Our banking regulator Reserve Banking of India really deserves praise, as this is the second most important old regulation that they have changed to benefit banking customers. First, it was the Banking Ombudsman which was changed to accommodate recent trends. Now they have amended the 2002 regulations of Protection of Customer interest and liabilities in the case of an electronic, online or card related frauds.
There is an increased thrust on financial inclusion. We saw this when Jan Dhan was launched. But with increased banking facilities like mobile banking and ATMs, there is a surge in customer grievances relating to unauthorized transactions resulting in debits to their accounts/cards. Hence, the criteria for determining the customer liability in these circumstances have been reviewed.
Look at these cases:
Recently State Bank of India (SBI) merged with State Bank of Patiala (SBP). Mr. Bhosle had his pension account in SBP. He was proud of the fact that unlike most pensioners, he was internet savvy and could operate his net banking facility. After 2 days of the merger, he found his net banking ID was not working. He called up a local branch and they said that due to merger he will be soon be issued SBI credentials for net banking. He was satisfied and thought to wait.
Next day he gets a call from SBI representative that they are here to help for activating his internet ID. They asked for some usual details like ATM card number and then they said an OTP (one time password) has come to his cell phone, he needs to tell that. Mr. Bhosle told the OTP and he was told that net banking is active. The moment the call disconnected he received an SMS that Rs 150000/- has been debited from his account for reason of online payment through IMPS.
He called up the bank representative and got shocked that no such activity of changing net banking IDs was undertaken by the bank through the phone. He could sense that he has been a victim of online fraud.
Ravikant was traveling in a bus (with GPS) from Delhi to Jaipur, and he got 3 continuous messages that his card is used for shopping and has been swiped at a Croma store in Bengaluru. He thought it was a mistake as he had no Bengaluru connection and to be sure he checked his pocket. The card was in his wallet.
A few minutes later he got a call from the bank confirming his acceptance, that he is trying to do an online payment using a card and this is the 4th big transaction of the day, would he like to confirm?
He immediately said no and told the caller from the bank that the card is in his pocket and he is not in Bengaluru. The caller told him that this must be a case of “card cloning” and she proceeded with blocking the card. But Ravi had already lost Rs 78000/- by then.
Will Mr. Bhosle get his money back? In case thieves are caught and what if the thief is not caught? Technically it was his fault that he disclosed bank’s security passcode. So what is his liability? Full amount? Is there an insurance to cover this?
In the second case, Ravi had no fault. It was a mishappening and he was a victim of organized fraud? Is bank liable that their property (credit card) was cloned? Or Ravi must have been careless in using the card that his details were lifted by the fraudsters. What’s the liability?
Till now it was You Vs Bank and the old regulations. But things have changed w.e.f. 6Th July 2017.
So here are the revised rules:
The regulations cover both Online Frauds (hacking, Net banking, mobile banking, prepaid cards related) and Offline (like ATMs or card related).
Banks to strengthen Systems and Ensure these things
Banks to put appropriate strong systems, robust enough to prevent online frauds. These can be done by using different mediums to confirm transactions like SMS/email alerts. They should put in the system of continually and repeatedly advising customers on how to protect themselves from electronic banking and payments-related fraud.
Banks must provide customers with 24×7 access through multiple channels (at a minimum, via website, phone banking, SMS, e-mail, IVR, a dedicated toll-free helpline, reporting to home branch, etc.) for reporting unauthorised transactions that have taken place and/ or loss or theft of payment instrument such as card, etc.
Banks shall also enable customers to instantly respond to “Reply” to the SMS and e-mail alerts and the customers should not be required to search for a web page or an e-mail address to notify the objection if any. Further, a direct link for lodging the complaints, with specific option to report unauthorized electronic transactions shall be provided by banks on the home page of their website.
The loss/ fraud reporting system shall also ensure that immediate response (including auto response) is sent to the customers acknowledging the complaint along with the registered complaint number.
Liability of a Customer
Customer will suffer ZERO Liability
- If the fraud/deficiency is banks fault. It will not matter if the customer reports or not in these matters.
- If customer and bank are not in fault and fraud/loss is done by some third party, provided that the customer reports this within 3 days.
(So Ravi will not suffer any loss as he reported the matter within the prescribed time limit. The bank has insurance for these liabilities and bank will pay it to Ravi when they get the money from insurance company)
Limited Liability of a Customer
The customer will be liable:
- If it is his fault (Like Bhosle in the above example).
- If customer and bank are not in fault and fraud/loss is done by some third party, provided that the customer reports this after the third day and before the 7th
The liability in these case is limited and can be ascertained using this table:
(BSBD stands for Basic Saving Banks Deposits: No frill account with minimum banking services with zero balance)
What if the delay is for more than 7 Days?
Further, if the delay in reporting is beyond seven working days, the customer liability shall be determined as per the bank’s Board approved the policy. Banks shall provide the details of their policy in regard to customers’ liability formulated in pursuance of these directions at the time of opening the accounts.
So to summarize
The liability is based on who is at fault and how many days it took for reporting such happening.
The number of working days mentioned here shall be counted as per the working schedule of the home branch of the customer excluding the date of receiving the communication.
Some more points
- The bank will pay the customer (and not wait for insurance claim) within 10 working days of reporting such fraud/loss.
- The bank will provide resolution within 90 days.
- If it is related to savings account the customer shall not bear interest loss.
- If it is credit card related fraud, the customer will not bear interest/late penalty or any other expenses.
The burden of proof to show that it is customer’s fault lies with the bank and not the customer.
I know it is a long read as I wanted to cover all points.
In my career, I have seen a lot of investors shying away from these easy applications which make banking a pleasant experience. That is the reason you still find people in queues to get passbook entries or making Demand Drafts for payments.
Now I think many will feel safer while using new age banking facilities.
Share the article with your family & friends as I know it will benefit many. I await your response in the comments section below or through my email – firstname.lastname@example.org.