Research and Articles
- Capital Markets Hotline
- Companies Act Series
- Climate Change Related Legal Issues
- Competition Law Hotline
- Corpsec Hotline
- Court Corner
- Cross Examination
- Deal Destination
- Debt Funding in India Series
- Dispute Resolution Hotline
- Education Sector Hotline
- FEMA Hotline
- Financial Service Update
- Food & Beverages Hotline
- Funds Hotline
- Gaming Law Wrap
- GIFT City Express
- Green Hotline
- HR Law Hotline
- iCe Hotline
- Insolvency and Bankruptcy Hotline
- International Trade Hotlines
- Investment Funds: Monthly Digest
- IP Hotline
- IP Lab
- Legal Update
- Lit Corner
- M&A Disputes Series
- M&A Hotline
- M&A Interactive
- Media Hotline
- New Publication
- Other Hotline
- Pharma & Healthcare Update
- Private Client Wrap
- Private Debt Hotline
- Private Equity Corner
- Real Estate Update
- Realty Check
- Regulatory Digest
- Regulatory Hotline
- Renewable Corner
- SEZ Hotline
- Social Sector Hotline
- Tax Hotline
- Technology & Tax Series
- Technology Law Analysis
- Telecom Hotline
- The Startups Series
- White Collar and Investigations Practice
- Yes, Governance Matters.
Regulatory HotlineJuly 14, 2017
Boost to e-payments - customers given protection for fraudulent transactions
- Customer not liable for amounts lost in fraudulent / unauthorized transactions where default not attributed to the customer, if reported to the bank within 3 working days.
- Mechanism set out to determine customer liability arising out of unauthorized transactions based on time taken to report such transactions to the bank.
- Banks to shadow reverse credit amounts lost by customers through unauthorized transactions within 10 working days from notification by the customer.
- Onus of proving liability of customers arising out of unauthorized transactions lies with the bank.
India’s central bank, i.e. the Reserve Bank of India (“RBI”) had issued a circular1 last week pertaining to customer protection and limiting the liability of customers in unauthorised electronic banking transactions (“Circular”). The Circular was issued pursuant to a recent surge in customer grievances relating to fraud and unauthorized transactions.
The objective of the Circular appears to be two fold - a clearer mechanism to determine and mitigate the liability of customers in the event of unauthorized transactions; and to ensure that banks devise policies, systems and procedures in promoting customer awareness on electronic transactions, resolving customer complaints and crediting amounts due to customers on occurrence of unauthorized transactions.
SALIENT FEATURES OF THE CIRCULAR
Key highlights from the Circular are summarized below:
I. Reporting of unauthorized transactions
Banks must ask their customers to mandatorily register for SMS alerts and email alerts wherever available, for electronic banking transactions,
Banks must advise customers to notify the bank of any unauthorized electronic banking transaction at the earliest after occurrence of a transaction. The Circular provides that the longer the time taken by the customer to inform the bank, higher will be the risk of loss to the customer,
Banks must provide customers with 24x7 access through multiple channels (such as its website, phone banking, SMS, email, interactive voice response, dedicated toll-free helpline, reporting to home branch) for reporting unauthorized transactions that have taken place and / or loss or theft of payment instruments such as credit / debit cards,
The loss / fraud reporting system of the bank should ensure an immediate response is sent to customer acknowledging the complaint along with the registered complaint number,
Banks should not offer facilities of electronic transactions other than ATM cash withdrawals, to customers who do not provider their mobile numbers to the bank.
II. Liability of the customer
The Circular provides that the liability of a customer pursuant to the occurrence of unauthorized transactions should be determined based on the following events:
If any one of the above events occur, the customer will not be liable for amounts debited from their account from an unauthorized transaction.
Hence, the customer will be liable to a limited extent (as per the table above) for amounts debited from their account from an unauthorized transaction occurring under any one of the above events.
Liability as per the bank’s policy
If the delay in reporting of the unauthorized transaction is beyond 7 (seven) working days.
It is pertinent to note that the Circular provides that banks may also at their discretion waive off any customer liability in case of unauthorized electronic banking transactions even in cases of customer negligence.
III. Reversal of amounts by banks to customers’ accounts
In the event the customer’s liability is zero / limited to certain amounts as per the table above, banks should credit (shadow reverse) the amount involved in the unauthorized transaction to the customer’s account within 10 (ten) working days from the date of such notification by the customer (without waiting for settlement of an insurance claim, if any).
However, if the customer is found to be liable to a limited extent, such amount payable by the customer to the bank may be debited by the bank from the customer’s account.
IV. Strengthening of policies, systems and procedures by banks
Banks should put in place:
appropriate systems and procedures to ensure safety and security of electronic banking transactions,
robust and dynamic fraud detection and prevention mechanisms,
mechanisms to assess risks resulting from unauthorized transactions and measure the liabilities arising out of such events,
appropriate measures to mitigate the risks and protect themselves against the liabilities arising therefrom,
systems to continually and repeatedly advise customers on how to protect themselves from electronic banking and payments related fraud,
Customer relation policies2 that define the rights and obligations of customers in case of unauthorized transactions.
V. Resolution of complaints
Banks should ensure that a complaint is resolved and the liability of a customer (if any) is established in accordance with the bank’s policy, but no later than 90 (ninety) days from the date of receipt of the complaint. If such complaint is not resolved or customer’s liability is not determined within 90 (ninety) days, the amount due to the customer as per the customer’s liability should be paid to the customer.
The Circular provides that the burden of proving customer liability in case of unauthorized electronic banking transactions should lie on the bank.
India has seen a rapid increase in the use of digital payments post the demonetization era, with the value of transactions via debit and credit cards being INR 41,062 Crores (approx. USD 6 billion), mobile banking being INR 149,923 Crores (approx. USD 21 billion) and pre-paid instruments being INR 2,148 Crores (approx. USD 300 million), for the month of March this year alone.3
However, the Indian financial services sector has also coincidentally been prone to fraudulent / unauthorised transactions in the recent past. Approximately 3.2 million debit cards were compromised last year as several customers reported unauthorized usage of such instruments from locations outside India4.
The Circular issued by the RBI would aid in securing the trust of banking customers engaged in electronic transactions along with facilitating further use of electronic and digital modes of payments as opposed to traditional cash payments.
However, the Circular does not specify the recourse that a customer may have if the customer is aggrieved with the determination of his/her liability by the bank and if amounts are subsequently debited from his/her account owing to such liability. In such an event, the aggrieved customer may need to follow the general procedure prescribed under the RBI regulations, i.e. filing a complaint with the ‘banking ombudsman5 for resolution of his/her grievance or undertake the filing of a civil suit.
Nevertheless, the introduction of this Circular is a welcome step reflecting a progressive approach by the Indian government to encourage electronic / online payments in India.
1Circular on Customer Protection – Limiting Liability of Customers in Unauthorized Electronic Banking Transactions, dated July 6, 2017. Available at: https://rbi.org.in/Scripts/BS_CircularIndexDisplay.aspx?Id=11040. Last accessed: July 11, 2017.
2To be displayed on the bank’s website along with details of a grievance handling / escalation procedure.
3Card and mobile banking volumes see decline, steep rise in UPI transactions, dated April 6, 2017. Available at: http://www.business-standard.com/article/economy-policy/card-and-mobile-banking-volumes-see-decline-steep-rise-in-upi-transactions-117040501530_1.html. Last accessed: July 11, 2017.
43.2 million debit cards compromised; SBI, HDFC Bank, ICICI, YES Bank and Axis worst hit, dated October 20, 2016. Available at: http://economictimes.indiatimes.com/industry/banking/finance/banking/3-2-million-debit-cards-compromised-sbi-hdfc-bank-icici-yes-bank-and-axis-worst-hit/articleshow/54945561.cms. Last accessed: July 11, 2017.
5As appointed under The Banking Ombudsman Scheme 2006.