Everyday hundreds of digital frauds are reported in the banks Internet Banking, ATMs, mobile banking etc. This is going on for years and seldom anybody is caught. Even well-educated are cheated.
The cyber frauds have increased after linking Aadhar number and PAN number to the accounts. The Unified Payment Infrastructure (UPI) has made it worse. Now it is possible to trace your account using Aadhar number, PAN number and phone number. Any bank can access other bank customer’s accounts also with biometric authentication. UPI platform has very weak security features.
The increasing digital frauds and customer complaints lead to RBI Circular No. RBI/2017-18/15 DBR No. Leg. BC/78/09.07.005 / 2017-18 dated July 6, 2017 to help customers.
The Circular says, “A customers ‘entitlement to zero liability shall arise where the unauthorized transaction occurs in the following events.
(i) Contributory fraud / negligence/ deficiency on the part of the bank (irrespective of whether or not the transaction is reported by the customer)
(ii) Third party breach where the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system, and the customer notifies the bank within three working days of receiving the communication from the bank regarding the unauthorized transaction.
The circular also clarifies the time frame for settling the customers loss.
Reversal of Timeline for Zero liability / Limited liability of customer
On being notified by the customer, the bank shall credit the amount involved in the unauthorized electronic transaction to the customer’s account within 10 working days from the date of such notification by the customer (without waiting for settlement of insurance claim, if any). Banks may also at their discretion decide to waive off any customer liability in case of authorized electronic banking transaction even in case of customer negligence. The credit shall be value dated to be as on the date of unauthorized transactions.
But in almost 99% of cases the banks put the blame on the customer for sharing the One Time Password (OTP) without taking into account the insider involvement, poor security system, and their own inability to trace the fraudsters through cyber-crimes happening for many years using the same or similar modus operandi.
I am not talking about all frauds in the banks which is also increasing abnormally as per the Financial Stability Report of RBI.
The frequent cyber or digital frauds taking place are outlined below.
- ATM/Credit Card frauds- Where the customer receives a phone call saying it’s a call from his bank and the fraudster already knows some of the account information and sends a OTP which is shared with him on good faith and the same is used for withdrawing money. Similar frauds are done through E-commerce gateways, internet banking etc..
- Now a new type of fraud has come to light where without any OTP customers’ accounts are debited repeatedly during midnight. Cybercrime bureau experts say that this is mainly due to outsourcing of vital activities of the bank, where the data is stolen for a bribe and misused by the fraudsters within the country and abroad.
- In the name of KYC norms verification, phone calls are received and they know some details which makes the customer to believe and share other information leading to frauds.
- QR codes for purchase through E-commerce gateways is often used to defraud the customers.
- Children who play reality games are approached with upgrades or gifts and made to share the account details and PIN of their parents which is misused.
- Messages are received as if they are original messages from IT department and queries are raised and details are collected to defraud the customers.
What is Needed.?
- Immediate ban of Aadhar linked UPI transactions for some time and strengthen the security system and make it impenetrable and the transaction are traceable to the end.
- Banks have cyber security insurance and they must follow the RBI instructions and refund money to the customers before the trust is lost.
- Our country’s cyber crime system should improve with updated technologies, trainings, international co-operations.
- Complete details on these frauds should be circulated widely so that people are aware.
- Civil society should take the issues of customers and pursue the cases to logical conclusion.
We have placed the cart before the horses. Now we have to train them. Earlier the better. The faith in digital technology and banking are going down quickly. If trust is lost the banking system will collapse.
Thomas Franco is former General Secretary of All India Bank Officers’ Confederation.