A consumer court in the city has ordered Axis Bank to refund Rs 10 lakh to a senior citizen who was a victim of a fraudulent transaction.
Sixty-five-year-old CK Sreenathan lost Rs 10 lakh on May 15, 2013. Two transactions of Rs 5 lakh each had been transferred out of his account at Axis Bank's JP Nagar branch, The Times of India reported.
When he received an SMS informing him that the money had been transferred from his account, Sreenathan realised he had not received any OTPs (one time password) for the transactions. Soon after, he filed a written complaint with the bank and also registered an FIR with the JP Nagar police.
The manager of the bank told him that the money had been transferred online to two back accounts – an HDFC account in Mumbai and an IndusInd Bank account in Bhopal.
But for more than one-and-a-half years, neither was the bank able to retrieve his money nor were the police able to make any headway in the case.
In 2015, a frustrated Sreenathan approached the Bangalore Urban II Additional District Consumer Disputes Redressal Forum and filed a complaint against Axis Bank.
He stated that his account had been hacked due to the bank’s failed security measures. However, the bank maintained that the customer had made the transactions himself.
On December 16, the court ordered Axis Bank to refund Sreenathan Rs 10 lakh with interest, along with paying his court expenses.
Slamming the bank for blaming the customer, the court observed that there was security lapse on Axis Bank’s part.
The judges also said that Axis Bank had failed to probe the incident according to guidelines specified by the Reserve Bank of India.
RBI notification
Laying down the norms for limiting customer liability in online banking frauds, the Reserve Bank of India (RBI) earlier this year directed banks to credit the amount involved in unauthorised electronic transactions within 10 working days to the account holder.
"With the increased thrust on financial inclusion and customer protection, and considering the recent surge in customer grievances relating to unauthorised transactions resulting in debits to their accounts/cards, the criteria for determining the customer liability in these circumstances have been reviewed," RBI said in a notification.
In cases of zero and limited liability of the patron "on being notified by the customer, the bank shall credit the amount involved in the unauthorised electronic transaction to the customer's account within 10 working days from the date of such notification by the customer (without waiting for settlement of insurance claim, if any)", it said.
Banks may also, at their discretion, decide to waive off any customer liability in case of unauthorised electronic banking transactions even in cases of customer negligence, the notification added.
RBI also said that banks need to ask their customers to mandatorily register for SMS alerts and e-mail alerts for electronic banking transactions.
"The SMS alerts shall mandatorily be sent to the customers, while email alerts may be sent, wherever registered. The customers must be advised to notify their bank of any unauthorised electronic banking transaction at the earliest after the occurrence of such transaction, and informed that the longer the time taken to notify the bank, the higher will be the risk of loss to the bank/customer," it said.
Further, banks shall ensure that the resolution of a customer complaint does not exceed 90 days from the date of receipt of the complaint, and the customer is compensated as per its provisions.
"In case of debit card/bank account, the customer does not suffer loss of interest, and, in case of credit card, the customer does not bear any additional burden of interest," it said.
RBI also noted that the customer should not delay in reporting the fraud beyond seven days. "If the delay in reporting is beyond seven working days, the customer liability shall be determined as per the bank's Board approved policy."
Zero liability of a customer
A customer is entitled to zero liability when the unauthorised transaction occurs due to negligence/deficiency on the part of the bank (whether or not the transaction is reported by the customer).
It also applies in the case where neither the customer nor the bank are at fault – it was entirely a third party’s doing. In this case, the customer is expected to notify the bank within three working days of receiving communication of the unauthorised transaction.
Limited liability of a customer
In the case where a customer has been negligent and shared his payment credentials with a third party, thus leading to the fraud, then he/she will bear the entire loss till the time he/she reports it to the bank. Any transactions that occur after the fraud is reported shall be borne by the bank.
“In cases where the responsibility for the unauthorised electronic banking transaction lies neither with the bank nor with the customer, but lies elsewhere in the system and when there is a delay (of four to seven working days after receiving the communication from the bank) on the part of the customer in notifying the bank of such a transaction, the per transaction liability of the customer shall be limited to the transaction value or the amount mentioned, whichever is lower," it said.
(With IANS inputs)