Online frauds: When there is zero liability to customer
With the increased usage of digital channels for payments during the Covid-19 pandemic, attempts of digital fraud have been on the rise.Customers have been relying on digital channels to do business on account of restrictions and fear of Covid spreading. other words, if a third party is
The government of India and behind the unauthorised transaction, the RBI are aware of this menace. the customer will have In fact, even before the pandemic, zero liability if he/she reports the RBI had issued notification it within three working days. In which said a customer’s case the unauthorised transaction “entitlement to zero liability” is reported between four to will arise if the unauthorised seven days after receiving communication transaction takes from the bank, the place in the following events: per transaction liability shall
1. “Contributory fraud/negligence/deficiency be maximum of Rs 25,000. on the part of 3. Where the loss is due to negligence the bank (irrespective of by the customer, such as whether or not the transaction where he/she has shared the is reported by the customer).” payment credentials, the customer In other words, the customer will bear the entire loss will be entitled to zero liability until he/she reports the unauthorised if the unauthorised transaction, transaction to the or the fraud, has happened bank. Any loss occurring after because of the bank's fault. The the reporting of the unauthorised bank will have to pay for the transaction shall be borne loss even if the customer fails to by the bank. report the unauthorised transactions It also needs to be noted that immediately. the RBI notification mentions
2. The customer has zero liability the burden of proof in proving in the case of a “third-party customer liability in case of breach where the deficiency unauthorised electronic transactions lies neither with the bank nor lies with the bank. The with the customer, but lies elsewhere RBI directs all banks to in the system, and the “mandatorily register for SMS customer notifies the bank alerts and wherever available within three working days of register for e-mail alerts, for receiving the communication electronic banking transactions”. from the bank regarding the The SMS alerts are to be unauthorised transaction”. In sent “mandatorily” while email alerts may be sent wherever registered.
It is important to note that “longer the time taken to notify the bank, the higher will be the risk of loss to the bank/customer”. The RBI has highlighted some of the typical modus operandi being used by fraudsters, such as vishing, phishing, and remote access.
Vishing refers to phone calls pretending to be from bank/ non-bank e-wallet providers/ telecom service providers in order to lure customers into sharing confidential details in the pretext of KYC-updation, unblocking of account/ SIM-card, and crediting debited amount.
Phishing means spoofed emails and/or SMSes designed to dupe customers into thinking that the communication has originated from their bank/e-wallet provider and contain links to extract confidential details.
By using remote access, fraudsters lure customers to download an application on their mobile phone/computer which is able to access all the customers' data on that customer device. Fraudsters also misuse the 'collect request' feature of UPI by sending fake payment requests with messages like 'Enter your UPI PIN' to receive money.