What you should do when you notice unauthorised transactions from your account.

What you should do when you notice unauthorised transactions from your account.

RBI’s bid to protect consumers: here’s your way to safe e-banking

How many times have we wondered what to do when we notice suspicious transactions from our accounts?

In response to consumer concerns regarding unrecognised transactions, the Reserve Bank of India (RBI) introduced the concept of `zero liability’ and `limited liability’ for bank customers for any card or online fraud. This was seen as a move to make Electronic payments safer for consumers. It has been made mandatory for banks to register all customers for text message alerts and permit reporting of unauthorized transactions through a reply to the alert message as per the latest directive by the RBI.

After proposing a draft circular for limiting customer liability in August 2016, RBI has now come out with final guidelines and sought to make rules stricter for banks than originally envisaged.

Banks have been rendered the duty to link numbers with bank accounts. “With the increased thrust of financial inclusion and customer protection and considering the recent surge in customer grievances relating to unauthorized transactions, the customer liability in these circumstances has been reviewed,“ said the RBI.

The circular deals with online transactions and transactions in brick and motar stores using electronic payments.

The directive also gives authority to Banks to disallow electronic transactions (other than ATM withdrawals) to customers not sharing their mobile number.

Banks have to enable replies to text messages containing transaction alerts, along with framing a procedure to allow reporting of unauthorized transactions on their home page. Other channels including phone banking, sms, email, call Centre and interactive voice response shall be used for fraud reporting.

Customers will have zero liability in case of a fraudulent transaction if there happens to be contributory fraud or negligence on the part of the bank. The customer will also not be liable if there is a third-party breach, without bank involvement, which is reported to the bank within three working days of receiving communication regarding the unauthorised transaction.

Officials though have reportedly stated that in a scenario where a customer shares his password, there is very little clarity.

Losses due to negligence of the customer shall be borne by the customer unless he reports such incident. His liability shall cease not before he has reported the unauthorized transaction. Similarly , where the loss is caused by a third party , the customer will be liable for the transaction value if he fails to report the fraudulent transaction within four to seven days of receiving the alert from the bank.

However, the maximum liability of the customer in the case of the above two transactions will be Rs 5,000 for basic savings bank account. For most other accounts, it will be Rs 10,000.


  • Mandatorily for banks to register all customers for SMS and email alerts
  • Such alerts must have a ‘reply to’ option for customer response
  • Bank must have an option to report unauthorised transaction on the home page of their official website
  • The Customers will have zero liability for frauds where banks or their staff are responsible
  • Customer to have no liability for third party breaches reported within 3 working days
  • Customer will have limited liability even if they have shared their password or they have delayed in reporting fraud.

Leave a Reply