I was paying my online bills and I received SMS alert for more amount than I had paid. When I called the HDFC customer care to ask for justification they said the extra charge is taken by vendor for online payment not the bank.
My question is - The bank uses Verisign to authorize all payments online for security. When the password page shows me the final amount and ask me for confirmation then password to complete the transaction, it is also a way for user to check if they're being charged right amount. On the verification page, I saw the amount I had authorized, on the vendor website too it is the same amount. But when I got sms alert of the transaction, it was higher amount.

Who authorized the bank to allow my card to be charged extra? It's not about the money, it's about the security of my card. Why is vendor allowed to levy extra charges on a user's credit card without his/her knowledge or authorization? When I asked the bank to cancel the charge citing I had not authorized this much amount to be charged, they flatly refused to do so. This when I had called within 5mins of the transaction being done. Seeing such behavior makes me very doubtful if they'll ever dispute/cancel a false charge to my account should my credit card be misused.

Tomorrow if a vendor comes and charges me 5000 Rs for handling or transaction charges that were not disclosed before, and bank allows that charge to go through without my permission, who's fault is it? How can the bank push all responsibility on the vendor when I as a user trusted the bank to protect and safeguard my money?