By: Pune Pulse
November 21, 2023
Pune: Earlier this month, a technical error caused the bank to mistakenly transfer a total of Rs 820 crore to the accounts of certain customers of Kolkata-based UCO Bank via the mobile-based Immediate Payment Service (IMPS) system.
The majority of the money that customers had to pay the bank was recovered, but this has caused major apprehension about the security of their accounts and what their customers should do to prevent such activities.·
Kinds of electronic transactions vulnerable to fraud
Online transactions (such as Internet banking, mobile banking, and prepaid transactions) and face-to-face transactions (which necessitate the presence of a physical payment instrument, such as a card or mobile phone, at the point of transaction, such as through an ATM or a point-of-sale terminal) are the two main categories into which the Reserve Bank of India divides electronic transactions.
The establishment of systems and procedures to guarantee the safety and security of electronic banking as well as a strong fraud detection and prevention mechanism has been mandated for banks
.· Advice to Banks :
Banks need to measure the potential liabilities resulting from any systemic gaps that could lead to unauthorized transactions. Additionally, they have been told to take precautions to lessen risks and shield themselves from liabilities brought on by fraud. Additionally, banks must constantly and repeatedly give their clients advice on how to guard against fraud involving electronic payments and banking.·
Recommendations to customers from banks :
Banks are required to request that their clients register for SMS alerts. As soon as an email address is registered, alerts via email are generated. Clients must report any unauthorized electronic banking transactions to their bank as soon as possible after they take place.·
Facilities from banks to customers to report fraud :
A website, phone banking, SMS, email, IVR, and a dedicated toll-free helpline for reporting unauthorized transactions and loss/theft of payment instruments, such as cards, are the minimum amenities that banks offering e-banking services must provide their clients. Allowing them to report these to the home branch should also be provided.
Additionally, banks have been asked to allow users to instantly reply to SMS and email alerts regarding fraudulent transactions, eliminating the need to look up a website or email address. Banks should provide on their homepage a direct link for filing complaints, along with particular options for reporting unauthorized electronic transactions.
Additionally, the reporting system will make sure that customers receive a prompt response from the company acknowledging their complaint and receiving a complaint number.
In order to ascertain the full extent of a customer’s liability, banks’ communication systems must document the time and date of message delivery as well as the receipt of any customer response.
Customers who do not share mobile numbers may only be eligible for an ATM cash withdrawal and not be eligible for any other electronic transaction services from banks.
Banks are required to stop additional unauthorized transactions from occurring in the account after receiving a report of an unauthorized transaction from the customer.·
Customer liability for such transactions : As soon as a customer notices a transaction of this nature, they must notify the bank. There is a greater chance of loss for the bank or the customer the longer it takes to notify the bank. Whether or not the customer reports the transaction, they are not liable for any unauthorized transactions that happen due to contributory fraud, negligence, or deficiencies on the part of the bank.
According to RBI regulations, if a customer notifies the bank about an unauthorized transaction within three working days of receiving notification from the bank, they will not be held liable in the event of third-party fraud. In the event of unauthorized electronic banking transactions, the bank will bear the burden of establishing customer liability.
In cases where it can be demonstrated that a customer shared payment credentials, that customer is responsible for any losses resulting from unauthorized transactions. Even so, the loss will be restricted until the client notifies the bank of the unauthorized transaction. Since it is the bank’s responsibility to take precautions after the transaction has been reported, the bank will bear any loss that occurs after the unauthorized transaction has been reported.
The customer’s per transaction liability will be limited to a maximum of Rs 5,000 for a basic savings account and Rs 10,000 for other savings, current accounts with limits up to Rs 25 lakh, and credit cards with a cash credit limit of up to Rs 5 lakh in situations where the unauthorized transaction was not the result of a bank or customer error and the customer notified the bank within four to seven working days. The maximum liability for accounts over this amount is Rs 25,000.
The bank’s board-approved policy will be followed to determine the customer’s liability if the reporting delay exceeds seven working days.