Credit cards, debit cards, online transactions frauds: In view of the recent rise in customer grievances relating to unauthorised transactions resulting in debits to their accounts/cards as well as to protect customers from large financial losses on account of such frauds, the Reserve Bank of India has come out with revised guidelines aimed at limiting customer liability in fraudulent transactions. The RBI has also sought to make rules stricter for banks in such cases.
For instance, the RBI has said that a customer will have zero liability in respect of a fraudulent transaction if there is contributory fraud or negligence on the part of the bank, irrespective of whether or not the transaction is reported by the customer. In case of a third party breach also, where the deficiency lies neither with the bank nor with the customer and the customer notifies the bank within three working days of receiving communication from the bank regarding the unauthorised transaction, the customer will not be liable. Similarly, customer liability has been capped at Rs 25,000 if a person reports unauthorised transactions within seven working days.
The RBI has also advised banks to ask their customers to mandatorily register for SMS alerts for electronic banking transactions. “The SMS alerts shall mandatorily be sent to the customers, while email alerts may be sent, wherever registered,” it said.
You may also like to watch:
According to the circular, the electronic banking transactions can be divided into two categories:
# Remote/ online payment transactions (transactions that do not require physical payment instruments to be presented at the point of transactions e.g. internet banking, mobile banking, card not present (CNP) transactions), Pre-paid Payment Instruments (PPI), and
# Face-to-face/ proximity payment transactions (transactions which require the physical payment instrument such as a card or mobile phone to be present at the point of transaction e.g. ATM, POS, etc.)
Here we are taking a look at 7 important points of the RBI guidelines which you must know:
1. The RBI has said that systems and procedures in banks must be designed to make customers feel safe about carrying out electronic banking transactions.
2. Banks must ask their customers to mandatorily register for SMS alerts and wherever available register for e-mail alerts, for electronic banking transactions. The SMS alerts shall mandatorily be sent to the customers, while email alerts may be sent, wherever registered. The customers must be advised to notify their bank of any unauthorised electronic banking transaction at the earliest after the occurrence of such transaction, and informed that the longer the time taken to notify the bank, the higher will be the risk of loss to the bank/ customer. On receipt of report of an unauthorised transaction from the customer, banks must take immediate steps to prevent further unauthorised transactions in the account.
3. Zero Liability: A customer’s entitlement to zero liability shall arise where the unauthorised transaction occurs in the following events:
# Contributory fraud/ negligence/ deficiency on the part of the bank (irrespective of whether or not the transaction is reported by the customer).
# Third party breach where the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system, and the customer notifies the bank within three working days of receiving the communication from the bank regarding the unauthorised transaction.
4. Limited Liability of a Customer: A customer shall be liable for the loss occurring due to unauthorised transactions in the following cases:
i. In cases where the loss is due to negligence by a customer, such as where he has shared the payment credentials, the customer will bear the entire loss until he reports the unauthorised transaction to the bank. Any loss occurring after the reporting of the unauthorised transaction shall be borne by the bank.
ii. In cases where the responsibility for the unauthorised electronic banking transaction lies neither with the bank nor with the customer, but lies elsewhere in the system and when there is a delay (of four to seven working days after receiving the communication from the bank) on the part of the customer in notifying the bank of such a transaction, the per transaction liability of the customer shall be limited to the transaction value or the amount mentioned in the Table below, whichever is lower.
Further, if the delay in reporting is beyond seven working days, the customer liability shall be determined as per the bank’s Board approved policy.
5. On being notified by the customer, the bank shall credit the amount involved in the unauthorised electronic transaction to the customer’s account within 10 working days from the date of such notification by the customer (without waiting for settlement of insurance claim, if any). Banks may also at their discretion decide to waive off any customer liability in case of unauthorised electronic banking transactions even in cases of customer negligence.
6. Further, banks shall ensure that:
# a complaint is resolved and liability of the customer, if any, established within such time, as may be specified in the bank’s Board approved policy, but not exceeding 90 days from the date of receipt of the complaint, and the customer is compensated as per the provisions;
# where it is unable to resolve the complaint or determine the customer liability, if any, within 90 days, the compensation as prescribed is paid to the customer; and
# in case of debit card/ bank account, the customer does not suffer loss of interest, and in case of credit card, the customer does not bear any additional burden of interest.
7. The burden of proving customer liability in case of unauthorised electronic banking transactions shall lie on the bank.