Research and Articles
- Debt Funding in India Series
- Private Equity Corner
- The Startups Series
- Court Corner
- Investment Funds: Monthly Digest
- Insolvency and Bankruptcy Hotline
- Deal Destination
- New Publication
- M&A Interactive
- Lit Corner
- Private Debt Hotline
- Food & Beverages Hotline
- Companies Act Series
- Gaming Law Wrap
- Private Client Wrap
- GIFT City Express
- Regulatory Hotline
- Capital Markets Hotline
- Tax Hotline
- Corpsec Hotline
- Dispute Resolution Hotline
- M&A Hotline
- Pharma & Healthcare Update
- Competition Law Hotline
- HR Law Hotline
- IP Hotline
- Telecom Hotline
- FEMA Hotline
- Social Sector Hotline
- iCe Hotline
- SEZ Hotline
- Media Hotline
- Funds Hotline
- Education Sector Hotline
- International Trade Hotlines
- Other Hotline
- Real Estate Update
- Realty Check
- White Collar and Investigations Practice
- Legal Update
- IP Lab
- Cross Examination
- Technology & Tax Series
- Technology Law Analysis
- Yes, Governance Matters.
- Financial Service Update
Regulatory HotlineJuly 14, 2017
Boost to e-payments - customers given protection for fraudulent transactions
- Customer not liable for amounts lost in fraudulent / unauthorized transactions where default not attributed to the customer, if reported to the bank within 3 working days.
- Mechanism set out to determine customer liability arising out of unauthorized transactions based on time taken to report such transactions to the bank.
- Banks to shadow reverse credit amounts lost by customers through unauthorized transactions within 10 working days from notification by the customer.
- Onus of proving liability of customers arising out of unauthorized transactions lies with the bank.
India’s central bank, i.e. the Reserve Bank of India (“RBI”) had issued a circular1 last week pertaining to customer protection and limiting the liability of customers in unauthorised electronic banking transactions (“Circular”). The Circular was issued pursuant to a recent surge in customer grievances relating to fraud and unauthorized transactions.
The objective of the Circular appears to be two fold - a clearer mechanism to determine and mitigate the liability of customers in the event of unauthorized transactions; and to ensure that banks devise policies, systems and procedures in promoting customer awareness on electronic transactions, resolving customer complaints and crediting amounts due to customers on occurrence of unauthorized transactions.
SALIENT FEATURES OF THE CIRCULAR
Key highlights from the Circular are summarized below:
I. Reporting of unauthorized transactions
Banks must ask their customers to mandatorily register for SMS alerts and email alerts wherever available, for electronic banking transactions,
Banks must advise customers to notify the bank of any unauthorized electronic banking transaction at the earliest after occurrence of a transaction. The Circular provides that the longer the time taken by the customer to inform the bank, higher will be the risk of loss to the customer,
Banks must provide customers with 24x7 access through multiple channels (such as its website, phone banking, SMS, email, interactive voice response, dedicated toll-free helpline, reporting to home branch) for reporting unauthorized transactions that have taken place and / or loss or theft of payment instruments such as credit / debit cards,
The loss / fraud reporting system of the bank should ensure an immediate response is sent to customer acknowledging the complaint along with the registered complaint number,
Banks should not offer facilities of electronic transactions other than ATM cash withdrawals, to customers who do not provider their mobile numbers to the bank.
II. Liability of the customer
The Circular provides that the liability of a customer pursuant to the occurrence of unauthorized transactions should be determined based on the following events:
If any one of the above events occur, the customer will not be liable for amounts debited from their account from an unauthorized transaction.
Hence, the customer will be liable to a limited extent (as per the table above) for amounts debited from their account from an unauthorized transaction occurring under any one of the above events.
Liability as per the bank’s policy
If the delay in reporting of the unauthorized transaction is beyond 7 (seven) working days.
It is pertinent to note that the Circular provides that banks may also at their discretion waive off any customer liability in case of unauthorized electronic banking transactions even in cases of customer negligence.
III. Reversal of amounts by banks to customers’ accounts
In the event the customer’s liability is zero / limited to certain amounts as per the table above, banks should credit (shadow reverse) the amount involved in the unauthorized transaction to the customer’s account within 10 (ten) working days from the date of such notification by the customer (without waiting for settlement of an insurance claim, if any).
However, if the customer is found to be liable to a limited extent, such amount payable by the customer to the bank may be debited by the bank from the customer’s account.
IV. Strengthening of policies, systems and procedures by banks
Banks should put in place:
appropriate systems and procedures to ensure safety and security of electronic banking transactions,
robust and dynamic fraud detection and prevention mechanisms,
mechanisms to assess risks resulting from unauthorized transactions and measure the liabilities arising out of such events,
appropriate measures to mitigate the risks and protect themselves against the liabilities arising therefrom,
systems to continually and repeatedly advise customers on how to protect themselves from electronic banking and payments related fraud,
Customer relation policies2 that define the rights and obligations of customers in case of unauthorized transactions.
V. Resolution of complaints
Banks should ensure that a complaint is resolved and the liability of a customer (if any) is established in accordance with the bank’s policy, but no later than 90 (ninety) days from the date of receipt of the complaint. If such complaint is not resolved or customer’s liability is not determined within 90 (ninety) days, the amount due to the customer as per the customer’s liability should be paid to the customer.
The Circular provides that the burden of proving customer liability in case of unauthorized electronic banking transactions should lie on the bank.
India has seen a rapid increase in the use of digital payments post the demonetization era, with the value of transactions via debit and credit cards being INR 41,062 Crores (approx. USD 6 billion), mobile banking being INR 149,923 Crores (approx. USD 21 billion) and pre-paid instruments being INR 2,148 Crores (approx. USD 300 million), for the month of March this year alone.3
However, the Indian financial services sector has also coincidentally been prone to fraudulent / unauthorised transactions in the recent past. Approximately 3.2 million debit cards were compromised last year as several customers reported unauthorized usage of such instruments from locations outside India4.
The Circular issued by the RBI would aid in securing the trust of banking customers engaged in electronic transactions along with facilitating further use of electronic and digital modes of payments as opposed to traditional cash payments.
However, the Circular does not specify the recourse that a customer may have if the customer is aggrieved with the determination of his/her liability by the bank and if amounts are subsequently debited from his/her account owing to such liability. In such an event, the aggrieved customer may need to follow the general procedure prescribed under the RBI regulations, i.e. filing a complaint with the ‘banking ombudsman5 for resolution of his/her grievance or undertake the filing of a civil suit.
Nevertheless, the introduction of this Circular is a welcome step reflecting a progressive approach by the Indian government to encourage electronic / online payments in India.
1Circular on Customer Protection – Limiting Liability of Customers in Unauthorized Electronic Banking Transactions, dated July 6, 2017. Available at: https://rbi.org.in/Scripts/BS_CircularIndexDisplay.aspx?Id=11040. Last accessed: July 11, 2017.
2To be displayed on the bank’s website along with details of a grievance handling / escalation procedure.
3Card and mobile banking volumes see decline, steep rise in UPI transactions, dated April 6, 2017. Available at: http://www.business-standard.com/article/economy-policy/card-and-mobile-banking-volumes-see-decline-steep-rise-in-upi-transactions-117040501530_1.html. Last accessed: July 11, 2017.
43.2 million debit cards compromised; SBI, HDFC Bank, ICICI, YES Bank and Axis worst hit, dated October 20, 2016. Available at: http://economictimes.indiatimes.com/industry/banking/finance/banking/3-2-million-debit-cards-compromised-sbi-hdfc-bank-icici-yes-bank-and-axis-worst-hit/articleshow/54945561.cms. Last accessed: July 11, 2017.
5As appointed under The Banking Ombudsman Scheme 2006.