Banking industry of India is facing a variety of financial and banking frauds in India. For instance, Internet banking frauds, ATM frauds, RTGS frauds, etc are on rise in India. Even IT and cyber frauds in Indian companies are increasing. The cyber law and cyber security trends of 2013 provided by Perry4Law have also highlighted this fact.
The Reserve Bank of India (RBI) has also taken note of this situation. RBI Working Group on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds has been constituted and it submitted its report. Further, the Security and Risk Mitigation Measures for Card Present Transactions in India has also been brought into force by RBI.
However, Indian banks are not complying with directions of RBI in this regard especially the cyber law due diligence requirements. Even cyber security due diligence is not followed by Indian banks. Economic Times has reported that a Code Of Bank’s Commitment to Customers by Banking Codes and Standards Board of India (BCSBI) (PDF) has been issued by BCSBI.
Banks will be forced to make a drastic change in rules in the new year that will be much more supportive of customers who are victims of electronic fraud. Customers will have to be compensated for such theft unless the bank can prove the fraud occurred due to negligence on part of the client.
The code has also prescribed a simplified process for opening basic accounts and talks about offering doorstep service for disabled customers and senior citizens, while frowning upon the misselling of third-party products such as insurance. The BCSBI frames a code of commitment for banks aimed at protecting customers’ rights and entitlements. It also obliges every branch to display on notice boards the documents required for opening small accounts and pledge itself to opening more such accounts.
The revised code on electronic transactions puts the onus on the bank to prove the customer compromised the user ID and password, leading to the fraud. This seeks to overturn the current system that’s loaded in favour of the banks, with customers who have been defrauded getting scant comfort. Banks are known to resist attempts by aggrieved customers to get their money back, with some receiving justice years after the fraud has been perpetrated.
Customers have also been known to be falsely accused of orchestrating such frauds themselves. Banks have thus far been getting away with it because the agreement that governs such issues states that they are not responsible for any unauthorised transactions.
“The revised code has ensured that the customer’s interests are fully protected and he is not put to any harm or financial loss,” said AC Mahajan, chairman of BCSBI. “The revised code says that if the customer incurs any direct loss due to a security breach of the Internet banking system that is not contributed or caused by the customer, the bank will bear the loss, unless it is able to establish that the customer is guilty.” KC Chakrabarty, deputy governor of the RBI, had pointed out the one-sided nature of the agreement a few years ago. “The banking agreement is so worded as to afford no right to the customer and is extremely lopsided.
Banks are not responsible for any unauthorised transactions even if carried out by their employees. In fact, given an institution’s resources, the onus should be on banks to prove that the individual customer has compromised his user ID or password,” he said at an annual conference of principal code compliance officers. “Making networks safe and sound is the responsibility of banks. There must be in place a code of conduct for addressing issues in the non-face to-face transactions domain.”
The revised code, which is expected to come into force in January, assumes significance as electronic transactions and related frauds are likely to rise. The number of electronic transactions rose 11% to Rs 854 crore in 2012-13 over the previous year.