New rules make banks liable for fraud online transactions
do not know how many of you have read the directions issued by the of the Reserve Bank of India recently to all banks on ‘limiting the customer liability in case of unauthorised electronic banking transactions’. If you haven’t, I would suggest that you read it, because it’s a very crucial document vis-à-vis your rights as consumers of banking services and you will need to be fully conversant with it, in order to deal with unauthorised debits in your account!
In these directions issued on July 6, RBI makes it clear that a customer has no liability when an unauthorised transaction happens on account of fraud, contributory negligence or deficiency on the part of the bank. Similarly, even where neither the customer nor the bank is at fault, but the problem lies elsewhere in the system, the customer does not have any liability, provided she or he notifies the bank about the illegal operation within three days of receiving an alert from the bank. And the bank shall credit the amount involved in such transaction to the customer’s account in 10 days, says RBI.
However, in cases where such fraud takes place on account of the negligence of the customer, the entire loss, until the date of reporting the unlawful transaction, will be borne by the customer, says the banking regulator. Well, it is only fair that the customer pay for any negligence on his/her part, but the problem is, even where there is no negligence on the part of the customer, banks blame the customer for divulging the password or such security information to a third party, thereby leading to unauthorised transaction! In fact, if you look at such cases decided by the consumer courts as well as the banking ombudsman, you will find that banks never admit their negligence or even third party breach. In many cases, they do not even bother to investigate, as they find it convenient to point a finger at the customer!
In order to circumvent this problem, the RBI says that the “burden of proving customer liability in cases of unauthorised electronic banking transactions shall lie on the bank”. In other words, earlier, bank customers had the extremely difficult task of proving the negligence of the bank and their innocence, in order to get the bank to make good the loss suffered by them. Now, banks can escape liability only if they prove that the customer was responsible for such fraud.
The RBI has also emphasized the need for banks to not only send immediately and without fail, SMS and e-mail alerts, but also ensure that such messages are enabled to carry the customer’s reply too, so that a consumer can report any such fraud immediately.
This is extremely important because in a number of complaints resolved by the Banking Ombudsman on fraudulent transactions in 2015-16, for example, it was found that the customer had not received the SMS alert at all. In fact, in a recent case decided by the National Consumer Disputes Redressal Commission, it was found that the customer got two messages about unauthorised use of his debit card — for ₹976 and ₹769. Even though he immediately brought it to the notice of the bank, the latter did not take any action. So, the consumer electronically transferred the money from his ATM-linked account to another, to safeguard it. And while doing so, he realised that there was another debit of ₹28,949 for which he had not even got the SMS alert! (SBI Vs Dr JCS Kataky, RP No. 3073 of 2016)
So hopefully at least now, banks will not only put in place robust and adequate measures to detect and prevent fraud, but also comply fully with RBI directions.