Will you get back your money lost in mobile payment frauds?

Avoid sharing personal/banking data with anyone. The moment you realise that you have fallen prey to a fraud, approach the bank and service provider immediately

You have to follow some easy steps to register for SBI Cards WhatsApp Service. Firstly, save the number 9004022022 and type 'OPTIN' in the chat box.

At a time when banks and financial institutions continue to report a surge in payment frauds, customers are indeed worried about virtual transactions. The latest is a scam involving swapping your SIM cards. Banks have now warned customers not to share their personal details on social media to avoid the scam.

But what happens to the money lost in payment frauds? Will it return to the customer? Does the existing system offer any customer protection from such frauds?

According to the Reserve Bank of India (RBI), there are two types of electronic banking. One is the remote/online payment transactions which do not require physical payment instruments to be presented at the point of transactions. Examples are internet banking, mobile banking, card not present (CNP) transactions, pre-paid payment instruments (PPI). The second one is the face-to-face / proximity payment transactions which require the physical payment instrument such as a card or mobile phone to be present at the point of transaction. Examples are Point of Sale (POS) terminals and ATM withdrawals.

Greater adoption of digital modes

During the last one year when the Covid-19 pandemic insisted social distancing, the remote / online payment transactions had shown a substantial increase while PoS transactions and ATM withdrawals reported a slower growth. Among online payments, mobile-based transactions, primarily Unified Payments Interface (UPI) and online, reported a giant leap as India’s payment ecosystem reported a massive build-up. The UPI, a digital payment platform that facilitates cashless, real-time transactions via mobile phones, developed by National Payment Corporation of India (NPCI), has made it easy for customers to undertake inter-bank transactions through the mobile phone. You have several service providers starting with mobile phone-based payment services such as Google Pay and PhonePe; e-wallets such as Paytm and Amazon Pay; and a raft of banking apps such as SBI Yono, HDFC Payzapp and ICICI iMobile, among others.

According to the RBI, mobile phones as a medium for extending banking services have off late been attaining greater significance. The rapid growth in users and wider coverage of mobile phone networks have made this medium an important platform for extending banking services to customers. With the rapid growth in the number of mobile phone subscribers in India (about 760 million in 2021), banks and other financial institutions have been exploring the feasibility of using mobile phones as an alternative channel of delivery of banking services.

Surge in transactions

Surge in mobile payment transactions is accompanied by a similar growth in frauds. Bankers said customers have lost huge amounts of money in online and mobile frauds during the last few months, mostly as a result of customers compromising on security. Most frauds, according to them can be clubbed into three types — sharing of CVV, expiry date, PIN/Password, etc, unauthorised screen-sharing assisted by the customer, and phishing and vishing scams. The primary reason is the negligence and lack of awareness among customers. However, phishing and vishing scams are something that the customer has got no role to play, especially when fraudsters continue to devise innovative ways to dupe customers.

The central bank differentiates transactions as `secured’ and `unsecured’ depending on the usage of second factor authentication which could be an e-secure code or one-time password or verified by Visa /Master Secure Code. Any transaction that is supported by a second factor authentication will be considered as ‘authorised’ while that does not carry the second factor authentication and also not initiated by the customer can be termed as ‘unauthorised transaction’.

Since fraud cases are on a steady rise, most banks ignore the cases involving smaller amounts and immediately pay up the customer with the help of insurance to avoid the hassle of going for a legal process. On being notified by the customer, the bank may credit (shadow reversal) the amount involved in the unauthorised transaction to the customer’s account within 10 working days (without waiting for settlement of insurance claim, if any). Banks may also at their discretion decide to waive off any customer liability in case of unauthorised electronic banking transactions even in cases of customer negligence.

What should harried customers do?

What is important is to approach your bank immediately. If your bank is having a holiday, then you should approach the call centre or lodge a complaint through the website or email. You may need to file an FIR at the local police station because the bank may later ask you for an FIR copy. If there is a delay of more than seven days in reporting the fraud, the compensation will be decided as per the policy approved by the board of individual banks.

If the loss is due to negligence of the customer — such as sharing the payment credentials like card no, CVV, expiry date, PIN/Password, etc – the customer will have to bear the entire loss until he/ she reports the unauthorised transaction to the bank.

The customer will have zero liability if an unauthorised transaction occurs because of negligence/deficiency by the bank. Even in cases of third-party breaches where the deficiency lies neither with the bank nor with the customer, there won’t be any liability on the customer.

In some cases, banks are not able to prove that the customer has compromised the security. In such cases, banks make a ‘shadow credit’ to the account during the investigation period, which can be availed once the probe is over. Just that you need to lodge your complaint within 7 days. Banks have insurance covers to take care of such claims. But if you have compromised the security, then banks are not liable to pay any compensation.

In cases where the responsibility for the unauthorised electronic banking transaction lies neither with the bank nor with the customer, but lies elsewhere in the system and when there is a delay (of 4-7 working days after receiving the communication from the bank) in notifying the bank of such a transaction, customer per transaction liability will be limited to the transaction value.

The burden of proving customer liability in case of unauthorised electronic banking transactions will always lie on the bank. But it may turn out to be a long-drawn legal process if the case involves a large sum.

Published: April 21, 2021, 17:14 IST
Exit mobile version