Stepping in to protect customers from bank fraud, the Reserve Bank of India (RBI) recently laid out norms to limit the liability of the consumer.
“With the increased thrust on financial inclusion and customer protection and considering the recent surge in customer grievances relating to unauthorized transactions resulting in debits to their accounts/ cards, the criteria for determining the customer liability in these circumstances have been reviewed,” the notification to commercial banks stated.
The Rules put the onus of checking fraudulent activities largely on banks. Moreover, since Banks are required to compensate customers for unauthorized transactions, it is presumed that they would ensure prevention of such incidents.
RBI has mandated Banks to urge their customers to mandatorily register for SMS alerts, and, wherever available, to register for e-mail alerts, for electronic banking transactions. SMS alerts shall mandatorily be sent to the customers wherever registered. However, it must be noted that banks have been empowered to deny the customers the ability to transact digitally, if they decline to link mobile numbers with their bank accounts.
“Banks shall also enable customers to instantly respond with the help of ‘Reply’ to the SMS and e-mail alerts and the customers should not be required to search for a web page or an e-mail address to notify the objection if any,” the notification said.
Zero and limited liability
Making electronic payments safer for consumers, the notification introduces the concept of “zero liability” and “limited liability” for bank customers for any card or online fraud. Now, consumers cannot be made liable if they notify the bank within three working days of unauthorized transactions.
Further, consumer liability has been capped at Rs. 25, 000 if they report unauthorized transactions within seven working days. In case the customer reports the fraud after 7 days, he will be liable to an amount decided as per his bank’s policy. However, if the cause for fraud is negligence by the customer, he will be responsible for the losses till he reports it to the bank. Any subsequent losses will be covered by the bank.
These rules will also be applicable for a third party breach – where the deficiency lies neither with the bank nor with the customer, but lies elsewhere in the system. Once the customer has reported the fraud, the bank has to credit the amount involved in the unauthorized transaction to his account within 10 working days.