Tuesday, July 11, 2017

Customer Protection – Limiting Liabilities of Customers

 Strengthening of systems and procedures

Electronic banking transactions can be divided into two categories:
(i)      Remote/ online payment transactions, Pre-paid Payment Instruments, and
(ii)    Face-to-face/ proximity payment transactions

In order to provide a safe platform for carrying out electronic banking transactions, banks must put in place:

(i)      appropriate systems and procedures;
(ii)    robust and dynamic fraud detection and prevention mechanism;
(iii) mechanism to assess the risks resulting from unauthorised transactions and measure the liabilities arising out of such events;
(iv) appropriate measures to mitigate the risks and protection against such liabilities; and
(v)    system of advising customers on how to protect themselves from related frauds.

Reporting of unauthorised transactions by customers to banks

·        Customers must mandatorily register for SMS alerts and optionally for e-mail alerts, for electronic banking transactions. Alerts for such transactions must be sent to the customers.
·        The customers must notify their bank of any unauthorised transaction. He must be informed that longer the time taken to notify the bank, higher will be the risk of loss.
·        Banks must provide 24x7 access through multiple channels for reporting unauthorised transactions or loss or theft of payment instrument such as card, etc.
·        Banks shall enable customers to instantly respond by "Reply" to the SMS and e-mail alerts to notify objections, if any.
·        A direct link for lodging complaints must be provided on the home page of Bank’s website.
·        The reporting system must ensure that immediate response is sent to the customers acknowledging the complaint along with the registered complaint number.
·        The system must record the time and date of delivery of the message and receipt of customer’s response.
·        Banks may deny the facility of electronic transactions, other than ATM, to customers who fail to provide their mobile numbers.
·        On receipt of report of an unauthorised transaction, banks must take steps to prevent any such subsequent transactions in the account.

Limited Liability of a Customer

(a) Zero Liability of a Customer

A customer’s liability shall be zero where there is a :
(i)      Contributory fraud/ negligence/ deficiency on the part of the bank.
(ii)    Third party breach and the customer notifies the bank within 3 working days of receiving the communication of the unauthorised transaction.

(b) Limited Liability of a Customer

A customer shall be liable for the loss in the following cases:
(i)      Where the loss is due to negligence by a customer, until he reports the unauthorised transaction to the bank. Any loss occurring thereafter shall be borne by the bank.
(ii)    Third party breach and when there is a delay of 4 to 7 working days in notifying the bank of such a transaction, the per transaction liability shall be limited to the transaction value or the amount mentioned in Table 1, whichever is lower.

Table 1

Maximum Liability of a Customer under paragraph 7 (ii)

Type of Account
Maximum Liability
·        BSBD Accounts
·        All other SB accounts
·        Pre-paid Payment Instruments and Gift Cards
·        Current/  Cash  Credit/  Overdraft Accounts of  MSMEs
·        Current Accounts/ Cash Credit/ Overdraft Accounts of Individuals with annual average balance (during 365 days preceding the incidence of fraud)/ limit up to Rs.25 lakh
·        Credit cards with limit up to Rs.5 lakh

·        All other Current/ Cash Credit/ Overdraft Accounts
·        Credit cards with limit above Rs.5 lakh


If the delay in reporting is beyond 7 working days, the customer’s liability shall be determined as per the bank’s policy.
·        Banks shall provide the details of the policy while opening the accounts.
·        Banks shall display their policy in public domain.
·        Existing customers must be individually informed about the policy.

Table 2

Summary of Customer’s Liability

Time taken to report the fraudulent
transaction from the date of
receiving the communication
Customer’s liability
Within 3 working days
Zero liability
Within 4 to 7 working days
The  transaction  value  or  the  amount
mentioned in Table 1, whichever is lower
Beyond 7 working days
As per bank’s Board approved policy

The number of working days shall be counted as per the working schedule of the home branch of the customer excluding the date of receiving the communication.

Reversal Timeline for Zero Liability/ Limited Liability of customer

·        On being notified by the customer, the bank must credit the amount involved to his account within 10 working days of such notification.
·        Banks may at their discretion waive off customer liability even in cases of customer negligence.
·        The credit shall be value dated as of the date of the transaction.

Banks shall ensure that:

(i)      a complaint is resolved and liability of the customer, established within the time specified in the bank’s policy, but not beyond 90 days from the receipt of complaint and the customer is duly compensated;
(ii)    where it is unable to resolve the complaint or determine the customer liability, within 90 days, the compensation as prescribed is paid;
(iii) in case of debit card/ bank account, the customer does not suffer loss of interest, and in case of credit card, the customer does not bear any additional burden of interest.

Board Approved Policy for Customer Protection

·        Taking into account the risks involved, banks need to clearly define the rights and obligations of customers.
·        Banks shall revise their policy, to cover aspects of customer protection by including the mechanism of creating customer awareness on the risks, responsibilities and liabilities in cases of such transactions.
·        The policy must be transparent, non-discriminatory and should stipulate the mechanism and timelines of compensating the customers.
·        The policy shall be displayed on the bank’s website along with the details of grievance handling/ escalation procedure.

Burden of Proof

The burden of proving customer liability shall lie on the bank.

Reporting and Monitoring Requirements

·        The banks shall put in place a mechanism for the reporting of customer liability cases to the Board or Committees.
·        The reporting shall, inter alia, include volume/ number of cases and the aggregate value involved and distribution across various categories of transactions (cards, internet banking, mobile banking, ATM, etc.).
·        The Standing Committee on Customer Service shall periodically review
o   the unauthorised electronic banking transactions,
o   the action taken thereon,
o   the functioning of the grievance redressal mechanism
o   take appropriate measures to improve the systems and procedures.
·        All such transactions shall be reviewed by the bank’s internal auditors.

Based on RBI circular dated 6/7/2017. For any further clarification please refer www.rbi.org.in ………………..Poppy