Bank customers won’t have to bear loss from fraudulent transactions: RBI
The Reserve Bank of India on Thursday said bank customers who are victims of fraudulent or unauthorized electronic transactions will not bear any loss if the transaction is due to a fault in the bank’s security system, or a third-party breach.
However, the zero liability is conditional on the customer reporting the unauthorized transaction due to a third-party fault within three days of receiving the alert from the bank, according to the revised norms on “customer protection—limiting liability of customers in unauthorized electronic banking transactions”.
The draft norms were issued in August 2016.
The RBI has mandated banks to pay the amount involved in a transaction within 10 days of reporting by the customer.
Last year, after a malware injection in the systems of Hitachi Payment Services Pvt. Ltd, an ATM operator—about 3.2 million debit cards were compromised; similarly, hackers had infected the servers of the Union Bank of India with malware.
Total digital transactions rose 2.36% to Rs113.73 trillion in June, from Rs111.11 trillion in May, according to the provisional data released on Wednesday by RBI.
As per the latest norms, the maximum liability of the customer—in case the transaction was because of the customer’s negligence or if the customer did not adhere to reporting timelines, is set at Rs5,000-Rs25,000. The draft norms had set it at Rs5,000.
To be sure, the current maximum liability of the customer will be as per the nature of the transaction and hinges on the seven-day reporting deadline.
If the customer misses the three-day deadline but reports the unauthorized transaction caused due to a third-party breach within seven days, the customer will have to share some liability.
In such a loss the customer’s liability is a maximum of Rs5,000 in case of basic savings bank deposits. For other savings bank accounts, pre-paid instruments, gift cards or credit cards with up to Rs5 lakh limit, current and overdraft accounts with annual average balance of Rs25 lakh, the customer liability is at Rs10,000.
The maximum liability of Rs25,000 is for credit cards with a limit above Rs5 lakh and other current and overdraft accounts. The liability will be lower than the transaction value for the aforementioned amounts.
Banks, which have the burden of proving customer liability, will determine the amount the customer has to shell out as per the board policy, if the customer misses the seven-day deadline. The RBI said the bank must resolve the complaint and establish customer liability, if any, as per its board policy but the timeline must not exceed 90 days.
According to the central bank, while banks must ask customers to mandatorily register for SMS and e-mail alerts, for electronic banking transactions, the banks must also provide 24x7 access through multiple channels like website, phone banking, SMS, etc for reporting.
“Though the RBI guidelines is in the interest of customers, it is equally important for customers to remain vigilant and report unauthorized transactions immediately to the bank by the fastest mode and take acknowledgment of the same,” said AC Mahajan, chairman of Banking Codes and Standards Board of India.