Introduction
With the rapid growth of electronic banking, digital payments, internet banking, mobile banking, UPI, debit cards, and credit cards, cases of unauthorized electronic transactions have also increased. These include frauds such as phishing, vishing, SIM swap fraud, card cloning, malware attacks, and OTP-based frauds.
To protect customers and ensure trust in digital banking, the Reserve Bank of India (RBI) has issued clear guidelines regarding Customer’s Liability in Unauthorized Electronic Banking Transactions.
Understanding when the customer is liable and when the bank is liable is crucial.
Meaning of Unauthorized Electronic Transaction
An unauthorized electronic transaction refers to a transaction carried out in a customer’s bank account without the customer’s knowledge or consent.
It may happen through:
- Internet banking fraud
- Mobile banking fraud
- ATM/debit card misuse
- Credit card fraud
- UPI fraud
- Phishing emails
- Fake phone calls (vishing)
- SIM swap fraud
If the transaction is not initiated or authorized by the customer, it is considered unauthorized.
RBI Guidelines on Customer Liability
RBI issued a circular on “Customer Protection – Limiting Liability of Customers in Unauthorized Electronic Banking Transactions.”
The objective of these guidelines is:
- To protect customers from fraud losses
- To define clear liability rules
- To encourage digital payments
- To strengthen customer confidence
The liability of the customer depends on:
- Who is responsible for the fraud
- Whether there was negligence
- How quickly the customer reports the fraud
Situations Where Customer Has Zero Liability
Customer has zero liability in the following cases:
• If the unauthorized transaction occurs due to negligence or deficiency on the part of the bank
• If there is a third-party breach (like system hacking) and the customer has not contributed to the fraud
• If the customer reports the fraud to the bank within 3 working days of receiving communication
In these cases:
- The entire loss will be borne by the bank.
- The customer’s account must be credited within 10 working days.
- The bank cannot delay compensation.
This is very important for exam purpose:
If customer reports within 3 days → Zero liability.
Limited Liability of Customer
Customer’s liability becomes limited in certain cases.
If reported within 4 to 7 working days
If the customer reports the unauthorized transaction within 4 to 7 working days, then the customer’s liability is limited as per RBI prescribed limits.
The maximum liability depends on the type of account.
For example:
- Basic Savings Bank Deposit Account (BSBDA) – up to ₹5,000
- Other savings accounts – up to ₹10,000
- Current / Cash Credit / Overdraft accounts – up to ₹25,000
The remaining loss beyond this limit must be borne by the bank.
Situations Where Customer Bears Full Liability
Customer will bear full loss if:
- The fraud occurs due to customer’s negligence
- The customer shares OTP, PIN, password, CVV, or confidential details
- The customer delays reporting beyond 7 working days
If the delay is beyond 7 working days, liability will be as per the bank’s internal policy.
This is known as contributory negligence.
Examples of contributory negligence:
- Sharing OTP with fraudster
- Writing PIN on card
- Clicking suspicious phishing links
- Disclosing password to unknown caller
In such cases, customer is responsible until reporting the fraud.
Time Factor in Reporting
Time of reporting is extremely important in deciding liability.
• Reporting within 3 working days → Zero liability
• Reporting between 4 to 7 working days → Limited liability
• Reporting after 7 working days → As per bank policy
Therefore, customers are advised to inform the bank immediately after detecting unauthorized transaction.
Bank’s Responsibilities
Banks have certain mandatory responsibilities:
• Provide 24×7 reporting facility
• Send transaction alerts through SMS and email
• Enable easy blocking of cards
• Credit disputed amount within 10 working days
• Resolve complaint within 90 days
If bank fails to resolve within 90 days, customer must be compensated.
Banks must also implement:
- Two-factor authentication
- Secure encryption
- Risk monitoring systems
- Fraud detection systems
Burden of Proof
In case of dispute, the burden of proving customer negligence lies on the bank.
This is an important exam point.
Bank must prove:
- Customer shared confidential information
- Customer acted negligently
If bank cannot prove negligence, customer cannot be made liable.
Reversal of Amount
Once customer reports fraud:
- Bank must credit the amount within 10 working days
- Customer should not suffer loss of interest
- No charges should be levied
The account should be restored to the position as if fraud had not occurred.
Role of Banking Ombudsman
If customer is not satisfied with bank’s resolution, complaint can be made to:
- Banking Ombudsman under RBI Integrated Ombudsman Scheme
The Ombudsman can order compensation.
Electronic Banking Risk Perspective
From risk management angle, unauthorized transactions fall under:
- Operational Risk
- Cyber Risk
- Fraud Risk
Banks must adopt:
- Strong IT governance
- Information security policies
- Customer awareness programs
- Regular system audits
Risk mitigation reduces bank’s financial and reputational risk.
Importance of Customer Awareness
RBI and banks continuously educate customers:
• Do not share OTP
• Do not click suspicious links
• Use strong passwords
• Regularly check account statements
• Report fraud immediately
Customer awareness reduces fraud cases significantly.
Key Exam Points to Remember
• Zero liability if reported within 3 working days
• Limited liability if reported within 4–7 working days
• Full liability in case of customer negligence
• Bank must credit amount within 10 working days
• Complaint resolution time – 90 days
• Burden of proof lies on bank
Conclusion
Customer’s Liability in Unauthorized Electronic Transactions is an important concept in retail banking and digital banking regulation. RBI has clearly defined liability rules to balance protection of customers and accountability of banks.
The main principle is:
If customer acts responsibly and reports fraud quickly, the bank bears the loss.
If customer is negligent or delays reporting, liability increases.
Understanding this framework is essential for banking professionals to handle customer complaints, manage operational risk, and ensure regulatory compliance.