A fraudster impersonated your bank and obtained your OTP through a phishing call. ₹45,000 was debited from your account within minutes. You reported the fraud within 3 hours. PayFast's dispute bot replied: "OTP verified. Transaction authorised. Liability rests with user."
The Situation
Indian banks routinely treat OTP authentication as conclusive proof that you authorised a payment. Under RBI guidelines, that argument fails when the OTP was obtained through social engineering and you reported promptly.
Key Law
- RBI Master Direction — Limiting Liability — customers have zero or limited liability for unauthorised electronic transactions reported promptly when a third party is involved. RBI
- Social engineering ≠ negligence — sharing an OTP under deception is not the same as wilful negligence. The bank must investigate before assigning liability.
- Authentication vs consent — an OTP confirms someone entered a code; it does not prove you knowingly approved a specific transaction.
Arguments That Work
- Cite the RBI Master Direction on customer liability in unauthorised transactions.
- State explicitly that the OTP was obtained through social engineering — not negligence.
- Provide your reporting timeline — prompt reporting triggers zero-liability protection.
- Threaten RBI Ombudsman escalation at cms.rbi.org.in if unresolved within 30 days.
About This Case
What excuse does PayFast's RESOLVE-AI bot use?
"OTP verified. Transaction authorised by account holder. Liability rests with user." — it treats authentication as proof of consent.
Which RBI rule counters the OTP argument in Fix AI?
The Master Direction on Limiting Liability — social engineering is not negligence, especially when you reported within hours.
How do I practice the PayFast UPI case?
Open fixai.dev/?level=45 to dispute the ₹45,000 debit against RESOLVE-AI.
Related Guides
Practice this dispute against PayFast's RESOLVE-AI bot. Cite RBI liability rules and force a ₹45,000 reversal.
Play This Case Free →