Has your bank account been debited for a transaction you haven’t done? Here’s what to do
A lot of us would have gone through this. You wake up in the morning and check your messages and see that at 2.30 AM Rs 20,000 has been spent on your credit card for three lace wigs from a department store in Houston, Texas. But the only problem is, you are New Delhi, at 2.30 AM you were fast asleep, and you have never even thought about buying a wig, let alone three.
Such instances of banking fraud is becoming all too common in India. With Prime Minister Narendra Modi pushing for a less cash economy, it becomes all the more important to fix the problem of digital frauds.Read more ↓
Keeping this mind and seeing a rise in customer complaints regarding unauthorised electronic transactions, the Reserve Bank of India (RBI), in July, released new rules which makes it safer for customers to transact electronically.
On July 6, 2017, the RBI issued a notification, Customer protection – limited liability of customers in unauthorised electronic banking transactions. The good news is that the onus is on the banks to prove that a fraud has taken place, but customers should inform the bank as soon as possible to avoid being penalised.
What banks have to do
According to the notification, “the systems and procedures in banks must be designed to make customers feel safe about carrying out electronic banking transactions.” Banks must ask their customers to mandatorily register for SMS alerts and wherever available register for e-mail alerts. Further, banks have been told to not to offer the facility of electronic transactions, other than ATM cash withdrawals, to customers who do not provide mobile numbers.
Banks also have to inform customers that they should notify the bank as soon as possible of any unauthorised electronic transaction and that the longer they take to notify the bank, the higher will be price they have to pay.
Now let us take a look at what the customer has to do:
Zero liability of a customer
If the fraud happens due to negligence from the bank’s end, the customer obviously is not liable. For instance, if there is a glitch on the backend of the bank where customer details are compromised, then you will not be liable to pay. Or if bank employees are involved in fraudulent activities where they give away customer details. The RBI notification states that if a ‘third-party’ breach happens when neither the bank nor the customer is at fault, and the customer informs the bank within three working days, here, too, the customer is not liable to pay.
Who is a third-party you may ask. Well, scammers and fraudsters are getting more creative by the day. It can happen at an ATM (skimming, card trapping etc.), by using public Wi-Fi, malware in ATMs or bank servers, at merchant outlets where you swipe your credit or debit card, or even on your own computer (using ways like pharming and so on).
So, to protect yourself and your money, the first step is make sure you apply for the SMS and email alerts service of your bank. The second step would be to intimate the bank as soon as you get the alert that money has been debited from your account. Do it within three days. If you do not, then depending on how long you take, your liability increases.
Limited liability of a customer
Now if the bank is at fault, you do not pay, but if the fraud or wrongful debit has happened because of your negligence, then you will have to bear the brunt. This could happen if you mentioned your PIN number or password in passing or left it lying around and someone used it without your knowledge. The good news is that even though this transaction has happened due to your negligence, if you report it to the bank before seven working days (and after three days) from receiving the debit message, the RBI notification says that the per transaction liability of the customer will be limited to the transaction value or an amount set by the central bank, whichever is lower.
And if you take more than seven days, “the customer liability shall be determined as per the bank’s Board approved policy,” says the RBI notification.
How long will it take for the reversal?
Banks have to credit or reverse the unauthorised electronic transaction to the customer’s account within 10 working days from the date of notification by the customer. And once reported, in case of debit card or bank account fraud, the bank should ensure that the customer does not suffer loss of interest. If the transaction has happened on a credit card, the customer should not have to additional burden of interest.
Also, once reported, banks have to resolve the case within 90 days from the date of receipt of the complaint.
Systems to be put in place by banks
RBI’s circular has said that banks must provide customers 24/7 access through multiple channels like SMS, email, IVR and so on for reporting unauthorised transactions. A new facility that banks have been asked to provide is that of allowing customers to “instantly respond by “Reply” to the SMS and e-mail alerts and the customers should not be required to search for a web page or an e-mail address to notify the objection”.
What should you do?
Banking frauds are on the rise and RBI has released data in March of this year which corroborates this fact. In total there were 3,870 cases of fraud worth Rs 17, 750 crore. Our lives will only get more reliant on technology and tricksters will only come up with more innovative ways to steal our hard earned money. So, take the necessary precautions and do not give out your bank or credit card details to anyone who you do not trust and – we cannot stress this fact enough – inform the bank as soon you get to know of a wrongful transaction in your account.
Former, RBI governor, Raghuram Rajan, in his book, I do what I do, wrote that “technology can magnify the reach of finance bad purposes as well as good.” He goes on to say talk about tricksters sending emails supposedly from him asking customers to collect large sum of money from the RBI by just giving them their bank account details. This is a clear case of phishing. “Let me assure you that RBI does not give out money, I do not send out these emails, and if you do fall for these emails, you will lose a lot of money to crooks and be reminded of the adage – if it looks too good to be true, it probably is not true,” wrote Rajan.