customer safety negligence as the main reason.
This case raises a critical question: Are Indian banks doing enough to protect customers from evolving cyber threats?
Commonly Asked Questions (Q&A)
Q1. Who is the complainant in this HDFC Bank fraud case?
Aman Mahajan, a Senior Data Management Analyst and long-term HDFC Bank customer.
Q2. How much money was fraudulently withdrawn from his account?
₹2 lakh.
Q3. What is the main security flaw identified in HDFC Bank’s system?
The IPIN (internet banking password) reset process relies solely on OTPs sent to mobile and email, with no requirement for debit card or additional verification.
Q4. Why is this considered unsafe?
If a fraudster gains access to a customer’s mobile or email, they can easily reset the IPIN and access the account without needing debit card credentials.
Q5. How did Aman respond after the fraud?
He immediately filed complaints with the police and cyber crime branch and contacted HDFC Bank.
Q6. Has HDFC Bank responded to the complaint?
The case details suggest Aman is still awaiting a proper resolution or policy change from the bank.
Q7. What action is Aman Mahajan planning to take?
He has decided to close all his accounts with HDFC Bank.
Q8. What makes this case significant?
It highlights systemic security flaws that could affect thousands of HDFC Bank customers.
Q9. Do other banks follow stricter security protocols?
Yes, many banks require debit card details or additional security layers for resetting passwords.
Q10. What should customers do to protect themselves?
Monitor transactions closely, avoid using unsecured devices, and immediately report suspicious activities.
Q11. Can HDFC Bank be held accountable for this fraud?
Yes, if it is proven that the security design itself is inadequate and exposes customers to undue risk.
Q12. Has RBI been informed about this case?
While Aman has reported to police and cyber crime, escalation to RBI may also be considered.
Q13. Why is HDFC Bank considered a top target for fraudsters?
Because of relatively weaker password reset security measures compared to other banks.
Q14. How can banks improve internet banking safety?
By requiring debit card details, multi-factor authentication, biometric verification, and stronger fraud detection systems.
Q15. What is an IPIN?
It is the Internet Banking Personal Identification Number (password) required for logging into HDFC NetBanking.
Q16. How do fraudsters usually exploit weak systems?
By hacking mobile devices, intercepting OTPs, and resetting passwords remotely.
Q17. How long has Aman been an HDFC Bank customer?
15 years.
Q18. What impact does this have on consumer trust?
Incidents like this significantly erode trust in digital banking platforms.
Q19. What legal recourse is available for fraud victims?
Victims can approach cyber crime cells, consumer courts, and escalate complaints to RBI.
Q20. How can Choice4Voice.com help in such cases?
By amplifying genuine customer complaints, creating public pressure, and ensuring companies are held accountable.
Original Source of Complaint
View Aman Mahajan’s Original LinkedIn Post
Final Note
This case demonstrates how even long-term loyal customers can fall victim to banking system vulnerabilities. Financial institutions like HDFC Bank must urgently revisit their security protocols to protect customers from fraud.
At Choice4Voice.com, we are committed to giving consumers a strong platform to raise their voice when companies fail them. Cases like Aman Mahajan’s remind us why consumer advocacy is essential in today’s digital era.
If you are facing a similar issue with your bank, telecom provider, or any service company, we encourage you to raise your voice.
Submit Your Complaint at Choice4Voice.com because your voice matters.
