Phishing Frauds and Customer Liability

Here is an interesting paper about how in US and EU, losses arising out of password thefts such as Phishing are not borne by the customers. RBI needs to take special note of this.

In particular I would like to draw attention to the following part of the paper.


“In the US, Regulation E of the Federal Reserve limits consumer liability, in the event of fraud, to $50 (this is separate from the $50 limit for credit-card fraud, Regulation CC) and covers any electronic transfer that is initiated through an electronic terminal, telephone, computer or magnetic tape.”

In the US banks, brokerages, and credit unions are governed by this regulation and most go beyond it and o ffer a zero liability policy to consumers. Bank of America,for example,guarantees zero liability for any unauthorized activity originating from Online Banking or Bill Pay.” Wells Fargo says “We guarantee that you will be covered for 100 percent of funds removed from your Wells Fargo accounts in the unlikely event that someone you haven’t authorized removes those funds through our Online Services.” Fidelity “will reimburse your Fidelityaccount for any losses due to unauthorized activity” and “under HSBC’s $0 Liability, Online Guarantee, you’re covered 100% and liable for $0.”

Even non-traditional financial institutions off er this guarantee. For example in its Dec. 2009 10-K fi ling eBay states: “PayPal currently voluntarily reimburses consumers for all financial losses from transactions not authorized by the consumer, not just losses above $50.”

Thus, in the US, individual consumers are largely insulated from the direct fi nancial consequences of credential theft” .


It is time RBI takes note of these and introduces similar policies in India also.


Print Friendly, PDF & Email

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Bank, Cyber Crime, Cyber Law, Information Assurance. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.