RBI issues Draft Circular on Customer Protection in Unauthorised Electronic Banking Transactions
Sai Krishna Muthyanolla
August 16, 2016
In an age of increasing electronic banking transactions and the risks attached with such transactions, the RBI has come out with a draft circular on customer protection in case of unauthorized electronic banking transactions.
As Factly reported earlier, Electronic Banking transactions have doubled in the last 3 years and this is only going to increase if the trends are any indication. Against this background, the Reserve Bank of India (RBI) has recently issued a draft circular on ‘Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions’. Feedback on the draft circular may be sent before 31 August, 2016.
Background
The RBI issued a circular in April 2002 directing various Banks to reverse erroneous debits arising out of Fraudulent or Other Transactions. The RBI noted in 2002 that complaints of fraudulent encashment by unscrupulous persons opening deposit accounts in the names similar to already established concerns were being received. In that circular, the RBI advised that in cases where banks are at fault, the banks should compensate customers without demur, and in cases where neither the bank is at fault nor the customer at fault but the fault lies elsewhere in the system, then also the banks should compensate the customers ( up to a limit). Similar circulars were issued by RBI in 1978 and 1995.
Banks are directed to design robust systems to prevent fraud
The current draft circular by the RBI sets out of the criteria for determining customer liability in case of fraudulent electronic transactions. The draft circular categorizes the electronic banking transactions into two categories
The circular directs banks to design systems in such a way that customers feel safe about carrying out electronic banking transactions. The banks are directed to put in place adequate safety & security systems, robust & dynamic fraud detection mechanism, mechanism to assess risks resulting from fraudulent transactions and measures to mitigate risks against liabilities.
Customer’s liability in unauthorized transactions
The circular notes that banks must ask their customers to mandatorily register for alerts for electronic banking transactions. The alerts shall be sent to the customers through different channels (email or SMS) offered by the banks. The customers must be advised to notify the bank concerned of any unauthorised electronic banking transaction at the earliest after the occurrence of such transaction. The longer the time taken to notify the bank, the higher will be the risk of loss to the bank/customer. To facilitate this, banks must provide customers with 24×7 access through multiple channels (at a minimum, via website, phone banking, SMS, IVR, a dedicated toll-free helpline, reporting to home branch, etc.) for reporting fraudulent transactions that have taken place and/or loss or theft of payment instrument such as card, etc. The loss/fraud reporting system shall also ensure that immediate response (including auto response) is sent to the customers acknowledging the complaint along with the registered complaint number. The communication systems used by banks to send alerts and receive their responses must record the time and date of delivery of the message and receipt of customer’s response to them. This shall be important in determining the extent of the customer’s liability.
Zero Liability of a Customer
A customer’s entitlement to zero liability will arise where the security architecture and systems of the bank for electronic banking transactions are not able to protect the customer in the following events:
Limited Liability of a Customer
A customer shall be liable for the loss occurring due to fraudulent transactions in the following cases:
Reversal Timeline for Zero & Limited Liability
On being notified by the customer, the bank shall credit (shadow reversal) the amount involved in the unauthorised electronic transaction to the customer’s account within 10 working days from the date of such notification by the customer. Banks may also at their discretion decide to waive off any customer liability in case of unauthorised electronic banking transactions even in cases of customer negligence.
The banks will also ensure that:
Importantly, the burden of proving customer liability in case of unauthorised electronic banking transactions will lie on the bank.
Featured Image:  By Maxpayne473[CC BY-SA 4.0]