If RBI's recommendations are finalised, it will give more teeth to the existing fair practice code
Kumar Karpe, chief executive officer (CEO), TechProcess Payment Services, an electronic payments services firm, remembers the harrowing experience of a person who used his credit card in the US.
Even after he came back to India, his card was used again. When he lodged a complaint with the bank, he had to prove the fraud by showing his boarding pass, stamp of immigration and other documentary evidence. "Currently, the onus is on the customer to prove fraud and it is a tricky situation,'' he says.
Victims like him might finally get some relief. With the Reserve Bank of India (RBI) issuing a draft circular on customer protection last week, which seeks to limit the liability of customers in unauthorised electronic banking transactions, things could improve soon.
There are two key benefits proposed in the circular: The liability on customers could be lower if it is the fault of the bank and if you report within three working days of receiving the communication.
While some of these recommendations are already prescribed in the Banking Codes and Standards Board of India (BCSBI)'s fair practice code for banks, if
Bank frauds: Limited liability for customers? RBI finalises the circular, the rules will become mandatory. "The main purpose of BCSBI's banking codes is to limit the customer's liability in unauthorised electronic banking transactions and compensate the customer for any loss of interest in the case of debit cards and does not bear any additional burden of interest, in case of credit card transactions," says A C Mahajan, Chairman, BCSBI.
These proposals, if accepted, will apply to banking transactions-remote/online and face-to-face/proximity payment transactions. The former do not require the physical payment instrument like credit or debit card to be present, such as internet banking, mobile banking or card not present transaction.
The latter include transactions where the physical instrument such as card or mobile is present, that is, ATM or point-of-sales transactions.
Whether these will also include transactions done through non-bank payment instruments such as e-wallet, is not clear, say experts. While RBI gives a licence to e-wallet companies, whether these guidelines will apply to them is yet to be seen, says Deepak Chandnani, CEO, Worldline South Asia and Middle East, a payment and transactions company.
Zero liability: A customer has zero liability if the fraud or negligence is on the part of the bank, even if the customer does not report the fraudulent transaction. If the fault is neither the customer's nor the bank's but the customer notifies the bank within three working days of receiving a communication about the transaction, there is no liability on the customer.
Limited liability: If the customer has shared payment details with an unauthorised person, the customer will be liable for the entire loss till the unauthorised transaction is reported to the bank. Once the transaction is reported, any loss after that will be borne by the bank.
In cases, where neither bank nor customer is responsible for the fraud, and there is a delay of four to seven working days on part of the customer in informing the bank, the customer's liability will be limited to the transaction value or Rs 5,000, whichever is lower.
If there is a delay in reporting beyond seven working days, the customer liability will be determined, according to the bank's board approved policy.
The circular also says once the customer informs the bank about a fraudulent transaction, the bank should credit the amount to the customer's account within 10 working days from the date of receiving the notification.
Banks may also use their discretion to waive any customer liability, in case of fraudulent transactions due to customer negligence.
Banks should resolve a complaint within 90 days of receiving it. Banks must also ensure that in case of a debit card or bank account, the customer does not lose out on the interest. And, in the case of credit card transactions, the customer does not bear any additional burden of interest.
The circular further says the burden of proving customer liability in unauthorised electronic banking transactions shall be on the bank. The bank's policy shall also specify the maximum time period for establishing customer liability, after which the customer will be compensated.
According to Reshmi Khurana, managing director, Kroll, India, a company that investigates fraud and data breach, the current rules pertaining to fraudulent transactions were set in 2002 and are quite open-ended. There was a general requirement for banks to respond quickly and promptly to address the complaint but there was a need to introduce a law about who is liable - which is what RBI has done with the current draft proposal.
"Currently, if the value of the fraudulent transaction is small, most banks reimburse customers in order to avoid reputational risk and to retain customers. But, the draft proposal puts the onus firmly on banks. It will have a trickle-down effect on smaller banks,'' she says.
Illustration: Uttam Ghosh/Rediff.com