JOIN USElectronic payment, a customer-centric step
The use of information technology by banks and their constituents has grown rapidly and is now an integral part of the operational strategies of banks. The ‘Payment and Settlement System in India – Vision 2018’ envisages building best of class payment and settlement systems for a ‘less-cash’ India through responsive regulation, robust infrastructure, effective supervision and customer centricity.
Customer centricity broadly includes strengthening customer grievance redress mechanism, enhancing customer education and awareness, and protection of customer interest. Bank customers are now relying more on electronic transactions. The demonetisation of high value currency notes in November 2016 provided boost to migrate to digital mode.
For example, the monthly debit and credit cards transaction at point of sale (POS) peaked at 311 million (Rs 522.2 billion) in December 2016 and in the month of June 2017, it was at 224.1 million (Rs 455.4 billion).
However, the electronic transactions are sensitive for security and open to fraud. There is no single solution/foolproof way to protect the data. Frauds happen through phishing, hacking, stealing of banking information or through cloning of credit and debit cards.
The number, frequency and impact of cyber incidents/attacks have increased manifold. So have grievances against online frauds. As per the annual report of Banking Ombudsman 2016, the debit and credit card related complaints come to 21.2% (nearly 22,000) of the total yearly complaints.
With the thrust on financial inclusion and customer protection and considering the recent surge in customer grievances relating to unauthorised transactions resulting in debits to the accounts/cards, for determining the customer liability, RBI has issued final guidelines on July 6, 2017. This is based on the draft guidelines issued in August 2016.
The unauthorised electronic transactions include both remote/online transactions like net banking, mobile banking etc, and face to face transactions requiring payment instruments to be presented at the point of transactions like ATM, POS etc.
If the loss is due to negligence of a customer (sharing the payment credentials), the customer shall be liable for the entire loss occurred due to unauthorised transactions. However, the loss occurring after reporting shall be borne by the bank. When unauthorised transaction occurs on account of contributory fraud/negligence on the part of the bank, there will be no liability to the customers even if the customer fails to report.
If the transactions are on account of third party breach (neither with the bank nor with the customers) and if the customer notifies the bank within three working days of receiving the communication, there will not be any liability on the customers.
If information is provided within four to seven working days, maximum customer’s liability will be limited to Rs 5,000 (Basic Savings Accounts), Rs 10,000 (Savings Accounts, accounts of small and medium enterprises, CA/OD/CC accounts with yearly average balance of Rs 25 lakh and credit cards with limit of Rs 5 lakh) and Rs 25,000 for other CA/OD/CC accounts besides credit card limit of over Rs 5 lakh.
For reporting beyond seven working days, the customer liability shall be determined as per individual bank’s board approved policy. Banks shall provide the policy details at the time of account opening, display the policy in public domain and also inform the existing customers.
On being notified by the customer, the bank shall provide value dated credit (in case of debit card/bank account, the customer does not suffer loss of interest, and in case of credit card, the customer does not bear any additional burden of interest).
Customer liability
The burden of proving customer liability arising out of unauthorised electronic banking transactions is on the bank. Banks may also, at their discretion, decide to waive off any customer liability in case of unauthorised electronic banking transactions even in cases of customer negligence.
Banks are required to send alerts by SMS mandatorily and emails (if registered). Unauthorised electronic transactions are to be notified to the bank by customers without any loss of time. Banks are required to offer 24x7 access through multiple channels (via website, phone banking, SMS, e-mail, IVR, a dedicated toll-free helpline, reporting to home branch, etc) for reporting unauthorised transactions.
Customers can instantly respond by “Reply” to the SMS and e-mail alerts. A direct link for lodging the complaints, with specific option to report unauthorised electronic transactions is to be provided by banks on home page of their website.
Customers have to invariably provide mobile numbers to avail of electronic transactions facility (other than ATM cash withdrawals). Thus, today, customers can further migrate to electronic transactions with confidence. However, they have to track the notification of unauthorised transactions received through SMS/email and inform the bank within three working days.
Even when the unauthorised transaction happens on account of customer’s negligence (sharing the payment credentials), the customer has to notify the bank and is not liable for the transactions after notification. Customers have to invariably register their mobile numbers to do online transactions – other than ATM cash withdrawals.
(The writer, a retired banker, is with ICICI Manipal Academy, Bengaluru)