Bank’s Liability in Case of Online Fraud
The government efforts are praiseworthy to the convert unregulated economy to a regulated economy. Several steps were taken by the government in this direction, including demonetization, GST, Aadhar linked payments and Jan-Dhan Yojna. Softening of regulatory mechanism on the Unified Payments Interface (UPI) and the introduction of RuPay has also added Indian dimensions to online transactions. E-Commerce sites have also fuelled the online economy.
However, wherever there is money, the fraudster will flock. The common man has started suffering due to online frauds. The government is taking several measures to control the menace and in that support Reserve Bank of India has issued many guidelines to all banks operating in India. One of the guidelines is in respect of limiting the liability of customers in unauthorised electronic banking transactions was issued on 06th July 2017. All citizens must know these the guidelines to protect their interest in the case of any online fraud.
It is now the responsibility of the bank to make the customer feel safe and secure for the online transactions or when the card is physically used. The bank is responsible for establishing cyber security systems and procedures, establish fraud detection and prevention mechanism, undertake risk assessment and be responsible for the risk mitigation mechanism. Banks are making its customers aware of the actions being taken by the bank and also educate and make customers aware. That is why many banks are now sending emails regarding their cybersecurity posture. They have to state this clearly on their website. It is the responsibility of the bank to introduce an appropriate reporting mechanism, where customers can report any fraudulent transactions. It is mandatory to have SMS for online transactions (especially on expense side), and email facility is optional. The customer should have multiple reporting channels in case of any fraud that includes websites, SMS, phone banking, toll-free line, IVR as well as a visit to the physical branch. It is mandatory for the bank to issue a complaint number as and when any customer reports fraud.
The RBI has directed that there are three types of customer's liabilities
Limited liability when reported between 4 to 7 days
Limited liability when reported beyond 7 days
There is zero customer liability in case the fraud is taking place due to contributor nature or negligence or deficiency by the bank. Where neither bank nor customer is at fault, and the customer notifies the bank within 3 working days.
In case the fraud has taken place due to the customer's negligence and yet not reported the matter to the bank there is no liability of the bank
There is a limited liability of the customer when neither the bank nor the customer is at fault, and the customer has notified the bank within 4 to 7 working days. In case of a basic account, the Limited maximum liability is Rs 5,000, while for other savings bank accounts /prepaid payment instruments /gift cards/ credit cards/current and cash credit and overdraft account of individuals are Rs 10,000/-. It is important to note that in case of the credit card with limits is up to Rs 5 Lakhs then the liability is Rs 10,000 but if the limit is above Rs 5 Lakhs than a liability is 25000. Therefore, if you do not intend to use your credit beyond 5 lakh per month, then approach the bank to reduce the limit to less than Rs 5 lakh.
Where the customer reports the matter after 7 working days in such cases, the limited liability should be fixed by the board of the bank and all its customers must be informed this limited liability should be displayed prominently in the bank and customer awareness program should be taken by the bank
The entire amount, except the portion of limited liability should be reversed within 10 working days with unauthorized transaction. The bank is free to reverse the full amount even if the customer is at fault but has reported the matter within 3 days. It is the responsibility of the bank to achieve the complete resolution of the case within 90 (calendar) days of the complaint. In case of online fraud for debit card or bank account, there should be no loss of interest for the period when the funds are not there in the account. Similarly, when the credit card is defrauded then there is no burden of interest should be placed on the customer.
The count of working days will start from the day next to the day when fraud has occurred, and the burden of proof is always with the bank.
Reference: RBI/2017- 18/15 DBR No. LEG BC 78/09.07.005/2017-18 dated 6th July 2017
- By Commander Mukesh Saini (Retd.)
Former National Information Cyber Security Coordinator (GOI)