This is probably the best news we have heard in a while. Recently, you had news of how thieves were skimming customers’ ATM cards in a café in Delhi and how in Bengaluru, close to 200 people complained how someone had been swiping off cash from their accounts, using skimmers and clones.
Picture this, at 1am you get a message that your account has been debited with Rs 10,000 and you are at home, your card is with you, your bank passwords safe, what do you do? Panic! Then call the bank to inform of them of the loot only to be met with an answer which is clearly depressing – ‘Sorry, sir/madam, we cannot help in this case’.
Well, now taking cognisance of the growing number of incidents of thievery from ATMs and customers inadvertently losing money because of some technical glitch in the bank or because of card skimming and cloning , the RBI has issued a directive. HERE is the order.
This is what the RBI has to say regarding reversal of erroneous debits arising from fraudulent or other transactions.
Firstly banks have been asked to put certain measures in place
- Appropriate systems and procedures to ensure safety and security of electronic banking transactions carried out by customers;
- Robust and dynamic fraud detection and prevention mechanism;
- Mechanism to assess the risks (for example, gaps in the bank’s existing systems) resulting from unauthorised transactions and measure the liabilities arising out of such events;
- Appropriate measures to mitigate the risks and protect themselves against the liabilities arising therefrom; and
- A system of continually and repeatedly advising customers on how to protect themselves from electronic banking and payments related fraud.
THIS IS WHAT THE BANKS HAVE TO DO
- Banks must ask their customers to mandatorily register for SMS alerts and wherever available register for e-mail alerts, for electronic banking transactions. So the respective banks must provide necessary channels of reporting unauthorised transactions that have taken place and/ or loss or theft of payment instrument. The medium mentioned are website, phone banking, SMS, e-mail, IVR, a dedicated toll-free helpline, reporting to home branch, etc.).
- On being notified by the customer, the bank shall :
- Credit (shadow reversal) the amount involved in the unauthorised electronic transaction to the customer’s account within 10 working days from the date of such notification by the customer (without waiting for settlement of insurance claim, if any).
- Banks may also at their discretion decide to waive off any customer liability in case of unauthorised electronic banking transactions even in cases of customer negligence. The credit shall be value dated to be as of the date of the unauthorised transaction.
WHEN IS A CUSTOMER NOT LIABLE TO PAY FOR THE LOSS
- When there is Contributory fraud/ negligence/ deficiency on the part of the bank (irrespective of whether or not the transaction is reported by the customer).
- Third party breach where the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system, and the customer notifies the bank within three working days of receiving the communication from the bank regarding the unauthorised transaction.
- In cases where the responsibility for the unauthorised electronic banking transaction lies neither with the bank nor with the customer, but lies elsewhere in the system and when there is a delay (of four to seven working days after receiving the communication from the bank) on the part of the customer in notifying the bank of such a transaction, the per transaction liability of the customer shall be limited to the transaction value or the amount mentioned in Table 1, whichever is lower.
KEEP IN MIND
The banks may not offer facility of electronic transactions, other than ATM cash withdrawals, to customers who do not provide mobile numbers to the bank. So make sure you register with the banks for alerts and messages.
The customers are advised to notify their bank of any unauthorised electronic banking transaction at the earliest after the occurrence of such transaction, and informed that the longer the time taken to notify the bank, the higher will be the risk of loss to the bank/ customer.
The burden of proving customer liability in case of unauthorised electronic banking transactions shall lie on the bank.