RBI has issued directions on ‘Customer Protection – Limiting Liability of Customers in unauthorised Electronic Banking Transactions’. RBI has issued the revised directions amidst a recent increase in customer grievances related to unauthorised transactions.
The following are the salient highlights of the revised directions:
If the customers report to the banks regarding the loss they suffer through online banking transactions within three days, then the amount involved will be credited to their accounts within a time period of 10 days. Any loss suffered by the customer after reporting of the unauthorised transaction will be borne by the concerned bank. In sum, there will be “zero liability of a customer” in the case of third party breach where the deficiency lies neither with the bank nor with the customer but elsewhere in the system.
The customer is required to report to the bank within three working days after receiving the communication from the bank regarding the unauthorised transaction.
In cases of customer reporting the third party fraud with a delay of four to seven working days, then the liability of customer in such cases would be up to Rs 25,000.
Customers will also be entitled to zero liability in cases when authorised transaction occurs due to contributory fraud/negligence/deficiency on the part of the bank irrespective of whether or not the unauthorised transaction has been reported by the customer.
In cases of negligence caused by the customer by sharing of payment credentials, the customer is liable to bear the entire loss until the unauthorised transaction is reported to the bank.
If the customer reports about the unauthorised transaction after seven days, then the liability of the customer would be determined as per the bank’s Board approved policy.
The bank has to credit the amount involved in the unauthorised electronic transaction to the customer’s account within 10 working days of reporting of fraud. The bank has to do this without waiting for settlement of insurance claim if any.
The banks should ask its customers to mandatorily register for SMS alerts and e-mail for email alerts for electronic banking transactions.