- Stealing of the original credit/debit cards and using the cards at shopping merchants (POS purchases)
- Cloning/duplication of credit/debit card
- Phishing scams where the information has been revealed by the customer himself
- Leakage of PIN/credit card/debit card numbers by the handlers of such information/payment gateways/banks (voluntary or involuntary like hacking, physical intrusion, data breach)
- Usage of stolen/duplicate/cloned mobile SIM card to receive a one-time password (OTP) of mobile/net banking and transaction made using such information
To address the above mentioned and more legal issues and problems that might be faced due to internet banking, RBI had issued a set of Guidelines in June 2001 . This advised banks to seek prior approval from RBI before offering transactional services on the internet. In another notification that was issued in July 2005, the position was review and RBI advised that while offering of internet banking services would be governed by the above-mentioned guidelines, no prior approval of RBI would be required to offer internet banking services. A good cyber crime advocate can help you in dealing with an online banking fraud.
The RBI guidelines, primarily focus on three identified areas, which are:
- Technology and securities issue
- Legal issues
- Regulatory and supervisory issues.
This article focuses on the legal issues involved as highlighted by the RBI
- From a legal perspective, security procedure adopted by banks for authenticating users needs to be recognized by law as a substitute for signature. In India, the Information Technology Act, 2000, in Section 3(2) provides for a particular technology (viz., the asymmetric crypto system and hash function) as a means of authenticating the electronic record. Any other method used by banks for authentication should be recognized as a source of legal risk.
- Under the present regime, there is an obligation on banks to maintain secrecy and confidentiality of customers' accounts. In the Internet banking scenario, the risk of banks not meeting the above compulsion is high on account of several factors. Despite all reasonable safety measures, banks may be exposed to an enhanced risk of liability to customers on account of breach of secrecy, denial of service etc., because of hacking/ other technological failures. The banks should, therefore, institute adequate risk control measures to manage such risks.
- Internet banking set-up there is very little scope for the banks to act on stop payment instructions from the customers. Hence, banks should clearly notify the customers the timeframe and the situation in which any stop-payment instructions might be accepted.
The Consumer Protection Act, 1986 defines the rights of consumers in India and is applicable to banking services as well. The rights and liabilities of customers availing of Internet banking services are being determined by bilateral agreements between the banks and customers. Considering the banking practice and rights enjoyed by customers in traditional banking, banks' liability to the customers on account of unauthorized transfer through hacking, denial of service on account of technological failure etc. requires to be assessed and banks providing Internet banking ought to insure themselves against such risks.
Anyone's first action should be to reach out the bank to inform them of the fraud. One can claim to get compensated if there is a precedent like your case available already. After that one can file a complaint with the IT Adjudicator of their state or the State Consumer Forum. According to the Code of Bank’s Commitment to Customers, the extent of liability of a customer in case of a fraud on internet banking is set at Rs. 10,000 which means that in any case of fraud over internet banking or plastic money being used online, the liability of the customer is only up to Rs. 10,000 and the rest are to be by the bank.
The maximum liability in other transactions also the customer is only liable up to Rs. 10,000 with the exception that he is not committing fraud himself.
- Criminal Action : Using Sections 66C, 66D of the IT Act, 2000 and Section 420 of the Indian Penal Code, you can pursue a criminal action in order to get the law enforcement to find out the criminal.
- Civil Action : This type of action can be pursued against your bank, the bank whose ATM money was withdrawn at or payment gateways, depending on different situations.
Legistify connects you with the best lawyers in India and top Chartered Accountants in India with simple telephonic conversation or email. Call us at 011-33138123 or send us an email at firstname.lastname@example.org to get started.