Is this ethical for a bank to display existing/offered credit limit of under mobile notifications?

[Batman]

Attached below is a notification I received regularly on my mobile phone. I have been offered a meagre 90k limit increase over an existing 8L - based on ITR.

HDFC sends about 4-5 notifications each day, and displays the existing limit and offered limit at all times.

Aren't there any existing guidelines against disclosing/displaying such information openly outside the HDFC Bank app? This is plain stupid in my opinion.

 

[Gaara]

Attached below is a notification I received regularly on my mobile phone. I have been offered a meagre 90k limit increase over an existing 8L - based on ITR.

HDFC sends about 4-5 notifications each day, and displays the existing limit and offered limit at all times.

Aren't there any existing guidelines against disclosing/displaying such information openly outside the HDFC Bank app? This is plain stupid in my opinion.

View attachment 59128

Except for me, no one else touches my phone, so that is not a concern for me.
Additionally, we have options in the notification settings to ‘Hide notification content,’ and we can also disable promotional notifications in apps.
.
.
I wonder why you are concerned about the app displaying your credit limit on your phone, while you posted the same notification on a public forum.

 

[SplendorSuperman]

I wonder why you are concerned about the app displaying your credit limit on your phone, while you posted the same notification on a public forum.

 

[Batman]

I wonder why you are concerned about the app displaying your credit limit on your phone, while you posted the same notification on a public forum.

That's neither here nor there, mate. It's like comparing apples and oranges.

TF is an anonymous online forum for me. It is vastly different from my personal mobile phone which has all the bank apps, and can potentially cause a lot of loss (if it is broken into).

On this forum, I have posted the credit limits of all my cards, and sometimes my tentative ITR as well. I don't publicly advertise that with people around me IRL.

 

[Batman]

My intention of making this post here in the RBI Guidelines section is to understand the existing guidelines on disclosing Credit Limits and, if possible, try to get the bank make required changes.

Notifications on Android can be read by multiple apps - including Paytm, Truecaller, CRED etc. Sure, notifications can be turned off. But banks shouldn't announce it in the first place.

Why should anybody's credit details be announced openly - outside the Banking app. This is not safe for general public.

 

[doraemon]

@Batman any update bro?

 

[Batman]

@Batman any update bro?

Cheque thing? No bhai. I'll call uncle tomorrow and check.

 

[suhasa010]

That's neither here nor there, mate. It's like comparing apples and oranges.

TF is an anonymous online forum for me. It is vastly different from my personal mobile phone which has all the bank apps, and can potentially cause a lot of loss (if it is broken into).

On this forum, I have posted the credit limits of all my cards, and sometimes my tentative ITR as well. I don't publicly advertise that with people around me IRL.

But you must be knowing that search engines crawl public websites and index them and is easily searchable with specific keywords, and more often than not credit card related keywords usually have results from technofino.

 

[tam]

i mean, bank considers phone your private property which you have full control over, if you brought home some guests that you think might steal something from your house, you wouldnt go around blaming anyone but yourself or thieves.

 

[Batman]

But you must be knowing that search engines crawl public websites and index them and is easily searchable with specific keywords, and more often than not credit card related keywords usually have results from technofino.

100% for sure. I work in tech. Look at the screenshot below and notice the search query. It took Google 3 hours to index this thread. Also look at the other threads attached to my username Batman.

The point I am trying to make is that user identity must not be linked with ITR / Credit Limit / Credit card names etc. That would be scary.

The next higher level of scary is linking your identity + credit limit/ITR + your mobile access. Mobiles are a serious financial weapon these days.

 

[SSV]

Put it this way, understanding and implementing privacy laws in India is a myth.. in my view..

In reality , PAN cards and Aadhar cards are there everywwere floating around , which is of more a concern than displaying your CL in email notifications..

Even if there is a guideline from RBI, no-one gives a crap in implementing those.. even more serious ones are ignored left right centre..

Having said that I really doubt if there is any regualtion about this display of CL outside their own apps.
Good luck in finding this guideline and even if you find it, it would be a horrendous task to make sure your banker is adhering to it...

This is my view.

 

[Batman]

i mean, bank considers phone your private property which you have full control over, if you brought home some guests that you think might steal something from your house, you wouldnt go around blaming anyone but yourself or thieves.

That doesn't seem to be an appropriate analogy. Once again, comparing apples and oranges.

No, this is not the case. Banks cannot display any private information any where on a mobile phone, under the pretence of a private property. This is why stringent RBI guidelines exist.

Hell, banks aren't even allowed to display Credit/Debit Card number + CVV at the same time. User has to toggle a button to see it one at a time.

 

[tam]

That doesn't seem to be an appropriate analogy. Once again, comparing apples and oranges.

No, this is not the case. Banks cannot display any private information any where on a mobile phone, under the pretence of a private property. This is why stringent RBI guidelines exist.

Hell, banks aren't even allowed to display Credit/Debit Card number + CVV at the same time. User has to toggle a button to see it one at a time.View attachment 59166

Tbh yeah, fair enough

 

[newinnov]

I'm annoyed with HDFC notifications too! Why they have "Not interested" button in mobile app, when they plan to bombard you with same notification everyday!
Even last limit enhancement notification after availing limit enhancement, is still there from half a year!
Until hdfc face another Kotak from RBI... They are not going to improve!

 

[Batman]

I think the point I'm trying to make in this post is getting lost, based on some of the comments I see.
Displaying any user's banking information outside the mobile banking app, without user's permission, is unethical.

What happens if tomorrow the banks start announcing the account balance in notifications?

Why I'm concerned with this erosion of privacy

1. I understand how easily the other apps in your phone can have access to your notifications.
2. My recent experience of a fraud case has left me to be more careful than I was earlier. I'd point to the Cheque Fraud case I've posted on this forum, where the fraudster knew the account balance to be Rs 78k, and thus withdrew Rs 75k by cheque. If the cheque amount was 80k or 1L, cheque would have bounced and no fraud committed.
   
   Bank account information, if known accurately, can be used to scam very easily.

Banking Guidelines:
There's a reason most banking apps that display card details etc look very similar (though that is changing slowly). The regulatory guidelines don't allow a lot of change.

In my experience of working with people who build banking apps, I have observed the guidelines to be very stringent.
Each page (and I do mean each page) of an app is scrutinised heavily by the regulatory team at RBI/NPCI. Even a simple thing like different button color, or long text is rejected outright. Then you gotta build a new version and apply for approval again, in ~3-4 weeks.

Normal mobile apps get updated when the development team builds something new. Banking apps get an update when the team builds something new -> gets approval from RBI/NPCI -> team is allowed to launch the new version.

The recently updated HDFC mobile app was actually built by Zeta, a friend of mine has been working on this project since 2021/22. It took 2+ years to update and relaunch the HDFC app we now use. Banking App regulations are not piece of cake.

---
I agree with @SSV that some RBI guidelines are being ignored. It is also highly possible that such a guideline on displaying credit limits doesn't exist yet.

Even if there is a guideline from RBI, no gives a crap in implementing those.. even more serious ones are ignored left right centre..

 

[Lobogris]

Not at all unethical. It's only sent to you in a private conversation. It's not being shared with anyone else. The limit is also displayed by most banks in every SMS when you charge something on your card. So what's the difference here?

 

[Batman]

Not at all unethical. It's only sent to you in a private conversation. It's not being shared with anyone else. The limit is also displayed by most banks in every SMS when you charge something on your card. So what's the difference here?

That's true. Available credit limit is displayed in transactional SMS as well. Doesn't make it right.

I think the point I made still stands. With mobile apps, and now on-device-AI reading all our text messages and notifications, banking information shouldn't be displayed this easily.

 

[TheTrickySid]

Not at all unethical. It's only sent to you in a private conversation. It's not being shared with anyone else. The limit is also displayed by most banks in every SMS when you charge something on your card. So what's the difference here?

Also the SMS app shows these sms in the notification pannel as well how will you avoid those.
What about OTP recieved via SMS getting displayed in notification??

 

[TheTrickySid]

My recent experience of a fraud case has left me to be more careful than I was earlier. I'd point to the Cheque Fraud case I've posted on this forum, where the fraudster knew the account balance to be Rs 78k, and thus withdrew Rs 75k by cheque. If the cheque amount was 80k or 1L, cheque would have bounced and no fraud committed.

Why wasn't this cheque issued to account payee only??

 

[msankadi]

Sending a notification to me is a privilege... 95% of apps (150+) on my phone are blocked from sending me notifications on my phone... Plus remaining 5% I allow only for specific app category notifications

Love android for all the customization it offers me

Protip if you want to take your notif game to even a level above try buzz kill app... Thank me later