Unauthorized banking transactions: 10 things to know
RBI has issued draft Circular to review the criteria for determining customer’s liability, considering the recent surge in unauthorized transactions in banks resulting in erroneous debits to accounts of customers.
The highlights of the draft circular are given here under:
- RBI has proposed zero liability for customers where fraud or negligence is on the part of bank.
- In case of third party breach (i.e., where the fault lies neither with the bank nor the customer but lies elsewhere in the system)the liability for customer is summarized as follows:
- A) Fraudulent transaction is reported Within 3 working days – Customer’s liability is zero
B) Fraudulent transaction is reported Within 4-7 working days of receiving the communication – Customer’s liability is the transaction value or Rs 5,000 , whichever is lower
C) Fraudulent transaction is reported Beyond 7 working days of receiving the communication – Customer’s liability is as per bank’s board approved policy
- Where negligence is on the part of customer, e.g., as where he has shared the payment credentials, he will bear the entire loss until he reports the unauthorized transaction to the bank. Any loss occurred after reporting of unauthorized transaction shall be borne by bank.
- Banks at their discretion may also waive off any customer’s liability in case of unauthorized electronic banking transactions even in cases of customer’s negligence.
- In case of zero liability or limited liability of customer, the bank shall credit the amount involved in the unauthorized electronic transaction to the customer’s accountwithin 10 days from date of notification by such customer.
- Burden of proving customer’s liability in case of unauthorized electronic banking transactions shall lie on the bank.
- Banks shall ask their customers to mandatorily register for alerts for electronic banking transactions. The alerts shall be sent to the customers through different channels(email or SMS) offered by banks.
- Banks must provide customers 24×7 access through multiple channels for reporting of fraudulent transactions.
- The loss or fraud reporting system shall also ensure that immediate response (including auto response) is sent to the customers acknowledging the complaint along with the registered compliant number.
- The communication system used by banks to send alerts and receive responses thereto must record the time and date of delivery of the message and receipt of customer’s response, if any, to them.
RBI issued a Master Directions on Core Investment Companies (Reserve Bank) Directions, 2016 vide Master Direction DNBR. PD. 003/03.10.119/2016-17 dated 25/08/2016.
RBI issued a master direction on Exemption from the provision of RBI Act, 1934 vide Master Direction No. DNBR.PD. 001/03.10.119/2016-17 dated 25/08/2016.