RBI beefs up security norms for digital transactions, but it's not enough
Moving in the right direction to support the government's push for digital India, the Reserve Bank of India (RBI) has beefed up security norms for online transactions.
The customers, according to the new rules, will not suffer any loss if unauthorised electronic banking transactions are reported within three working days. The amount lost, in such a scenario, would be credited back in the customer's bank account within 10 days.
In case of a third party breach, where the responsibility lies “neither with the customer nor the bank”, there would be zero liability for the customer if he/she notifies the bank within three working days of notification of the transaction by the bank.
In case the customer reports the unauthorised third-party transaction within four to seven working days, a customer's maximum liability will be between Rs 5,000 and Rs 25,000, depending on the type of account and credit card limit.
The loopholes
Even though the RBI has taken proactive steps to safeguard the interests of bank customers, the guidelines fall short.
For example, the rules with regards to negligence of the the account holder remain weak. It is to be noted that most bank frauds happen only due to the negligence of customers, which is actually a result of ignorance and unfamiliarity with the new age banking ecosystem.
The fact that banks are forcing their customers to use Automated Teller Machines (ATMs) to take out or deposit cash, order cheque books, update their Aadhaar and mobile numbers, many uneducated people take the help of someone standing in the queue. This sharing of sensitive information makes them vulnerable.
While banks are saving costs by making most operations automated, not every bank customer understands machines.
Therefore, the RBI would do well to make it mandatory for banks to deploy official staff - not a security guard, who is not to be found most of the time - to help customers with their transactions in ATMs located in the bank's branch.
Another area of concern is the payment gateways that help conduct fraudulent transactions. Many online phishing syndicates dupe customers by creating fake websites for products that customers are looking to purchase. Customers make payments for products that they want to purchase on fake websites. The payments to these online frauds happen through some payment gateways, which need to be blacklisted through an information sharing mechanism between banks.
As of now, banks do not take any action against such payment gateways, unless the customer holds some influence.
Allow chargebacks
A chargeback is a form of customer protection provided by the issuing banks, which allows debit/credit cardholders to file a complaint against fraudulent transactions on their account. If the cardholder files a dispute, the issuing bank makes an investigation into the complaint. If the complaint is found to be genuine, the bank refunds the original value to the cardholder and recovers the money from the merchant's payment gateway.
Therefore, the option of chargeback insulates customers against all types of online frauds.
But in India, the option of chargeback is available selectively.
“In India, a customer can file a dispute only in case of a credit card transaction. The guidelines are not clear about debit cards and online fund transfers. The RBI should make the option of chargeback available for all sorts of transactions like in the United States,” said David Oscar, director, Angel Technologies, a company that provides IT support and services to US based clients.
The RBI must remember that, unlike the US or other developed countries, a large section of India's population, even within metros, is not very savvy with modern day technology. But since they are being forced to go digital by banks, it is the responsibility of the Indian banking sector to ensure there is no victimisation of the naive customers.