New Delhi: Amid rise in cases of unauthorised electronic banking transactions, RBI has proposed that customer will have no or zero liability in case of fraud being committed because of bank's negligence or third breach.
However, "where customer's own involvement is established, customer will be liable," said the draft circular on 'Customer Protection - Limiting Liability of Customers in Unauthorised Electronic Banking Transactions'.
In cases where customer's own involvement is not clearly established, customer liability will be limited to a maximum of Rs 5,000 if he reports within 4 to 7 working days.
"If customer reports beyond 7 working days, customer liability will be determined based on bank's Board approved policy," said the draft, on which RBI has sought feedback till August 31.
On being notified by the customer, the draft said the "bank should credit (shadow reversal)" the amount involved in the unauthorised electronic transaction to the customer's account within 10 working days.
"The burden of proving customer liability in case of unauthorised electronic banking transactions shall lie on the bank," RBI proposed.
It is also proposed that banks should ensure that a complaint is resolved within 90 days and in case of debit card/bank account the customer does not lose out on interest. Banks should also ensure that in case of credit card the customer does not bear any additional burden of interest.
RBI said the recent surge in customer grievances relating to unauthorised electronic banking transactions resulting in debits to their accounts/cards, has necessitated a review of the criteria for determining the customer liability in these circumstances.
"Banks must ask their customers to mandatorily register for alerts for electronic banking transactions. The alerts shall be sent to the customers through different channels (email or SMS) offered by the banks," it proposed.
The draft futher said that customers must be advised to notify the bank concerned of any unauthorised electronic banking transaction at the earliest after the occurrence of such transaction.
"The longer the time taken to notify the bank, the higher will be the risk of loss to the bank/customer," RBI said.
To facilitate this, the draft said banks must provide customers with 24x7 access through multiple channels (at a minimum, via website, phone banking, SMS, IVR, a dedicated toll-free helpline, reporting to home branch) for reporting fraudulent transactions that have taken place and/or loss or theft of payment instrument such as card.
The loss/fraud reporting system shall also ensure that immediate response (including auto response) is sent to the customers acknowledging the complaint along with the registered complaint number.
"A customer's entitlement to zero liability shall arise where the security architecture and systems of the bank for electronic banking transactions are not able to protect the customer" in the event of fraud/ negligence on the part of the bank, the draft said.
Further, customers liability will be zero, "third party breach where the fault lies neither with the bank nor with the customer but lies elsewhere in the system, and the customer notifies the bank within three working days of receiving the communication from the bank regarding an unauthorized transaction", it added.
There would be limited liability of a customer of in cases involving negligence by him, such as where he has shared the payment credentials, the customer will bear the entire loss until he reports unauthorised transaction to the bank.
Any loss occurring after the reporting of the unauthorised transaction would be borne by the bank.
Banks could also at their discretion decide to waive any customer liability in case of unauthorised electronic banking transactions even in cases of customer negligence, the draft said.
Taking into account the risks arising out of unauthorised debits to customer accounts owing to customer negligence/ banking system frauds/ third party breaches, banks also need to clearly define the rights and obligations of customers in case of unauthorised transactions in specified scenarios.
The draft also said customer protection policy must be transparent, non-discriminatory and should stipulate the mechanism of compensating the customers for the unauthorised electronic banking transactions.
