Electronic payments have become safer for consumers with the Reserve Bank of India (RBI) introducing the concept of ‘zero liability’ and ‘limited liability’ for bank customers for any card or online fraud.
The central bank has also made it mandatory for banks to register all customers for text message alerts and permit reporting of unauthorized transactions through a reply to the alert message.
The proposal to limit customer liability in a fraudulent transaction was floated in a draft circular in August 2016. The RBI has now come out with final guidelines and sought to make rules stricter for banks than originally envisaged.
Under the new directive issued on Thursday, the onus has been placed on banks to link mobile numbers with bank accounts. “With the increased thrust of financial inclusion and customer protection and considering the recent surge in customer grievances relating to unauthorized transactions, the customer liability in these circumstances has been reviewed,” said the RBI.
The central bank’s circular covers online transactions as well as face-to-face transactions in stores using electronic payments.
Besides asking banks to enable replies to text messages containing transaction alerts, the RBI has asked them to allow reporting of unauthorized transactions on their home page. Also fraud reporting will be possible through other channels including phone banking, sms, email, call centre and interactive voice response.
A customer will have zero liability in respect of a fraudulent transaction if there is contributory fraud or negligence on the part of the bank. The customer will also not be liable if there is a third party breach, without bank involvement, which is reported to the bank within three working days of receiving communication regarding the unauthorized transaction.
“Banks have been compensating customers for third-party frauds. What is new is the concept of limited liability. We are not clear how this will apply when the customer has shared his password,” said an official with a private bank.
In cases where the loss is due to negligence of the customer, like sharing one’s password, the RBI has said the customer will bear the entire loss until he reports the unauthorized transaction to the bank. He will cease to be responsible once he has reported the unauthorized transaction.
Similarly, where the loss is caused by a third party, the customer will be liable for the transaction value if he fails to report the fraudulent transaction within four to seven days of receiving the alert from the bank.
However, the maximum liability of the customer in the case of the above two transactions will be Rs 5,000 for basic savings bank account. For most other accounts, it will be Rs 10,000. For credit cards with limits above Rs 5 lakh and for current, cash credit and overdraft accounts of limis above Rs 25 lakh the maximum liability will be Rs 25,000.