Online banking frauds: RBI says no loss to customer if fraudulent transaction reported in 3 days

In a bid to step up customer protection in the era of digitsation push by the government, the Reserve Bank of India on Thursday came out with a new set of rules limiting the customer liability in case of unauthorised electronic banking transactions. Customers will not suffer any loss if unauthorised electronic banking transactions are reported within three days and the amount involved will be credited in the accounts concerned within 10-days, the RBI said. In case the third-party fraud is reported with a delay of four to seven working days, a customer will face liability of up to Rs 25,000. However, in cases where the loss is due to negligence by the account holder (such as sharing of payment credentials), the customer will bear the entire loss until the unauthorised transaction is reported to the bank. Any loss occurring after reporting of the unauthorised transaction will be borne by the bank, RBI said while issuing revised directions on ‘Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions’. “With the increased thrust on financial inclusion and customer protection and considering the recent surge in customer grievances relating to unauthorised transactions resulting in debits to their accounts/ cards, the criteria for determining the customer liability in these circumstances have been reviewed,” the RBI said in the circular. There will be “zero liability of a customer” in case of third-party breach where the deficiency lies “neither with the bank nor with the customer but lies elsewhere in the system”. [caption id=“attachment_3783797” align=“alignleft” width=“380”]  Reuters[/caption] However, the customer will have to notify the bank within three working days of receiving the communication from the bank regarding the unauthorised transaction. A customer’s entitlement to zero liability will also arise where the unauthorised transaction occurs due to “contributory fraud/negligence/deficiency on the part of the bank (irrespective of whether or not the transaction is reported by the customer)”, RBI said. The maximum liability of a customer will be Rs 25,000 in cases where the responsibility for the unauthorised electronic banking transaction lies neither with the bank nor with the customer, but lies elsewhere in the system and when there is a delay of four to seven working days. If the fraud is report after seven days, the customer liability will be determined as per the bank’s Board approved policy. The maximum liability of a savings bank account customer will be Rs 10,000 in such cases. Referring to reversal timeline for Zero Liability/Limited Liability of customer, RBI said the bank should credit (shadow reversal) the amount involved in the unauthorised electronic transaction to the customer’s account within 10 working days of reporting of the fraud. This has to be done without waiting for settlement of insurance claim, if any, RBI added. RBI further said that banks must ask their customers to mandatorily register for SMS alerts and wherever available register for e-mail alerts, for electronic banking transactions. “The SMS alerts shall mandatorily be sent to the customers, while email alerts may be sent, wherever registered,” it added. With inputs from PTI