Strengthening of
systems and procedures
Electronic
banking transactions can be divided into two categories:
(i)
Remote/ online payment transactions,
Pre-paid Payment Instruments, and
(ii)
Face-to-face/ proximity payment
transactions
In
order to provide a safe platform for carrying out electronic banking
transactions, banks must put in place:
(i)
appropriate systems and procedures;
(ii)
robust and dynamic fraud detection and
prevention mechanism;
(iii) mechanism
to assess the risks resulting from unauthorised transactions and measure the
liabilities arising out of such events;
(iv) appropriate
measures to mitigate the risks and protection against such liabilities; and
(v)
system of advising customers on how to
protect themselves from related frauds.
Reporting of
unauthorised transactions by customers to banks
·
Customers must mandatorily register for
SMS alerts and optionally for e-mail alerts, for electronic banking
transactions. Alerts for such transactions must be sent to the customers.
·
The customers must notify their bank of
any unauthorised transaction. He must be informed that longer the time taken to
notify the bank, higher will be the risk of loss.
·
Banks must provide 24x7 access through
multiple channels for reporting unauthorised transactions or loss or theft of
payment instrument such as card, etc.
·
Banks shall enable customers to
instantly respond by "Reply" to the SMS and e-mail alerts to notify objections,
if any.
·
A direct link for lodging complaints must
be provided on the home page of Bank’s website.
·
The reporting system must ensure that
immediate response is sent to the customers acknowledging the complaint along
with the registered complaint number.
·
The system must record the time and date
of delivery of the message and receipt of customer’s response.
·
Banks may deny the facility of
electronic transactions, other than ATM, to customers who fail to provide their
mobile numbers.
·
On receipt of report of an unauthorised
transaction, banks must take steps to prevent any such subsequent transactions
in the account.
Limited
Liability of a Customer
(a) Zero
Liability of a Customer
A
customer’s liability shall be zero where there is a :
(i)
Contributory fraud/ negligence/
deficiency on the part of the bank.
(ii)
Third party breach and the customer
notifies the bank within 3 working days of receiving the communication of
the unauthorised transaction.
(b) Limited
Liability of a Customer
A
customer shall be liable for the loss in the following cases:
(i)
Where the loss is due to negligence by a
customer, until he reports the unauthorised transaction to the bank. Any loss
occurring thereafter shall be borne by the bank.
(ii)
Third party breach and when there is a
delay of 4 to 7 working days in notifying the bank of such a
transaction, the per transaction liability shall be limited to the transaction
value or the amount mentioned in Table 1, whichever is lower.
Table
1
Maximum
Liability of a Customer under paragraph 7 (ii)
Type of
Account
|
Maximum
Liability
|
·
BSBD Accounts
|
5000
|
·
All other SB accounts
·
Pre-paid Payment Instruments and Gift
Cards
·
Current/ Cash
Credit/ Overdraft Accounts of MSMEs
·
Current Accounts/ Cash Credit/
Overdraft Accounts of Individuals with annual average balance (during 365
days preceding the incidence of fraud)/ limit up to Rs.25 lakh
·
Credit cards with limit up to Rs.5
lakh
|
10000
|
·
All other Current/ Cash Credit/
Overdraft Accounts
·
Credit cards with limit above Rs.5 lakh
|
25000
|
If
the delay in reporting is beyond 7 working days, the customer’s
liability shall be determined as per the bank’s policy.
·
Banks shall provide the details of the
policy while opening the accounts.
·
Banks shall display their policy in
public domain.
·
Existing customers must be individually
informed about the policy.
Summary
of Customer’s Liability
Time taken to
report the fraudulent
transaction from
the date of
receiving the
communication
|
Customer’s liability
|
Within 3 working days
|
Zero liability
|
Within 4 to 7 working days
|
The transaction
value or the
amount
mentioned in Table 1, whichever is
lower
|
Beyond 7 working days
|
As
per bank’s Board approved policy
|
The
number of working days shall be counted as per the working schedule of the home
branch of the customer excluding the date of receiving the communication.
Reversal
Timeline for Zero Liability/ Limited Liability of customer
·
On being notified by the customer, the
bank must credit the amount involved to his account within 10 working days of
such notification.
·
Banks may at their discretion waive off customer
liability even in cases of customer negligence.
·
The credit shall be value dated as of
the date of the transaction.
Banks
shall ensure that:
(i)
a complaint is resolved and liability of
the customer, established within the time specified in the bank’s policy, but
not beyond 90 days from the receipt of complaint and the customer is duly compensated;
(ii)
where it is unable to resolve the
complaint or determine the customer liability, within 90 days, the compensation
as prescribed is paid;
(iii) in
case of debit card/ bank account, the customer does not suffer loss of
interest, and in case of credit card, the customer does not bear any additional
burden of interest.
·
Taking into account the risks involved, banks
need to clearly define the rights and obligations of customers.
·
Banks shall revise their policy, to
cover aspects of customer protection by including the mechanism of creating
customer awareness on the risks, responsibilities and liabilities in cases of
such transactions.
·
The policy must be transparent,
non-discriminatory and should stipulate the mechanism and timelines of
compensating the customers.
·
The policy shall be displayed on the
bank’s website along with the details of grievance handling/ escalation
procedure.
Burden of Proof
The
burden of proving customer liability shall lie on the bank.
Reporting and
Monitoring Requirements
·
The banks shall put in place a mechanism
for the reporting of customer liability cases to the Board or Committees.
·
The reporting shall, inter alia,
include volume/ number of cases and the aggregate value involved and
distribution across various categories of transactions (cards, internet
banking, mobile banking, ATM, etc.).
·
The Standing Committee on Customer
Service shall periodically review
o
the unauthorised electronic banking
transactions,
o
the action taken thereon,
o
the functioning of the grievance redressal
mechanism
o
take appropriate measures to improve the
systems and procedures.
·
All such transactions shall be reviewed
by the bank’s internal auditors.
Based on RBI circular dated 6/7/2017. For any further
clarification please refer www.rbi.org.in ………………..Poppy