With the recent rise in credit card frauds, it is quite obvious to be curious that who is more liable of such frauds – you or your bank? Does the cardholder should always bear the loss due to fraud or instead banks shall absorb the expenses? To end this dilemma, the Reserve Bank of India (RBI) recently revised the draft guidelines on Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions. Now, let’s understand how these guidelines can safeguard your interest before, during and after an unauthorized transaction on your credit card.
What should you do when a fraudulent transaction is conducted on your account?
The moment you realise that a fraudulent transaction is being carried out on your account or credit card, you will have to act swiftly with some patience as well.
- Inform your bank about the unauthorized transaction as soon as possible, maximum within 3 days of occurrence. You can inform by contacting them via Toll Free number, customer care number, phone banking, SMS, email, or by visiting any closest branch of the same bank.
- Banks’ loss and fraud reporting system will immediately acknowledge your complaint and share a registered complaint number for your reference to keep a track of further developments.
When are you liable for fraudulent transaction and when not
Scenarios when you are not held liable
There are two scenarios when customers are not liable:
- In case of credit card frauds, negligence or lack of appropriate checks on the part of bank, even if the customer fails to report it to the bank. For example malware attack or large-scale account hacking.
- When the fraud occurs due to your negligence but you report the incident within 3 working days. For example, loss of credit card or sharing account/card details with strangers.
Scenarios when you are held liable
You are liable when you delay reporting the fraudulent transaction to the bank by more than 3 working days.
- Delay in reporting by 4 – 7 working days : You will have to pay an amount equal to the transaction value or as per the bank’s Board’s policy, whichever is lower. Refer ‘Table 1’ for more details. But even in such a scenario, you are liable only for the loss occurred till the time you report the incident to the bank. So, even if unauthorized transactions continue to persist (which is unlikely as banks block the card or account when informed of breach or loss), you won’t have to bear the losses.
- Delay in reporting beyond 7 working days : In this case also, you will be liable as per the bank’s Board’s approved policy. The maximum liability will vary according to the account that has been breached. For instance, in case of savings account, your maximum liability is Rs. 5000, whereas for credit cards (with limit > Rs 5 lakhs) the maximum liability is Rs 25,000. Refer ‘Table 2’ for details.
Table 1: Customer’s Liability during Fraudulent Transactions ( by days )
|Days taken to report the fraudulent transaction||Customer’s liability|
|Within 3 working days||Zero liability|
|Within 4 to 7 working days||Transaction amount or the amount mentioned in Table 2, whichever is lower|
|Beyond 7 working days||As per bank’s Board-approved policy|
When you delay reporting the incident by more than 7 days, you will be liable to pay as per the bank Board’s-approved policy (refer Table 2 for details).
Table 2: Details of Customer Liability in case of Fraudulent Transactions (By Account Type)
|Type of Account||Maximum liability|
|BSBD (Basic Savings Bank Deposit) Accounts||Rs. 5,000|
Another crucial aspect that RBI has touched upon is making it banks’ responsibility to prove customer liability in case of unauthorized electronic banking transactions. As a result, banks will have to prove that the fraud occurred due to customers’ negligence. Instances of customer negligence include disclosing card details to someone or losing credit or debit card.
What happens after you report a fraudulent transaction?
The moment when you notify the bank regarding unauthorized transaction, your bank’s representatives will immediately block your account or card, after confirming some personal details. Afterwards you report fraud, you shall not be held liable if any other unauthorized transactions may occur. However, if the initial unauthorized transaction happened due to your negligence and you reported the incident after 3 working days, your respective bank will have to decide on your liability, according to RBI’s guidelines (Refer tables 1 and 2 above).
If bank happens to dispute the transaction you have reported, then the burden of proof will fall on your bank. It will have to prove that either you acted fraudulently or shared sensitive information and were complicit in the fraud. In such a scenario, if the bank dismisses your complaint or responds in dissatisfactory manner, you can try reaching your bank’s ombudsman. After proper investigation, the ombudsman shall announce its ruling. If you are not contented with this ruling, you can also reach out to the appellate authority, headed by the Deputy Governor of RBI, within 30 days of previously said ruling. Post this, the only option left is to approach High Court to resolve fraud.
When will the fraudulent transaction be reversed?
If you notify the bank within 3 days of unauthorized transaction, your liability is zero. So, the bank will have to credit the amount within 10 working days from the date of notification. However, if there is any delay in reporting fraud, your bank may follow few liability rules as laid out in the above tables or might waive off your liability.
RBI Guidelines for Banks – How to Protect Customers Against Unauthorized Transactions?
The Reserve Bank of India has come up with a Two-Part approach to deal with such frauds. Part One includes advisory and awareness campaigns. Herein banks will have to constantly advise customers on how to protect themselves from electronic banking and payments related frauds. This information can be shared via Email, SMS and Interactive Voice Response (IVR). Part Two shall include setting up of processes and mechanisms by banks to prevent and detect frauds.systems and procedures to ensure safe and secure electronic banking transactions, including transactions conducted at or via ATMs, POS, banks’ mobile app and net banking.
Banks will have to set up:
- Systems and procedures to ensure safe and secure electronic banking transactions, including transactions conducted at or via ATMs, POS, banks’ mobile app and net banking.
- Robust fraud detection and prevention mechanisms, so that banks become aware of malware attacks or hacking at the earliest and are able to take swift action.
- Processes to assess the risks that can arise from unauthorized transactions and the liabilities resulting from such events.
- Measures to reduce risks and protect themselves (i.e., banks) against potential liabilities.
- Grievance redressal platform where customers can file complaints regarding unauthorized account breach or transactions.
How do banks ensure secure transactions?
Mandatory Registering for SMS Alerts: The only way to ensure whether authorized transactions are carried out is to notify customers every time whenever there is any transaction on their account, whether it is savings account or credit card. Banks will have to make it compulsory for customers to register for SMS alerts and even e-mail alerts for electronic banking transactions. So, whenever a transaction will happen in your account, you will immediately get an SMS on your registered mobile number and your registered email address with your bank.
If in case customers do not agree or wish to share their mobile numbers, RBI has directed banks not to offer any service of electronic transactions, except ATM cash withdrawals.
What are unauthorized or fraudulent transactions?
An unauthorized transaction is a transaction that was not performed by you and did not allow anyone else to make. Fraudulent transactions could be made by any stranger or someone you do not know, or someone who steals your card or account information for personal benefits. Unauthorized transactions may occur via numerous methods, such as phishing, hacking and skimming.
Let’s take a look at some of the most common ways, how unauthorized transactions are carried out:
- Cards intercepted during transit: This happens when you open a new account or get a new credit card. Suppose you opened a new savings account on 15th Jan and received your welcome kit (i.e. cheque book, debit card, IPin, etc) on 20th Jan. Now, if during this time you notice any activity happening with your account, it will be the bank’s liability not yours.
- Skimming: This happens when the information in your card’s magnetic strip is copied by inserting it in an electronic device. This data is used to create a counterfeit card using your card’s details to make purchases.
- Phishing: These are email traps, where you receive mails from people supposedly working at banks or government agencies and asking for confidential details pertaining to your account or credit card. Most of these emails direct you to bogus sites and prompt you to share account-related information.
- Account Takeover: This happens when you unknowingly share your personal information, such as address, date of birth, account number, card number and expiry date, with a stranger, who can use it to make online purchases.
- Loss of debit or credit card: If you happen to lose your card, chances are it may land up in the hands of a fraudster who can use it to conduct transactions till the time you report it lost and get it blocked.
- Card-not-present (CNP) fraud: Here, the fraudster would use your card number and expiry date to conduct a transaction over phone or mail. In such cases, the card need not be present physically and card verification code (CVV) may not be required, making it easy for the fraudster.
Also read: 2-minute to Credit Card Fraud
Tips to Conduct Online Transactions Safely
Given the amount of time we spent in front of a computer screen, it’s important to follow some simple steps to ensure all our financial transactions, such as net banking and online bookings and purchases are secure. Take a look:
- Anti-virus software: Always use a licensed and latest version of anti-virus software to ensure complete protection against malware, phishing and Trojan virus.
- Auto-update all software: Web browser companies regularly update their software by periodically releasing patches or version updates. It can be difficult to keep up with these updates manually, so it’s better to activate the auto-update option for all software installed in your computer or mobile
- Use different passwords: Don’t keep a common password for all your bank accounts, credit cards, emails and many other online accounts. Ensure you have a unique and different password for each account and never share it with anyone.
- Avoid using public computers: When conducting financial transactions, avoid using public computers those include internet cafes or any public place where internet usage is accessible. Most of these systems do not have requisite anti-virus software, thus compromising your account’s security.
- Conduct online purchases with reputed companies or merchants: When making purchases online, it is important to ensure that the merchant’s website is secure. One of the ways to ensure is checking whether the site is “https” and also make sure that there is lock symbol before the site’s name in the address bar. A lot of small merchants do not implement tough security mechanisms, making customers more vulnerable to data breach.
Our Advice –
Tips to Conduct Mobile Transactions Safely
With the advent of banks’ mobile apps and wallets, such as PayTM and Freecharge, it has become even more important to ensure that you follow “safe” mobile banking procedures. Here are a few ways that can help you gain safe mobile banking experience without compromising on your financial security:
- Be cautious: Don’t save your account details, such as PINs, passwords and account numbers on your mobile phones. And, if you happen to use a banking app or a mobile wallet, don’t activate the automatic login feature. By ensuring these habits, your accounts will be safe even if you lose your mobile phone.
- Avoid making transactions on public networks: While free Wi-Fi hotspots are a big hit nowadays, they aren’t the safest platforms for conducting transactions. It is recommended to always use your mobile service provider or Wi-Fi connection that is secure and password protected.
- Use official apps: With the Internet teeming with banking apps and wallets, it’s important that you download only the official versions of these apps. Using unofficial apps makes you susceptible to data breach or mobile hacking as these apps’ data security features may be too lax or already compromised.
- Avoid spam mails and messages: If you happen to check your mails on the go, it’s best to avoid spam mails as they contain malicious links. Note that secure weblinks start with “https” and “http”. Similarly, in the case of SMSes and WhatsApp messages, don’t follow any link shared in form of text.
- Use social media wisely: While a lot of people share absolute details about their life voluntarily on social media, it is better to exercise restraint when it comes to financial information. Also, avoid clicking on suspicious posts that may lead you to third-party sites and solicit confidential personal information.
- Be careful when answering calls from unknown numbers: Nowadays, a lot of scammers call up people and ask for account or card details on the pretext that your account has been blocked or deactivated and that these callers will help recover it. Do not disclose your account information as this is just another way of getting their hands on your sensitive financial information.
To sum up, here’s what you should do to avoid incurring losses caused by an unauthorized transaction:
- Register your mobile number and email id with your bank for notifications.
- Inform your bank immediately in case of loss of card or account hacking or any fraudulent transaction.
- Get your account or card blocked to prevent any further loss.
- Keep a record of all your correspondence with the bank officials, whether telephonic or via email.
- Follow up with the bank with respect to action or steps taken after your notification.
- Monitor your account regularly to keep a track of any fraudulent transactions, if conducted.
- Contact banking ombudsman, if you are not satisfied with the bank’s resolution.