RBI Revises Guidelines To Protect Victims Of Digital Fraud
Customers may face losses in fraudulent digital transactions if they fail to alert banks
Reserve Bank of India (RBI), on Thursday, revised its norms which guide the protection of customers who fall victim to fraudulent electronic transactions. In cases where fraudulent transaction take place due to negligence on the part of the bank, customers will face zero liability, said the regulator.
Customers would also not bear the cost of fraudulent transactions where information has been leaked due to a breach on a third party network, provided they inform the bank about the transaction within three days.
The new rules come at a time when the government is pushing customers towards digital transactions in the hope of bringing down the use of cash. While digital transactions have picked up, concerns around security of some of these payment methods remain, making it important for the regulator to have clear rules governing liabilities in the case of fraudulent transactions.
Limited Liability
In cases where customers have informed the bank between four to seven days after a fraudulent transaction due to third party negligence, customers would have to bear limited liability.
In basic savings bank deposit (BSBD) accounts, the maximum liability faced by the customer would be Rs 5,000 or the amount of the transaction, whichever is lower.
In all other savings bank accounts, gift cards, other prepaid instruments, bank accounts of medium, small and micro enterprises, individual bank accounts with limit up to Rs 25 lakh and credit card with spending limit up to Rs 5 lakh, the maximum liability would be Rs 10,000 or the amount in the fraudulent transaction, whichever is lower. In bank accounts and credit cards with spending limit over Rs 5 lakh, the maximum liability would be Rs 25,000, the regulator said.
If customers inform their banks about fraudulent transactions beyond the seven day limit, the customer liability would be decided through a bank board approved policy.
Total Liability Of Customer
In cases where fraudulent transactions have happened because card or bank information has been leaked due to negligence on the customer’s part, the entire loss shall be borne by the customer, said the regulator. It added that the customer shall bear all the losses until they have informed the bank about the fraudulent transactions. If the transactions continue after the reporting, the customers will not be liable.
The responsibility of proving customer liability shall remain on the bank.
Banks may, at their discretion, decide to waive off any customer liability in case of unauthorised electronic banking transactions even in cases of customer negligence.
Compensating Customer Loss
Banks would be required to reverse the amount debited from a customer’s account in a fraudulent transaction within 10 working days, where the lender is liable.
If a customer informs the bank about a fraudulent transaction after seven days of the transaction having taken place, banks would have to ensure that any customer complaint in the matter is resolved and customer liability is fully established within 90 days of receiving the complain.
If the bank breaches the 90 day limit, it would have to repay the customer under the limited liability norms of the RBI.
Additionally, banks are required to make changes to improve customer protection as well the fraud reporting mechanism. The RBI has asked banks to mandatorily register all customers for short message service (SMS) alerts and register them for email alerts wherever applicable.
“The banks may not offer facility of electronic transactions, other than ATM cash withdrawals, to customers who do not provide mobile numbers to the bank,” RBI said in its guidelines.
Banks have also been asked to allow customers to reply to an SMS or email alert, in case they feel that an electronic transaction was not made by them. Banks are required to provide adequate modes to report fraudulent transactions on a 24x7 basis.