“Zero Liability for E Banking”… Let there be competitive compliance drive.. to join the Hall of Fame

A Bold Initiative by RBI

Just as our PM Mr Modi bit the bullet by demonetizing the Rs 500/1000 notes despite the stiff resistance from many, RBI has bit the bullet in issuing the Zero Liability guideline on E Banking transactions.

We need to congratulate Mr Urjit Patel for showing the courage in issuing the circular without making any critically adverse changes to the draft circular released in August 2016.

In the past, whenever RBI tried to bring in Customer friendly regulations, Bankers have always resisted the changes and in such cases, RBI has always been the one to yield. When Damodaran Committee on Customer Services made some very good suggestions in 2011, the recommendations were not operationalized by RBI ostensibly because Bankers were not supportive. Some of the suggestions made in that committee is now part of the Zero Liability circular of July 6, 2017.

We hope the same boldness will characterize the two more guidelines that we are expecting from RBI in the near future namely the “Bitcoin Regulation” and “P2P Lending Guidelines”.

For the time being we are happy that Mr Urjit Patel and his team has responded with a concern for the consumers in the Digital India environment where there is a push from the Government for adoption of digital methods of payment for which part of the population is not mentally equipped and hence need regulatory support with compassion.

Banks need to be reminded that when RBI or concerned citizens are speaking of “Zero Liability”, we are speaking in the interest of genuine customers of the Bank on whom the Banks should be more concerned than us. Most of the time when Banks respond in a friendly manner and pay back the fraudulent amount lost, they will not only be winning a loyal customer back and preventing him from shifting out but also a person who will get many more good customers to the Bank. On the other hand, when Banks start litigating against the customer, they are actually condoning the actions of a fraudster in preference to a genuine, honest though some what gullible and negligent customer and losing him and his friends for ever.

We can see some of this concern also reflected in the RBI’s circular if we closely observe some of the wordings used.

The systems and procedures in banks must be designed to make customers feel safe about carrying out electronic banking transactions.

Banks should put in place a system of continually and repeatedly advising customers on how to protect themselves from electronic banking and payments related fraud.

The SMS alerts shall mandatorily be sent to the customers, while email alerts may be sent, wherever registered.

 The existing customers must also be individually informed about the bank’s policy.

Banks must provide customers with 24×7 access through multiple channels (at a minimum, via website, phone banking, SMS, e-mail, IVR, a dedicated toll-free help line, reporting to home branch, etc.) for reporting unauthorised transactions that have taken place and/ or loss or theft of payment instrument such as card, etc.

Banks shall also enable customers to instantly respond by “Reply” to the SMS and e-mail alerts and the customers should not be required to search for a web page or an e-mail address to notify the objection, if any.

Further, a direct link for lodging the complaints, with specific option to report unauthorised electronic transactions shall be provided by banks on home page of their website.

The loss/ fraud reporting system shall also ensure that immediate response (including auto response) is sent to the customers acknowledging the complaint along with the registered complaint number.

The communication systems used by banks to send alerts and receive their responses thereto must record the time and date of delivery of the message and receipt of customer’s response, if any, to them.

On receipt of report of an unauthorised transaction from the customer, banks must take immediate steps to prevent further unauthorised transactions in the account.

Banks may also at their discretion decide to waive off any customer liability in case of unauthorised electronic banking transactions even in cases of customer negligence.

 The burden of proving customer liability in case of unauthorised electronic banking transactions shall lie on the bank.

 Banks shall formulate/ revise their customer relations policy, with approval of their Boards, to cover aspects of customer protection, including the mechanism of creating customer awareness on the risks and responsibilities involved in electronic banking transactions and customer liability in such cases of unauthorised electronic banking transactions. 

The policy shall be displayed on the bank’s website along with the details of grievance handling/ escalation procedure. The instructions contained in this circular shall be incorporated in the policy.

As an ex-Banker, I have always treasured the slogan of our Bank “Good People to Grow With” and hope this should be remembered by the new generation Bankers who focus only on profits even if it is at the cost of a good customer.

I urge  Banks like ICICI Bank, Axis Bank, PNB and SBI who have many past pending litigation from their customers  to respond positively and apply the guidelines under this circular to all their present litigations by settling the disputes by mediating with the customers. There should be no ego barriers in agreeing to pay back the customers of the losses they were made to suffer because of Phishing or other problems.

Don’t Blame Victim Customers 

Today, I saw a report in Times of India in which a Banker was quoted as saying

“We have had cases where the customer swore he had never shared his credentials but it turned out that the electronic payment was made by family members using the customer’s credential,”. 

The comment is attributed to a retail head of a Private Bank. I suppose this person whose identity has not been provided in the report should remember that there are many many more cases in which the Bank employees are hand in glove with the fraudsters in committing the fraud.

If the Banks donot open accounts for fraudsters without proper KYC, most of the phishing frauds would not occur. If the Banks take care to inspect their ATMs and check the working of CCTVs, many of the ATM frauds donot occur. If the Banks are careful that their own employees donot leak the passwords to the fraudsters, many frauds would not happen. If the Bank’s Information Security team understands how to configure “Adaptive Authentication”, many of the frauds would not occur.

I need not stress how Bankers have indulged in frauds that facilitated in conversion of black money by opening benami accounts, granting loans against non existent properties, unviable loans to industrials in consideration of the bribes paid to the bank executives.

So blaming a negligent or ignorant victim-customer and pass derogatory remarks that he could be fraudulently claiming loss is deplorable.

I hope that this “Retail head” who is blaming the customers as “Fraudulent” should turn his head inwards and see where the bigger fraudsters can be found.

I wish that this person tenders an apology to the public for making such derogatory comments. he should appreciate that the customers who approach the Bank reporting a fraud are “Victims of Fraud” and even if he has been cheated by his own family members, or spouse or a driver or other close acquaintances, it does not make him a willing fraudster himself. He has to be treated with respect.

If this is not understood, that person is unsuitable to be a “Retail head” in a Banking institution. I wish his top bosses in the Bank take note of this.

I wish Times of India reveals the identity of this person and seeks an apology from him and Times Now takes this up as an indication of “VIP Arrogance” like the politicians who throw fish at the officials or use chappals to hit Airline officials.

Another Executive Director of a Private Bank is reported to have expressed unhappiness that they will have to invest more on SMS and Monitoring services.

….Dear friend,

If you cannot secure the transactions you want to profit from, you have to avoid the risk by refraining from E-Banking. Donot expect poor customers to take the cost of insuring themselves while Banks introduce services without proper security.

Next time when you travel on an airplane if you find that the airline is not following proper security measures, because it costs more money, will you tolerate?

Remember that Banks exist for the Customers and By the Customers and not the other way round.

Naavi.org will now keep watching how different Banks start responding to the new RBI circular and periodically we shall report on this website the compliance efforts taken by the Banks. I request customers of the Banks to report their observations. I also invite Banks to report their own measures of compliance in this regard.

Naavi.org will also try to create a Hall of Fame to recognize those banks who do more than others to follow the spirit of this RBI Circular by watching the developments as reported in the websites of these Banks.

Let their be a “Competitive Compliance Effort” between the Banks to be more compliant than the other and Customers gravitate towards those Banks who are Customer oriented and use Technology to provide better service than to simply make more profits. We will soon provide the parameters for evaluation of the “Compliance Index” with specific reference to this Circular and indicate it on this site. Suggestions in this regard from other Customer Service organizations and Concerned citizens are welcome.

In the first phase, we will chose the top 5 Banks and evaluate them for compliance after one month.  The Banks which will be observed for compliance in this first phase will be State Bank of India, Punjab National Bank, ICICI Bank, HDFC Bank and Axis Bank.

Watch out for this “First Hall of Fame Evaluation”  report by next month.

Naavi

Also Read :

Business News

Moneylife

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

2 Responses to “Zero Liability for E Banking”… Let there be competitive compliance drive.. to join the Hall of Fame

  1. Pingback: “Zero Liability for E Banking”… Let there be competitive compliance drive.. to join the Hall of Fame – Kiwi Lead

  2. Jeanene says:

    Pretty great post. I simply stumbled upon your blog and wanted to mention that I’ve really loved surfing around your blog posts. After all I’ll be subscribing for your feed and I am hoping you write again very soon!|

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.