UNAUTHORIZED ELECTRONIC BANKING TRANSACTIONS – GUIDELINES BY

RESERVE BANK OF INDIA

Introduction

The Reserve Bank of India (RBI) is India's central banking institution, which Serve as banker
to central and state governments. RBI Work as supervisor and regulator of the banking &
financial system. It also Support the government in development of the country.As it is the
supervisor and regulator, RBI prvides its eminent advice and guidelines, wih matters concerning
to finance , banking , economy etc. RBI has the responsibility of regulating the nation's financial
system. As a regulator and supervisor of the Indian banking system it ensures financial stability
& public confidence in the banking system. RBI uses methods like On-site inspections, off-site
surveillance, scrutiny & periodic meetings to supervise new bank licenses, setting capital
requirements and regulating interest rates in specific
The RBI has directed the iNdian Financial Sector and economy , as a whole, at several
occassioons. Inorder to implement the Legal Identity Identifier (LEI) mechanism for all
financial market transactions undertaken by non-individuals in interest rate, currency or credit
markets regulated by RBI to improve transparency in financial markets, The Reserve Bank of
India released Draft Directions on requirement of Legal Entity Identifier Code for participation
in non-derivative markets. In a context , when Financial institutions were increasingly
outsourcing some of their operations as a means to access specialist expertise, not available
internally, and to reduce operational costs, RBI released draft Guidelines on Managing Risks and
Code of Conduct in Outsourcing of Financial Services by NBFCs. Therefore , areasWith the
economy entering into new arenas, its monitoring also have to enter those. Its only with such an
institution , can the economy run safe and better.

Unauthorized Electronic Banking Transaction

Online banking is getting increasingly popular among Millenials and urban population. On the
other side , In recent years, Indian banking system have been undergoing tremendous
transformation and implementing many innovative ideas to offer best in class products / services
to its customers. Most of the banks and financial institutions are now offering ICT (Information
& Communication Technology) based financial products and services to improve their business
efficiency and speed of services. The electronic banking services are like e-banking, internet
banking, electronic fund transfer, electronic clearing, mobile banking, UPI, Payments through
pre-paid wallets etc. With more and more people switching to online banking and digital
transaction, scammers have also started targetting people online. There are a lot of ways in which
fraudsters can steal your financial data which makes it easy for them to steal your money. we are
also witnessing an increase in unauthorized electronic banking transactions / online banking
frauds. With the increased thrust on financial inclusion and customer protection and considering
the recent surge in customer grievances relating to unauthorised transactions resulting in debits to
their accounts/ cards, the criteria for determining the customer liability in these circumstances
have been reviewed by RBI.
Guidelines by RBI

The Reserve Bank of India had issued draft norms related to “customer protection—limiting
liability of customers in unauthorized electronic banking transactions” in August, 2016. This
draft circular by the RBI sets out of the criteria for determining customer liability in case of
fraudulent electronic transactions. The circular directs banks to design systems in such a way that
customers feel safe about carrying out electronic banking transactions. The banks are directed to
put in place adequate safety & security systems, robust & dynamic fraud detection mechanism,
mechanism to assess risks resulting from fraudulent transactions and measures to mitigate risks
against liabilities. It mentioned about the zero liability and limited liability of a consumer. Given
the recent surge in grievances relating to unauthorized banking transactions, the banking
regulator has now revised the guidelines and has issued latest norms in determining
Customers/Banks liability in case of fraudulent online banking transactions.

The revised guidelines on Customer Protection – Limiting Liability of Customers in

Unauthorised Electronic Banking Transactions was issued on 6 July , 2017. The notification
stated that revised directions are being issued to curb the surge in customer grievances relating to
unauthorised transactions resulting in money debited to their accounts/ cards. The criteria for
determining customer liability in these circumstances were reviewed.

In the guidelines , initially RBI requires to design the systems and procedures in such a way to
make customers feel safe about carrying out electronic banking transactions. For this, banks must
ensure that there exists appropriate systems and procedures to ensure safety and security of
electronic banking transactions carried out by customers; robust and dynamic fraud detection and
prevention mechanism; mechanism to assess the risks (for example, gaps in the bank’s existing
systems) resulting from unauthorised transactions and measure the liabilities arising out of such
events; appropriate measures to mitigate the risks and protect themselves against the liabilities
arising therefrom; and a system of continually and repeatedly advising customers on how to
protect themselves from electronic banking and payments related fraud.

As a preventive measure against unauthorized transactions, Banks must ask their customers to
mandatorily register for SMS alerts and wherever available register for e-mail alerts, for
electronic banking transactions. c. Banks shall also enable customers to instantly respond by
"Reply" to the SMS and e-mail alerts and the customers should not be required to search for a
web page or an e-mail address to notify the objection, if any. In case of occurrence of such
transactions, it has been made compulsory to report it to bank. The customers must be advised to
notify their bank of any unauthorised electronic banking transaction at the earliest after the
occurrence of such transaction, and informed that the longer the time taken to notify the bank,
the higher will be the risk of loss to the bank/ customer. To facilitate this, banks must provide
customers with 24x7 access through multiple channels (at a minimum, via website, phone
banking, SMS, e-mail, IVR, a dedicated toll-free helpline, reporting to home branch, etc.) for
reporting unauthorised transactions that have taken place and/ or loss or theft of payment
instrument such as card, etc.
With regard to unauthorized electronic banking effecting a customer ,there are two cases as
metioned in draftguidelines too , They are zero liability of a consumer and Limited liability of a
consumer. A customer is entitled to zero liability if there is contributory fraud/ negligence/
deficiency on the part of the bank, irrespective of whether or not the transaction is reported by
the customer. In case of a third party breach where the deficiency lies neither with the bank nor
with the customer but lies elsewhere in the system, and the customer notifies the bank within
three working days of receiving the communication from the bank regarding the unauthorised
transaction, the customer has no liability. Whereas , In cases where the loss is due to negligence
by a customer, such as where they have shared the payment credentials, the customer will bear
the entire loss until they report the unauthorised transaction to the bank. Any loss occurring after
the reporting of the unauthorised transaction shall be borne by the bank. In cases where the
responsibility for the unauthorised electronic banking transaction lies neither with the bank nor
with the customer, but lies elsewhere in the system and when there is a delay (of four to seven
working days after receiving the communication from the bank) on the part of the customer in
notifying the bank of such a transaction, the per transaction liability of the customer shall be
limited to the transaction value.
On being notified by the customer, the bank shall credit (shadow reversal) the amount involved
in the unauthorised electronic transaction to the customer’s account within 10 working days from
the date of such notification by the customer (without waiting for settlement of insurance claim,
if any). Banks may also at their discretion decide to waive off any customer liability in case of
unauthorised electronic banking transactions even in cases of customer negligence.
Conclusion
With regard to the cases of unauthorized electronic transaction occurring in banking sector,
RBI has made a very positive intervention. The mechanisms that are advised and guidelines that
are issued , definitely addresses the customer grievances. Its in fact , very much supportive and
helpful for customers who are victims of such fraud transcations. If all banks , take it as their
responsibility to abide by the RBI guidelines , this will definitely bring transparency and
betterment in online and other digital transactions.