Customer Liability In Case Of Unauthorised Electronic Payment Transactions
1. BACKGROUND:
Transaction Analysts India Private Limited (TA) is committed to provide superior and safe customer service experience to all its customers. In order to enable the above, the TA has invested in technology and has robust security systems and fraud detection and prevention mechanisms in place to ensure safe and secure payment experience to its customers. Keeping in mind the increasing thrust on financial inclusion & customer protection, the Reserve Bank of India had issued a circular on Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Payment Transactions in Prepaid Instruments (PPIs) issued by Authorised Non-banks (RBI/2018-19/101 DPSS.CO.PD.No. 1417/02.14.006/2018-19 dated January 4, 2019) which inter-alia requires PPI to formulate a Board approved policy with regard to customer protection and compensation in case of unauthorized electronic payment transactions.
2.OBJECTIVE :
This policy seeks to communicate in a fair and transparent manner the TA’s policy on:
- Customer protection (including mechanism of creating customer awareness on the risks and responsibilities involved in electronic payment transactions)
- Customer liability in cases of unauthorized electronic payment transactions
- Customer compensation due to unauthorized electronic payment transactions (reported by customer within defined timelines)
3.SCOPE:
For the purpose of this Policy, electronic payment transactions have been divided into two categories:
- Remote / Online payment transactions (transactions that do not require physical PPIs to be presented at the point of transactions e.g. wallets, card not present (CNP) transactions, etc.).
- Face-to-face / Proximity payment transactions (transactions which require the physical PPIs such as cards or mobile phones to be present at the point of transactions e.g. transactions at Point of Sale, etc.)
4. Reporting of unauthorised payment transactions by customers to PPI issuer
- TA shall ensure that its customers mandatorily register for SMS alerts and wherever available also register for e-mail alerts, for electronic payment transactions.
- The SMS alert for any payment transaction in the account shall mandatorily be sent to the customers and e-mail alert may additionally be sent, wherever registered. The transaction alert should have a contact number and / or e-mail id on which a customer can report unauthorised transactions or notify the objection.
- Customers shall be advised to notify TA of any unauthorised electronic payment transaction at the earliest and, shall also be informed that longer the time taken to notify TA, higher will be the risk of loss to the TA / customer.
- To facilitate this, TA shall provide customers with 24×7 access via website / SMS / e-mail / a dedicated toll-free helpline for reporting unauthorised transactions that have taken place and / or loss or theft of PPI.
- Further, a direct link for lodging of complaints, with specific option to report unauthorised electronic payment transactions shall be provided by TA on mobile app / home page of its website / any other evolving acceptance mode.
- The loss / fraud reporting system so established shall also ensure that immediate response (including auto response) is sent to the customers acknowledging the complaint along with the registered complaint number. The communication systems used by TA to send alerts and receive their responses thereto shall record time and date of delivery of the message and receipt of customer’s response, if any. This shall be important in determining the extent of a customer’s liability. On receipt of report of an unauthorised payment transaction from the customer, TA shall take immediate action to prevent further unauthorised payment transactions in the PPI.
5. Limited liability of a customer
A customer’s liability arising out of an unauthorised payment transaction will be limited to:
| Customer Liability In Case Of Unauthorised Electronic Payment Transactions through a PPI | ||
| Sr No | Particulars | Maximum Liability of the Customers |
| (a) | Contributory fraud / negligence / deficiency on the part of the PPI issuer, including PPI-MTS issuer (irrespective of whether or not the transaction is reported by the customer) | Zero |
| (b) | Third party breach ** where the deficiency lies neither with the PPI issuer nor with the customer but lies elsewhere in the system, and the customer notifies the PPI issuer regarding the unauthorized payment transaction. The per transaction customer liability in such cases will depend on the number of days lapsed between the receipt of transaction communication by the customer from the PPI issuer and the reporting of unauthorized transaction by the customer to the PPI issuer – | |
| i. Within 3 days# | Zero | |
| ii. Within 4 to 7 days# | Transaction value or ₹10,000/- per transaction, whichever is lower | |
| iii. Beyond 7 days | Full Liability | |
| (c) | In cases where the loss is due to negligence by a customer, such as where he / she has shared the payment credentials, the customer will bear the entire loss until he / she reports the unauthorized transaction to TA. Any loss occurring after the reporting of the unauthorized transaction shall be borne by TA.
|
|
# The number of days mentioned above shall be counted excluding the date of receiving the communication from the PPI issuer.
**Third Party Breach :
The following would be considered as Third party breach where deficiency lies neither with TA nor customer but elsewhere in the system:
- SIM duplication – Cloning of original SIM to create duplicate SIM
- Application frauds
- Skimming / cloning
- External frauds / compromise of other systems, for e.g. mail servers etc. being compromised
6. Reversal timeline for zero liability / limited liability of a customer :
On being notified by the customer, the TA shall credit (notional reversal) the amount involved in the unauthorised electronic payment transaction to the customer’s PPI within 10 days from the date of such notification by the customer (without waiting for settlement of insurance claim, if any), even if such reversal breaches the maximum permissible limit applicable to that type / category of PPI. The credit shall be value-dated to be as of the date of the unauthorised transaction.
Further, TA shall ensure that a complaint is resolved and liability of the customer, if any, established within 90 days from the date of receipt of the complaint, and the customer is compensated as per provisions of paragraph 5 above. In case TA is unable to resolve the complaint or determine the customer liability, if any, within 90 days, the amount as prescribed in paragraph 5 shall be paid to the customer, irrespective of whether the negligence is on the part of customer or otherwise.
- Burden of proof :
The burden of proving customer liability in case of unauthorised electronic payment transactions shall lie on the PPI issuer.
- Reporting and monitoring requirements
The concerned HODs shall ensure that a Report of the customer liability cases to the Board. The reporting shall, inter-alia, include volume / number of cases and the aggregate value involved and distribution across various categories of cases. The Board or one of its Committees shall periodically review the unauthorised electronic payment transactions reported by customers or otherwise, as also the action taken thereon, the functioning of the grievance redressal mechanism and take appropriate measures to improve the systems and procedures.
- Other Points :
This policy should be read in conjunction with Customer Grievance Policy of TA. Clauses from the TA’s Customer Grievance Policy shall form a part of this policy where not specifically addressed in this policy.