The Reserve Bank of India has taken steps to make card and online payments safer by limiting customer liability in digital banking frauds.
In response to growing concerns of unauthorised electronic banking transactions, the Reserve Bank of India has come out with new rules regarding customer liability in cases of fraud.
"With the increased thrust of financial inclusion and customer protection and considering the recent surge in customer grievances relating to unauthorised transactions, the customer liability in these circumstances has been reviewed," the RBI said in a statement.
Banks are now required to credit the amount involved in a third-party fraudulent transaction to the account holder within 10 working days without waiting for settlement of insurance claim (if any).
The directive from India's central banking institution has made it mandatory for banks to ask all customers to register for text message alerts. Banks shall also allow the reporting of suspicious transactions through a reply to alert messages besides through other channels like emails, phone banking, and a direct link on the bank's website.
There will be zero liability of the customer “in case of third-party breach where the deficiency lies 'neither with the bank nor with the customer but lies elsewhere in the system'," the RBI circular said. However, this is applicable only if the unauthorised transaction is reported within three working days of its occurrence.
For cases of fraud reported between four to seven days, "a customer's maximum liability will be from Rs 5,000 to 25,000, depending on the type of accounts and credit card limit." Additionally, for fraudulent transactions reported after seven days, the customer's liability will be determined by the bank's policy.
Any loss incurred due to the negligence of the account holder (such as sharing payment credentials), shall be borne by the customer until the transaction is reported to the bank. But the bank will bear any loss occurring after the transaction has been reported.