The Reserve Bank of India (RBI) has announced new rules to make electronic banking transactions safer. Customers will not suffer any loss if unauthorised electronic banking transactions are reported within three working days and the amount involved will be credited in the accounts concerned within 10 days, the RBI said in a notification.
"With the increased thrust on financial inclusion and customer protection and considering the recent surge in customer grievances relating to unauthorised transactions resulting in debits to their accounts/ cards, the criteria for determining the customer liability in these circumstances have been reviewed," the RBI said.
Here are the new rules to safeguard customers from fraudulent online transactions:
There will be "zero liability of a customer" in case of third party breach where the deficiency lies "neither with the bank nor with the customer but lies elsewhere in the system". However, the customer will have to notify the bank within three working days of receiving the communication from the bank regarding the unauthorised transaction.
In case the fraud is reported within four to seven working days, a customer's maximum liability will be from Rs. 5,000 to Rs. 25000, depending on the type of accounts and credit card limit.
If the fraudulent transaction is reported beyond 7 working days, the customer's liability will be according to the bank's policy. Banks have been asked to clearly define the rights and obligations of customers in case of unauthorised transactions in specified scenarios.
However, in cases where the loss is due to negligence by the account holder (such as sharing of payment credentials), the customer will bear the entire loss until the unauthorised transaction is reported to the bank. But any loss occurring after the reporting of the unauthorised transaction shall be borne by the bank.
The electronic banking transactions include internet banking and mobile banking as well as ATM and point-of-sales transactions.
The burden of proving customer liability in case of unauthorised electronic banking transactions shall lie on the bank.
Reversal Timeline for Zero Liability/ Limited Liability of customer: On being notified by the customer, the bank has to credit the amount involved in the unauthorised electronic transaction to the customer's account within 10 working days from the date of such notification by the customer (without waiting for settlement of insurance claim, if any). Banks may also at their discretion decide to waive off any customer liability in case of unauthorised electronic banking transactions even in cases of customer negligence. The credit shall be value dated to be as of the date of the unauthorised transaction.
To safeguard customers from online frauds, banks have to ask their customers to mandatorily register for SMS alerts and wherever available register for e-mail alerts, for electronic banking transactions.
Such SMS/email alerts also must have a "Reply" option for customer response so that they can easily notify banks in case of fraudulent transactions.
According to the RBI directive, banks have to provide a direct link on their website's home page for lodging the complaints.