In its Annual Report 2017-18 released today, the RBI has explained the framework on limiting liability of customers in unauthorised electronic banking transactions.
Below are the salient features of the framework:
A customer need not bear any loss if the deficiency is on the part of the bank and in cases where the fault lies neither with the bank nor with the customer but lies elsewhere in the system and the customer notifies the bank within three working days of receiving the communication from the bank about the unauthorised transaction.
Where the loss is due to customer’s negligence, the customer has to bear the entire loss until the unauthorised transaction is reported to the bank. In cases where the fault lies neither with the customer nor with the bank but lies elsewhere in the system and the customer reports the unauthorised transaction with a delay of four to seven working days after receiving the communication about the transaction, the maximum liability of the customer ranges from Rs 5,000 to Rs 25,000, depending on the type of account/instrument.
Liability as per Board-approved policy
If the unauthorised transaction is reported beyond seven working days, the customer liability shall be determined as per the bank’s Board-approved policy. The bank is required to credit (shadow reversal) the amount involved in the unauthorised electronic transaction to the customer’s account within 10 working days from the date of notification by the customer. The bank has to resolve the complaint and establish the liability of the customer, if any, within 90 days of the receipt of the complaint. Further, banks have been mandated to require the customers to register their mobile numbers for SMS alerts and for electronic transactions.