Customer liability limited to Rs 25,000 if bank frauds reported in 7 days

If an unauthorised transaction takes place, amount will need to be credited within 10 working days

The Reserve Bank of India (RBI) on Thursday held that banks are responsible for liability arising out of any unauthorised electronic banking transactions that cause distress to customers. The regulator also said that a customer will have to inform banks about such transactions within a reasonable time period.

This is the second time since May that the central bank is taking a pro-customer approach to safeguard users against online frauds. RBI said it was doing so considering "the recent surge in customer grievances relating to unauthorised transactions resulting in debits to their accounts/cards."

In a statement on its website, the central bank said a customer is free of liability when the unauthorised transaction is due to a fault or negligence on the bank's part, even if she does not contact the bank.

The customer also has a zero liability towards the bank if the fraud has been perpetrated by a third party, or if there is a fault in the system. However, for that, the customer has to alert the bank within three days of getting an intimation of a fraudulent transaction.

Recently, the Indian banking system was hit by a malware at the switch provider's end, which led to huge unauthorised transactions outside the country. The Reserve Bank had instructed the banks to bear the expenses of the customers hit by the fraud. Banks also asked customers to change their pins as well as cards in many cases.

Notwithstanding the umbrella cover offered to the customer on these transactions, if the communication from the customer's end is delayed and intimation is given after four to seven working days, the customer has to face a liability of Rs 5,000, Rs 10,000 and Rs 25,000, depending on the type of bank account or card.

If the intimation is delayed beyond that, the liability will be decided by the bank's board approved the policy.

"In cases where the loss is due to negligence by a customer, such as where he has shared the payment credentials, the customer will bear the entire loss until he reports the unauthorised transaction to the bank," RBI said.

Once it is brought to the notice of the bank, the customer is free of liability of future unauthorised transactions on that account.

The banks must credit the amount of the unauthorised transaction from the customer's account within 10 working days from the customer notifying the bank and resolve a customer's complaint within 90 working days or compensate them for the delay.

RBI has also directed that the systems and procedures in banks must be designed to make customers feel safe about carrying out electronic banking transactions. Banks must also ask their customers to mandatorily register for SMS alerts and send SMS alerts to their customers.

The banks should ensure that the customers have 24x7 access through multiple channels to report fraudulent transactions. Electronic transactions can include both online payments as well as transactions via automated teller machines (ATMs), and Point of Sale (PoS) systems and mobile banking, among others, the RBI said.