All those who've fought long, painful battles with their banks over online fraud through access to passwords can take some comfort. Victims should henceforth be much better protected from financial disaster thanks to a new directive.
Customers of such fraud will only be liable to the extent of Rs 10,000--the bank has to make good the rest of the amount. While the banks aren't too keen on the change and most are yet to formally accept it, they don't seem to have a choice. The Reserve Bank of India has the last word on banking rules and the directive is part of the code prepared by its Banking Codes and Standard Board of India (BCSBI) unit, which seeks to ensure that customers do not get a raw deal.
Banks are usually implacable when it comes to redressing such losses, asking customers to prove their innocence before restitution is made.
The new code says that for any unauthorised internet banking transactions, the customer's liability is limited, irrespective of the funds moved out of the account. An unauthorised transaction is one that doesn't have the express and implied approval of the account holder.
"Where the customer has divulged the password or colluded directly or indirectly, the customer cannot disown the debit and is responsible for the transaction," said AC Mahajan, chairman, BCSBI.
However, where he has neither contributed nor caused the debit or where he has notified or informed the bank about an unauthorised debit, the customer's liability is limited to maximum of Rs 10,000. Also, after notifying the bank he will not be liable for any unauthorised debit thereafter."
He added: "If a third party manages to get hold of the user ID or password in an unauthorised manner and any debit takes place and which he notifies the bank, the maximum loss will be Rs 10,000."
Also, the code says that customers will not be liable for any losss due to unauthorised fund transfers taking before they receive the password for internet banking transactions.
If the customer says that the unauthorised transfer of funds has been on account of a security breach by the bank and this is established, there will be no loss of money. Further, the onus will be on the banks to establish that customers have compromised the secrecy of their password. RBI data shows that technology related bank frauds have fallen in volume but risen in value.
In 2011-12, nearly 10,048 such fraudulent transactions for a value of Rs 38 crore were reported while in 2012-13 there were nearly 8,765 transactions worth Rs 67 crore.
In some instances, the liability could be lower than Rs 10,000. The new code says that in the event of any unauthorised transactions, this would be the lower of the following options: the actual loss at the time of notifying the bank; the limit set for such transactions; the balance available for withdrawal; a maximum of Rs 10,000.
For instance, if a customer has a balance of Rs 5,000 but the fraudster transfers Rs 25,000 by taking a temporary overdraft, the loss would be limited to the minimum balance of Rs 5,000 in the account.
Economics Times, New Delhi, 24-06-2014