Did you know that every time you swipe a card, you may be exposing yourself to a hacker or a fraudster? Recently the Reserve Bank of India (RBI) said that there has been a surge in grievances relating to unauthorised transactions. In 2016, banks reported multiple instances of data breaches, especially with debit and ATM cards. In 2013, too, banks had reported several instances where Indian credit cards were used fraudulently from websites overseas—while, even today, many online fraudulent transactions remain unreported. However, that doesn’t mean you should stop electronic transactions.
To ensure that banks provide more protection to customers’ electronic transactions, last week the regulator issued a notification on customer protection in case of electronic banking transaction. You can read it here.
In the notification, RBI clearly spelt out banks’ as well as customers’ liabilities in case of unauthorised electronic banking transactions. Here is what it means for you.
Imagine you get a message from your bank saying Rs25,000 is debited from your account. However, you didn’t do the transaction. Your immediate response may be to call your bank, send an email or maybe even visit a branch.
The RBI’s notification wants banks to provide more options for reporting fraudulent transaction immediately. For instance, today when you get an SMS or an email about a transaction, you cannot reply to it. The RBI has asked banks to enable services so that customers can instantly respond by replying to the SMS or email alerts they get from banks. Soon you may be able to respond instantly to any SMS that you believe could be about a fraudulent transaction. The regulator has also asked banks to provide a direct link for lodging complaints, with a specific option to report unauthorised electronic transactions on the home page of banks’ websites. Currently, you don’t have this option on the home page. “For the things that RBI has listed, all banks will have to work with their core banking teams that looks at protocols on intimations. We also have to give details to the vendors. Hence, it will take time for banks to make these changes,” said Puneet Kapoor, senior executive vice president, Kotak Mahindra Bank Ltd.
Reporting a fraud is the first step to dealing with it. The regulator has given a structure on how to do it. Bankers say that these reporting requirements existed earlier also but now there is a standard time frame for reporting them, and your liability is linked to the timeline.
To begin with, if an unauthorised transaction takes place and the bank is responsible for it, then even if the customer doesn’t report the fraud, the customer has zero liability. This means the bank will make good any losses you may incur. “Most banks take an insurance on fraudulent attacks such as skimming and hence the customers’ liability too gets limited when it gets reported,” said Sangram Singh, head-cards and payments business, Axis Bank Ltd.
Now, say there is a third-party breach where neither the bank nor the customer is responsible and the customer responds within 3 working days. Then too the customer doesn’t have any liability. But in case you don’t report the fraud within 3 days but within 4 to 7 working days after receiving the communication from the bank, you will have limited liability for the transaction. Limited liability means you will incur some monetary loss for the fraud.
But what if you report after 7 days? In such a situation the bank will decide what to do. While these policies will vary from bank to bank, all banks have been asked to put details of their policy in the public domain and also inform customers about it individually. Remember that the above timeline starts after the day complaint was made. And the working days are counted based on the schedule of the home branch. Also, once reported, the RBI has asked banks to resolve the case within 90 days from the date of receipt of the complaint.
In cases where you share responsibility for a fraudulent transaction, or you have limited liability due to late reporting, the central bank has listed out the liabilities in detail. If the loss is due to your negligence, you bear the entire loss till the time it was reported to the bank. For instance, if you have shared your PIN or password with anyone and the money was stolen, you have to bear the loss. But even in such cases, any loss occurring after the reporting of the unauthorised transaction will be borne by the bank. Wherever you have limited liability, the amounts have been capped in the range of Rs5,000-25,000. The amount depends on the kind of account you use. For instance, for a basic savings account, the liability is capped at Rs5,000. For other savings accounts, prepaid instruments, gift cards, and credit cards with limits of up to Rs5 lakh, your liability is limited to Rs10,000. For credit cards with limits above Rs5 lakh, liability is capped at Rs25,000.
Now, what happens to the money that gets lost due to the fraudulent transactions? Once you inform the bank, the bank has to credit the amount involved in the unauthorised electronic transaction to your account within 10 working days from the date you raise the alert. In case of debit card or bank account fraud, the customer does not suffer loss of interest. In case of credit cards, the customer does not bear any additional burden of interest.
What you should do
Just because roads are prone to accidents, do you stop driving on the road? To avoid accidents, you take safety measures and follow the rules. Similarly, you should protect yourself from frauds in case of online transactions.
How can you do this? If you use online transactions or swipe cards, you should sign up for all the SMS and email alerts for electronic banking transactions. This is the easiest way to know if there has been any movement in your account. In case of any unauthorised transaction, you should immediately inform your bank. When you register a complaint, banks record its time and date, which is important to determine the extent of your liability. Hence, ensure that you don’t delay the process.