RBI's steps on frauds will help customers

By limiting the liability, RBI is trying to enhance customer confidence in digital transactions

‘Guilty until proven innocent’ — this was the situation that bank customers found themselves in when they reported any fraud. The Reserve Bank of India (RBI), in its latest circular, seems to changing the rules to ‘Innocent until proven guilty’. And, this is a good news for customers.

“The RBI’s latest provisions favour customers. Earlier, if your card was used somewhere; you had to prove you didn’t use it. Now, the onus is on the bank to prove that you used it,” says Navin Chandani, chief business development officer, Bankbazaar.com. 

The growing number of customer complaints regarding unauthorised debits from their accounts and cards seems to have impact the apex bank’s decision. According to experts the new norms will go a long way towards enhancing customer confidence in digital transactions.

The new norms include ‘zero liability’ and ‘limited liability’ for customers. The customer’s liability will be zero in case of contributory fraud, negligence or deficiency on the part of the bank. In such cases, even if he fails to report the matter to the bank, his liability will remain zero. 

This is quite in line with global norms. In developed markets like the US, zero or limited liability for customers is already a well-established norm. “In the US, banks do reimburse customers immediately in case of a complaint about an unauthorised transaction, as there they are keen to retain your business. Also, they wish to avoid negative publicity or being fined by the regulator,” says Mumbai-based financial planner Arnav Pandya.   

The new rules: The customer’s liability will also be zero in case of a third-party breach where the deficiency lies neither with the bank nor with the customer but elsewhere in the system, provided the customer notifies the bank within three working days of receiving the transaction-related notice from the bank.

The customer will, however, have to bear liability if the loss is due to negligence on his part, for instance, if he shares his payment credentials. He will have to bear the entire loss until he reports the unauthorised transaction to the bank. Any unauthorised transaction that takes place after he has reported to the bank will be borne by the latter.

The customer will also have to bear limited liability in case of a third-party breach if there is a delay of four to seven working days (after receiving the communication) in notifying the bank. In this case, the liability could be limited to the transaction value or a specified amount ranging from Rs 5,000 to Rs 25,000 (see table), whichever is lower. If the delay is beyond seven working days, the customer’s liability will depend on the bank Board’s approved policy.  

Reassuring move: Experts see this notification as a step in the right direction. “By making it mandatory to send transactions alerts through SMS and e-mails along with a reply option, the RBI is pushing banks to be more transparent in their dispute reporting and resolution mechanism,” says Naveen Kukreja, chief executive officer (CEO) and co-founder, Paisabazaar.com. He adds that the differential liability for customers in case of a third-party breach (depending on when you report) can be seen as an effort to encourage vigilance and early reporting of frauds by customers.

At present, when you carry out a card or online transaction, you do get an SMS/email alert if your mobile number and email ID are registered with the bank. However, if the transaction is unauthorised, you have to use a separate number to inform the bank. “This notification has asked banks and card providers to make provision within the same SMS or email alert for customers to intimate the bank if the transaction is unauthorised. That reply will be treated as final reporting of an unauthorised transaction by the customer,” says Vijay Jasuja, CEO, SBI Cards. 

According to the RBI notification, the burden of proving customer liability in case of unauthorised electronic banking transactions will be on the bank. “This provision favours customers. Earlier, if your card was used somewhere; you had to prove you didn’t use it. Now, the onus is on the bank to prove that you used it,” says Navin Chandani, chief business development officer, Bankbazaar.com. 

Don’t lower your guard: Disputes can and do arise all the time between banks and card users regarding transactions and frauds. Winning such arguments with an institution is never easy. So, avoid getting into them by following the rule that prevention is better than cure. “Avoid using your credit card on an international web site where two-factor authentication is not required. Similarly, avoid using the card on non-https web sites,” says Arun Ramamurthy, co-founder, Credit Sudhaar.