- While you may be able to recover the money, the process takes time
- People should avoid using unsecured WiFi and have the latest anti-virus software on their devices
With the number of bank frauds increasing, you need to be doubly careful about your transactions, especially online ones. According to the Reserve Bank of India’s (RBI) annual report for 2018-19, the number of cases of frauds reported by banks increased by 15% in 2018-19 on a year-on-year basis, with the amount involved rising by 73.8% from ₹41,167 crore in 2017-18 to ₹71,543 crore in 2018-19. Frauds related to advances (90.2%) were predominant while frauds relating to card, internet and deposits constituted only 0.3% of the total value of frauds in 2018-19, amounting to ₹220 crore.
Most fraudsters start with obtaining some basic details like your phone number and name of the bank where you have your savings account or have a credit card from. Next they make calls and try to gather information that is important to make online transfers or payments. “Some of the ways financial fraud can be perpetrated is through phishing or spoofing attacks, malware or spyware, SIM swap (original SIM gets cloned and becomes invalid, and the duplicate can be misused to access the user’s online bank account to transfer funds), credential stuffing (compromising devices and stealing data), man-in-the-middle attacks during online payments or transactions, identity theft, card cloners or readers at ATM machines and as simple as imposters calling up unsuspecting individuals and asking for their personal banking details,” said Arpinder Singh, partner and head, India and emerging markets, forensic and integrity services, Ernst & Young LLP.
We tell you how to avoid falling prey to such frauds and what’s in store if you do get cheated even after your best efforts.
How to avoid it?
To start with, heed the emails and SMSes banks, financial institutions and regulators send regularly, warning you to not share financial and banking details, especially OTP (one-time password) and PIN (personal identification number), with anyone.
Be cautious when making online transactions, or using your card at retail outlets or petrol pumps. Also, use shopping or banking websites or apps only on a device that belongs to you. Avoid using a friend’s phone, a public computer, cyber cafe or free WiFi for sensitive browsing as data can be stolen or copied. Remember that even if you delete data from the device, it can still be recovered. You should also be careful when giving your mobile or laptop for servicing or repairing or at the time of selling—it’s best to delete all the data and restore the device to its factory settings or re-format it.
“Consumers can insulate themselves against financial fraud risks by ensuring passwords are changed regularly, are complex and unique, enable a two-step authentication process and real-time alerts (SMS or email) to keep track of their spends. They should avoid using public or unsecured WiFi and have the latest anti-virus software on their devices. Switch to EMV chip cards (debit and credit) immediately if you haven’t done that already,” said Singh. Chip card security is the latest standard in debit card security. This standard (called EMV for EuroPay, MasterCard and Visa) includes a small microchip in the debit card that protects buyers against fraudulent transactions.
Who is held responsible?
The safety of bank accounts, and debit and credit cards lies both with the customer as well as the concerned bank. But taking cognizance of the complaints related to unauthorized transactions, in July 2017, the apex bank reviewed the criteria for determining customer liability in these circumstances and issued some guidelines.
When the bank is held responsible: According to RBI’s guidelines, a customer has zero liability if unauthorized transaction occurs because of two reasons.
First, contributory fraud, negligence, deficiency on the part of the bank (irrespective of whether or not the transaction is reported by the customer). For instance, if there was some technical error or glitch at the bank’s end and customer details were compromised.
Second, third-party breach where the deficiency lies neither with the bank nor the customer, but lies elsewhere in the system, and the customer notifies the bank within three working days of receiving the bank’s communication regarding the unauthorized transaction. For instance, if a third-party like a wallet, website or app deducts the amount twice but does not refund, and the customer receives a notification from the bank about the deduction and then informs the bank within three days that the second deduction was unauthorized.
When the customer is held responsible: If the loss is due to customer negligence because she shared her payment credentials, the customer will bear all the losses till the unauthorized transaction is reported to the bank. This is why it’s important for customers to not share any account-related information with anyone and also to inform the banks at the earliest, if any kind of breach or fraud in the bank account is noticed. After you report the fraud, the bank will have to bear all the losses.
Also, where the responsibility for unauthorized electronic transaction lies neither with the bank nor with the customer but elsewhere in the system, and when there is a delay (of four to seven working days after receiving communication from bank) on the part of the customer in notifying the bank, the per transaction liability of the customer shall be limited to the transaction value or up to ₹5,000 for basic savings bank deposit (BSBD) account; ₹10,000 for other savings bank accounts, prepaid payment instruments and gift cards, current accounts and credit cards with a limit of ₹5 lakh; and ₹25,000 for credit cards with a limit of more than ₹5 lakh. If the customer fails to report or reports after seven working days, the customer liability shall be determined as per the bank’s board-approved policy.
What should you do?
Remember that the onus to prove that the customer is liable for allowing unauthorized electronic banking transactions lies with the bank. If the customer care fails to help you, approach the bank’s grievance redressal forum. Next, you can approach the bank’s internal ombudsman.
RBI has also introduced an Ombudsman Scheme for Digital Transactions, 2019, which is especially meant for resolution of complaints regarding digital transactions undertaken by customers through system participants. As defined in the scheme, system participants are entities or platforms, other than banks, which help enable credit card and debit card transaction, money transfer operations or similar operations. The scheme was introduced under Section 18 of Payment and Settlement Systems Act, 2007, with effect from 31 January 2019.
Though a number of things may work in your favour, remember that recovering an amount that is lost to fraud may take time. So it’s best to be vigilant about your financial transactions.