Banks must be told within three days: RBI
New Delhi: The RBI on Thursday said that the customer will have to bear the entire loss of unauthorised internet and mobile banking or ATM transactions if it happens due to customer negligence like sharing his or her payment credentials.
“In cases where the loss is due to negligence by a customer, such as where he has shared the payment credentials, the customer will bear the entire loss until he reports the unauthorised transaction to the bank. Any loss occurring after the reporting of the unauthorised transaction shall be borne by the bank,” said RBI.
There will be “zero liability of a customer” in case of third party breach where the deficiency lies “neither with the bank nor with the customer but lies elsewhere in the system.”
However, the customer will have to notify the bank within three working days of receiving the communication from the bank regarding the unauthorised transaction. A customer’s entitlement to zero liability will also arise where the unauthorised transaction occurs due to “contributory fraud/negligence/deficiency on the part of the bank (irrespective of whether or not the transaction is reported by the customer)”, RBI said.
The maximum liability of a customer will be '25,000 in cases where the responsibility for the unauthorised electronic banking transaction lies neither with the bank nor with the customer, but lies elsewhere in the system and when there is a delay of four to seven working days.
If the fraud is report after seven days, the customer liability will be determined as per the bank’s Board approved policy. The maximum liability of a savings bank account customer will be Rs 10,000 in such cases.
Referring to reversal timeline for zero liability/limited liability of customer, RBI said the bank should credit (shadow reversal) the amount involved in the unauthorised electronic transaction to the customer’s account within 10 working days of reporting of the fraud.
This has to be done without waiting for settlement of insurance claim, if any, RBI added. The Reserve Bank further said that banks must ask their customers to mandatorily register for SMS alerts and wherever available register for e-mail alerts, for electronic banking transactions. “The SMS alerts shall mandatorily be sent to the customers, while email alerts may be sent, wherever registered,” it added.