In recent years, Indian banking system have been undergoing tremendous transformation and implementing many innovative ideas to offer best in class products / services to its customers.
Most of the banks and financial institutions are now offering ICT (Information & Communication Technology) based financial products and services to improve their business efficiency and speed of services. The electronic banking services are like e-banking, internet banking, electronic fund transfer, electronic clearing, mobile banking, UPI, Payments through pre-paid wallets etc.,
The digital transactions have been increasing rapidly in India. But, at the same time, we are also witnessing an increase in unauthorized electronic banking transactions / online banking frauds. With the rise in the volume of funds transmitted via electronic channels, the banking sector is facing new challenges as unscrupulous elements are devising new methods to commit online banking frauds.
The recent incident of 3 million Debit cards being blocked or recalled by Indian banks has sent jitters across the banking community. The concern is growing among bankers and customers on the threats posed by cyber criminals.
The Reserve Bank of India had issued draft norms related to “customer protection—limiting liability of customers in unauthorized electronic banking transactions” in August, 2016.
Given the recent surge in grievances relating to unauthorized banking transactions, the banking regulator has now revised the guidelines and has issued latest norms in determining Customers/Banks liability in case of fraudulent online banking transactions.
Unauthorized Electronic Banking Transactions & RBI’s new Guidelines
Below are the new norms on banking customer’s liability in case of unauthorized electronic or online transactions ;
Zero Liability of a Customer
A customer’s entitlement to zero liability shall arise where the unauthorized transaction occurs in the following events:
- Contributory fraud/ negligence/ deficiency on the part of the bank (irrespective of whether or not the transaction is reported by the customer).
- Third party breach, where the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system, and the customer notifies the bank within three working days of receiving the communication from the bank regarding the unauthorized transaction.
Limited Liability of a Customer
Below are the cases where a bank customer can be liable for the loss due to unauthorized transactions ;
- In cases where the loss is due to negligence by a customer, such as where he/she has shared the payment credentials, the customer will bear the entire loss until he reports the unauthorized transaction to the bank. Any loss occurring after the reporting of the unauthorized transaction shall be borne by the bank.
- In cases where the responsibility for the unauthorized electronic banking transaction lies neither with the bank nor with the customer, but lies elsewhere in the system and when there is a delay (of four to seven working days after receiving the communication from the bank) on the part of the customer in notifying the bank of such a transaction, the per transaction liability of the customer shall be limited to the transaction value or the amount mentioned in the below table, whichever is lower ;
- If the time taken by a customer to report the fraudulent transaction is beyond 7 working days, the customer liability shall be determined as per the Bank’s Board approved policy. (However, Banks have to display their approved policy in public domain for wider dissemination. The existing customers must also be individually informed about the bank’s policy.)
- So, if there is a third-party breach and where the fault/deficiency is neither with the bank nor with the bank customer then customer’s liability is summarized as below ;
- Kindly note that the number of working days mentioned in the above table shall be counted as per the working schedule of the home branch of the customer, excluding the date of receiving the communication.
- Also, the burden of proving customer liability in case of unauthorized electronic banking transactions shall lie on the bank.
- Banks have to resolve the complaint(s) or establish liability (if any) of the customer, within 90 days from the date of receipt of the complaint. (In case of unauthorized credit card transactions, the customer need not bear any additional burden of interest during this period.)
Reversal of Unauthorized Transaction Amount
- The bank has to pass a reversal transaction and credit the concerned customer’s account within 10 working days from the date of notification by the customer about unauthorized / fraudulent electronic bank transaction(s). Banks should not wait for settlement of insurance claim, if any.
- The value date of the Credit shall be as of the date of the unauthorized transaction.
- Banks may also at their discretion decide to waive off any customer liability in case of unauthorized electronic banking transactions, even in cases of customer negligence.
Mandatory Measures (How to report unauthorized transactions?)
- To facilitate reporting unauthorized transactions, banks have to provide customers with 24×7 access through multiple channels via website, phone banking, SMS, e-mail, IVR, a dedicated toll-free helpline, reporting to home branch, etc.,
- Banks have to provide a direct link for lodging the complaints, with specific option to report unauthorized electronic transactions on home page of their website.
- The loss/ fraud reporting system maintained by the Bank(s) shall also ensure that immediate response (including auto response) is sent to the customers acknowledging the complaint along with the registered complaint number.
- Bank’s communication systems have to record the time and date of delivery of the message and receipt of customer’s response, if any, to them. This shall be important in determining the extent of a customer’s liability.
- Banks must ask their customers to mandatorily register for SMS alerts and wherever available register for e-mail alerts, for electronic banking transactions. The SMS alerts shall mandatorily be sent to the customers, while email alerts may be sent, wherever registered.
- The banks may choose not to offer facility of electronic transactions, other than ATM cash withdrawals, to customers who do not provide mobile numbers to the bank.
- On receipt of report of an unauthorized transaction from the customer, banks must take immediate steps to prevent further unauthorized transactions in the account.
The above guidelines are surely in the best interest of bank customers, however it is also very important for customers to remain vigilant, not to share account related confidential information and report unauthorized transactions immediately to the bank. Do remember that the longer the time you take to notify the bank, the higher will be the risk of loss to you / the bank.
Continue reading :
- Are you aware of this interest fact on Bank Deposits?
- Why not to invest in Bank FDs/RDs for long-term?
(Image courtesy of David Castillo Dominici at FreeDigitalPhotos.net) (Source & Reference : RBI’s Notification) (Post published on : 07-July-2017)