RBI rules on customer's liability in online banking frauds

On 6th July, 2017, RBI has come out with a new circular capping the liabilities of Bank customers in the event of unauthorized electronic banking transactions (put simply, frauds). The guidelines given in the circular is applicable for all Commercial banks, Small banks and payment banks in India.

With government's push on journey towards a cashless economy, the number of electronic banking transactions is bound to see an increase and so are the fraudulent transactions. Despite various initiatives by the banks and RBI to bring awareness to the public to keep their card details secured, the instances of fraudulent transactions are still prevalent.

What happens when a fraud is reported?

As soon as the Customer reports the fraud transaction through IVR, email, SMS or bank branch, the Bank hotlists the card and freeze the debit transactions in your account to ensure that no further fraud takes place. The RBI requires Banks that the Customer be given an acknowledgement for reporting the fraudulent transaction in the account. The Customer will not be responsible and will be fully indemnified against losses arising from any further unauthorized transactions that happen after reporting. 

Who will face the loss?  

Most card companies like Visa, Master Card etc worldwide offer Zero Liability Program to the card holders that protect the cardholders from any unauthorized card transactions. In India, Zero liability program was offered selectively by Banks along with card companies like Visa, Master Card and even Rupay (promoted by NPCI). The banks were not so enthusiastic about the program since Banks had to incur additional cost of insurance to provide this facility to all card holders.

Now, RBI vide its Circular date 7th July 2017, has arrived at the following mechanism for determining various types of liability in the event of Unauthorized electronic banking transactions (that covers ATM transactions, POS transactions, Mobile Banking transactions, Internet banking transactions etc) as follows:

Zero liability:

A. The customer will have zero liability when the unauthorized transaction happens due to contributory fraud or negligence or deficiency of service on the Bank's part.  The customer will enjoy zero liability under this event even if he/she fails to report the transaction to the Bank.

B. If the unauthorized transaction occurs neither due to customer's negligence nor due to contributory fraud or negligence or deficiency of service on the Bank's part but the fault lies elsewhere in the system (3rd party actions) and the customer reports the transaction to the Bank within three days from the date of transaction, the customer will enjoy Zero liability for such transaction.

Limited Liability:

A. If the unauthorized transaction occurs due to customer's negligence, the customer will bear the entire liability till he/she reports the fraudulent transactions to the Bank. Any loss due to unauthorized transactions subsequent to such reporting will be borne by the Bank

B. If the unauthorized transaction occurs neither due to customer's negligence nor due to contributory fraud or negligence or deficiency of service on the Bank's part but the fault lies elsewhere in the system and the customer reports the transaction to the Bank within 4 to 7 days from the date of such transaction, the customer's liability will be up to a Maximum amount as given below:


Type of Account

Maximum Liability (in Rs.)

Basic Savings Bank Deposit Account (basic no frills account)

5,000

All other Savings Bank accounts

Prepaid instruments, gift cards etc.

Current/Cash Credit/Overdraft accounts of MSME units

Credit card with limit up to maximum of Rs.5lacs

Current/Cash Credit/Overdraft accounts of individuals with annual average balance(365 days before date of fraudulent transactions) /CC OD limit up to maximum Rs.25 lacs

10,000

All other Current/Cash Credit/Overdraft accounts

Credit card with limit above Rs.5 lacs

25,000


Note: Maximum liability is the maximum amount which a customer has to bear and beyond which the Bank will bear it.

Where the customer reports the fraudulent transactions after 7 working days, the customer's liability for such loss will be determined by respective Bank's Board approved policy for Customer protection.

Customer's negligence is when the customer is a victim of phishing (method used by scamsters through email where secret information like card number, CVV, PIN etc are asked) or vishing (telephonic  form of phishing ) and disclosed secured /vital information for the fraudster to commit unauthorized transactions . As per RBI's recent circular, the Burden of proof of customer's negligence lies with the Bank and the customer need not prove his innocence anymore.

Negligence or deficiency on part of the bank is when the Bank's internal control system is unsecure due to which secured information like PIN, Card details, CVV numbers etc are compromised.

Losses due to Third Party actions are unauthorized transactions that occur due to neither customer's negligence nor banks negligence like loss due to cloning /card skimming/stealing etc of cards by third parties.

Reversal timeline for Zero liability and Limited Liability

Banks will reverse the transaction if upon enquiry the unauthorized transaction is found to be a fraudulent one. If the bank disputes the customer's claim of unauthorized transaction, as per RBI guidelines, Bank has to prove that the transaction is genuine and not fraudulent one as reported.

Banks now have to shadow reverse (reverse and mark a lien on such amount)the amount involved in such unauthorized transactions, as reported by the customer , within 10 working days of reporting of such unauthorized transactions by the customer. Banks cannot hold this reversal awaiting Insurance claim settlement for such transaction. To ensure that the customer does not lose any interest, the reversal must be value dated by the bank.

Time limit for fixing Zero liability and Limited liability:

RBI requires that

A. The complaint is resolved and liability of the customer must be established within a maximum period of 90 days from date of reporting and the customer be compensated as above. Banks also have discretion to waive off the customer's liability even if the customer is negligent and has compromised the details resulting in such unauthorized transactions.

B. The complaint is not resolved or the liability cannot be determined within 90 working days, the customer should be compensated as above.

Conclusion:

It is welcome that RBI has come out with a circular fixing the Liability from unauthorized electronic banking transactions. This brings the customers an option of getting at least a part of the amount they lost due to fraudulent transactions.

The author is a finance consultant and can also be reached at arthaconsultingservices@gmail.com

More »


K Srinivas, CMA CS 
on 17 July 2017
Published in Others
Views : 494






×
close x
Download GST App    |    x