Who is liable for the lost funds when fraud happens in a customer’s bank account through the illegitimate access/use of ATM or internet banking or mobile banking? Answer to the question depends on the country in which the account is being operated. Currently, in India, the liability equation is completely skewed in favor of the bank. Customer is responsible for the safe keeping of his/her ATM card, pin, internet banking and mobile banking credentials. When a customer discovers and reports fraud in his account through the use of ATM, Internet Banking or Mobile Banking, customer is liable for the full funds lost. Not to forget, the bank has to face the consequence of reputation loss in the market.

In the US, Federal “Regulation E” consumer protection act ensures that customer’s liability is capped up to $50 in case the customer contacts the financial institution within two days of discovering loss, theft or theft of the access device.  The bank is liable for the rest of the money lost. Many banks take account protection a step further through their banking guarantee and waive even this $50 liability because of the huge competition in the US.As a result, Banks take the entire responsibility for the loss. UK has similar consumer protection clauses for electronic transactions in banking.

India does not yet have any such consumer protection laws for banking customers using ATM, internet banking and mobile banking services. That probably explains the reason for higher rate of adoption of internet and mobile banking and consequently adoption of advanced fraud detection technology in the US banking industry when compared to Indian banking. Forrester forecasts 61 million United States consumers will use mobile banking next year, up from 47 million in 2012. In the report, “The State of Mobile Banking 2012,” Forrester also predicts that the number of U.S. mobile banking users will double in the next five years and reach 108 million by 2017, accounting for 46 percent of U.S. bank account holders. North America leads in mobile banking with 13 percent of North American and 9 percent of European mobile phone owners using these services regularly.

What about banking customer protection in India?

Reserve Bank of India, the Indian central bank, in its recent draft payment vision document (2012-2015) (http://rbi.org.in/scripts/PublicationVisionDocuments.aspx?ID=664 ) has indicated that it is going to examine introduction of customer protection measures such as zero liability clauses for payment systems transaction in India. The level of customer protection available in paper transactions and electronic transactions in India varies. In paper transactions in case of fraudulent/unauthorized transactions, the responsibility to prove 'good-faith' lies with the banks, whereas in electronic transactions, the onus mostly lies with the customers. In order to encourage electronic modes of payment, it is necessary that customers should enjoy the same level of protection as is available for paper-based transactions if not more.  

RBI has set a short term (0-18 months) milestone target for drawing up a policy framework  establishing roles and responsibilities of banks and customers in electronic transactions to minimize fraud, fix responsibilities and “zero liability” protection to  increase customer confidence in all electronic transactions.

RBI has given recommendations in 2011 to implement transaction monitoring systems for fraud detection for electronic banking channels and some banks have kick started on this journey.  Here are two such RBI working group recommendations

1. RBI working group report of recommendations on information security, electronic banking, technology risk management and cyber frauds (http://rbidocs.rbi.org.in/rdocs/PublicationReport/Pdfs/WREB210111.pdf)

2. RBI working group report of recommendations on securing card present transactions (http://www.rbi.org.in/scripts/PublicationReportDetails.aspx?UrlPage=&ID=634 )

Some of the financial institutions like SBI, Canara Bank, J&K Bank, NPCI, Axis Bank have issued RFPs for such implementations in recent times and few have already implemented. However, introduction of customer zero liability protection for electronic banking transactions could be a major trigger for adoption of enterprise fraud management systems in Indian banking industry.

Here is some data to give you some perspective of the size of the digital banking channels in Indian industry. As of June, 2012, 50 Indian banks were providing mobile banking services with an aggregate customer base of 14.75 million. Both the volume and value of mobile banking transactions are witnessing a remarkable growth. As of June 2012, a year-on-year growth in terms of volume was 143 percent while that in terms of value was 213 percent (Source: RBI).

As of Feb 2011, Indian Banking industry has 70,462 ATMs and 5,65,542 POS terminals. The value of debit card POS transaction from Mar 2010-Feb 2011 was 75,326 crores and the value of debit card ATM transaction during the same period was 10,90,053 crores. The size of credit card POS transaction was 75,328 crores. (Source: RBI)

Given this huge volumes of electronic transactions in India banking, the value at risk for banks would be humungous when the customer zero liability protection policy gets introduced. It’s high time the banks secure their electronic channels with adequate measures to monitor, detect and prevent fraud real-time.