Earlier this month, UCO Bank encountered a significant technical glitch that led to the erroneous transfer of Rs 820 crore through the mobile-based Immediate Payment Service (IMPS) system. While the majority of the funds have been recovered, the incident has raised concerns about account security, prompting a need for clear guidelines on what customers and banks should do to prevent such occurrences.
Kinds of electronic transactions vulnerable to fraud
Electronic transactions, categorized into online and face-to-face transactions by the Reserve Bank of India, encompass activities like Internet banking, mobile banking, prepaid transactions, and physical transactions requiring payment instruments. Ensuring the safety and security of these transactions is crucial, with the RBI mandating banks to establish robust systems and procedures for fraud detection and prevention.
Advice to Banks:
Banks are urged to evaluate potential liabilities arising from systemic gaps leading to unauthorized transactions. Precautions to minimize risks and protect against fraud liabilities are essential. Continuous communication to clients on safeguarding against electronic payment fraud is also mandated.
Recommendations to customers from banks:
Banks are required to prompt customers to register for SMS alerts, with email alerts generated upon email registration. Reporting any unauthorized electronic transactions promptly is emphasized.
Facilities from banks to customers to report fraud:
Banks must provide reporting options through a website, phone banking, SMS, email, IVR, and a dedicated toll-free helpline. Immediate response options to SMS and email alerts and a direct link for filing complaints on the homepage are necessary.
Customer liability for such transactions:
Customers must notify the bank immediately upon discovering unauthorized transactions to limit potential losses for both the bank and the customer. According to RBI regulations, customers reporting unauthorized transactions within three working days are not liable for third-party fraud. The bank bears the responsibility of proving customer liability.
In cases where contributory fraud or negligence is proven, the customer’s liability is limited based on the type of account and reporting time. Per transaction liability is capped at Rs 5,000 for basic savings accounts and Rs 10,000 for other accounts. For accounts exceeding Rs 25 lakh, the maximum liability is Rs 25,000. The bank’s board-approved policy determines liability in cases of reporting delays exceeding seven working days.