Here is an interesting paper about how in US and EU, losses arising out of password thefts such as Phishing are not borne by the customers. RBI needs to take special note of this.
In particular I would like to draw attention to the following part of the paper.
“In the US, Regulation E of the Federal Reserve limits consumer liability, in the event of fraud, to $50 (this is separate from the $50 limit for credit-card fraud, Regulation CC) and covers any electronic transfer that is initiated through an electronic terminal, telephone, computer or magnetic tape.”
In the US banks, brokerages, and credit unions are governed by this regulation and most go beyond it and offer a zero liability policy to consumers. Bank of America,for example,guarantees zero liability for any unauthorized activity originating from Online Banking or Bill Pay.” Wells Fargo says “We guarantee that you will be covered for 100 percent of funds removed from your Wells Fargo accounts in the unlikely event that someone you haven’t authorized removes those funds through our Online Services.” Fidelity “will reimburse your Fidelityaccount for any losses due to unauthorized activity” and “under HSBC’s $0 Liability, Online Guarantee, you’re covered 100% and liable for $0.”
Even non-traditional financial institutions offer this guarantee. For example in its Dec. 2009 10-K filing eBay states: “PayPal currently voluntarily reimburses consumers for all financial losses from transactions not authorized by the consumer, not just losses above $50.”
Thus, in the US, individual consumers are largely insulated from the direct financial consequences of credential theft” .
It is time RBI takes note of these and introduces similar policies in India also.