State Bank of India is one of the largest Commercial Banks in India. A few years back, I had notified the Bank that there was an indication of a software bug in their “Senior Citizen Account Software” and it was resulting in an excess of 16% being charged on the expenses account in the Bank compared to whatever interest was due to be paid to a customer. ie. For every RS 100 paid to the customer, RS 116/- was debited to the charges account. This was based on the observation of two accounts in one of the branches which was stated to have similar problems in 70 more cases. I had then notified the Bank that this was indicative of a possible fraud amounting to nearly R 8000 crores. I had also suggested that there was a need for software audit to eliminate the problem.

To the best of my knowledge nothing has been done in this regard though there was a public statement at that time from a DGM that it was due to a software error and would be corrected from the following accounting year. 

Since last April, I have been indicating to SBI Cards division that there is a likelihood of a malicious software code in their Credit Card processing system which is claiming excess amount from the Card holder. I am enclosing an extract of a statement from a Card

extract from statementExtract

account which shows a simple one month statement of expenses including transactions booked internally by the Bank. According to simple arithmetic, the statement adds up to indicate a net amount payable by the client to the extent of Rs 4678.02. However, the Bank indicates an amount payable of Rs 9453.42.

Unfortunately, over the last 6 to seven months, the Bank authorities have not been able to sort out the issue of how the statement shows an amount of RS 9453.42 payable instead of RS 4678.02.

The matter has been reported to the Chairman as well as the Banking Ombudsman. Their intervention has also been ignored by the Card division which is acutually subcontracted to the GE. The software engineers who are managing the division are not able to accept the manual arithmetical calculations and have been maintaining “What is shown as the amount payable in the top right corner of the statement is what is payable”.

They seem to think that if their Computer says 2+2 is 5, then it must be correct.

If this is the level of intelligence of the staff members, if the customer’s money in the Bank safe? Can the shareholders of the Bank trust the management of the Bank for safeguarding the investor’s interest?

As an Information Security observer,  it appears that the software of the card division has been fraudulently manipulated and at certain conditional fulfillment, it charges customers an amount higher than what is payable. We need to know the other end of this transaction whether the money is being dumped within the Bank as additional profit or is being siphoned off by any individuals. There is a distinct possibility of a fraud of large proportion involved in the incident.

This being the second incident in which a potential fraud in SBI has been brought to the notice of the public, I hope that the top management of the Bank would realise that they may  be liable for negligence in not taking appropriate action.

This matter is being brought to the public notice since scores of e-mails and several registered letters to the card division have had no impact.

In the interest of public, it is necessary for a CBI enquiry to be ordered to conduct an audit of the software used for card processing. Until then the card division should suspend its activities.

I urge all customers of SBI cards to check their accounts regularly, add up the card usage and check if the amount shown as payable in the statement is correct.

vijayashankar

Update posted on November 17th 2008: 

 Explanation from SBI Cards

As per the response sent by SBI Cards to the anomaly pointed out earlier, it is stated that the monthly card statements show certain entries as debits and credits. However the balance shown as payable is not calculated out of these debits and credits. There is a second stream of calculations which monitors the dues of the customer and the amount payable gets printed from this calculation.

In other words, a part of the contents of the statement is printed out from the database of transactions and the part from another application. If all the transactions during the month form part of both streams of calculations then the statement appears correct. In cases where there are adjustments which are not part of the current transactions, the balance payable will not be a result of the summation of the debits and credits shown in the statement. In other words there may be an excess claim during one month and a short claim in a different month when looked at from the point of view of the transactions reported in the statement.

Though this explains the issue raised earlier, the practice leads to a  confusion in the customers who follow their expenses separately and try to tally with the amount claimed. The mistake gets compounded as in the subject case which we referred where there was first an unauthorized debit in respect of a cancelled insurance policy and then creation of an unauthorized EMI-loan  against the payment. Then both were reversed one in the background and another on the statement.  This resulted in multiple entries both debit and credit in respect of the same transaction leading to a complete messing up of the account reconciliation. Hope SBI cards will revise the monthly statement format to ensure that what we see on the transaction list is what the balance is made off.

However we thank SBI Cards for responding to this blog entry while more than 6 months of e-mail and letter corresponsence had failed to attract attention of appropriate senior officials of the Bank.

Vijayashankar

November 17, 2008

Be Sociable, Share!