Customer Liability in The Age of Digital Banking

Who is liable for money lost when fraud occurs in a customer’s bank account or card through illegal access/use of ATM or any of the Digital Channels (Internet Banking, Mobile Banking, Payments, E-wallets, etc.)?

The answer depends on the country where the account is being operated.

While the customer is responsible for the safe keeping of his/her ATM Card, Pin, Internet Banking and Mobile Banking credentials, different countries have different regulations on ‘limited liability’ of the customer.

When a customer discovers and reports fraud in her account through the use of ATM, Internet Banking or Mobile Banking, she is not liable for the full funds lost.

In the US, the Federal “Regulation E” Consumer Protection Act ensures that customer’s liability is capped at $50 if she contacts the financial institution within 2 days of discovering loss, theft or theft of the access device. The bank is liable for the rest of the money lost.

Many banks take account protection a step further with their banking guarantee and even waive the $50 liability given the fiercely competitive market.

As a result, banks take the entire responsibility for the loss. The UK too has similar consumer protection clauses for electronic banking transactions.

India’s central banking institution, the Reserve Bank of India (RBI) has been working on beefing up customer protection aspects of banking supervision for the past few years.

RBI’s recent communication to Indian banks on limited customer liability is laudable for its bold steps towards better customer service and protection in the Indian banking ecosystem.

It mandates banks to adopt better systems and processes to ensure safety and security of electronic transactions including the robust fraud detection and prevention mechanisms.

Some of the highlights in the communication:

Mandatory By Banks For All Digital Transactions

  • Registration of customers for text alerts and email wherever available, for electronic transactions.
  • Text alerts to customers for all electronic transactions and email alerts to customer registered email.
  • Ability for customer to report unauthorised transactions 24X7 through multiple channels (including website, phone banking, SMS, email, IVR, toll-free helpline, home branch).
  • Enable customers to instantly respond by Reply to text alert for unauthorised transactions.

Zero Liability of Customer

The customer has zero liability for the loss where unauthorised transaction occurs in case of:

  • Contributory fraud/negligence/deficiency on part of bank irrespective of whether the transaction is reported by the customer.
  • Third party breach, where the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system and the customer notifies the bank within 3 working days of receiving the communication from the bank regarding the transaction.

Limited Liability of Customer

The customer has limited liability for the lost funds due to unauthorised transactions in the following cases:

  • Where loss is due to negligence of the customer, such as sharing payment credentials, the customer will bear the entire loss until customer reports the unauthroised transaction to the bank. Any loss occuring after customer reports unauthorised transaction should be borne by the bank.
  • Where the responsibility for the unauthorised electronic banking transaction lies neither with the bank nor with the customer, but lies elsewhere in the system and when there is a delay (of 4 to 7 working days after receiving the communication from the bank) on the part of the customer in notifying the bank of such a transaction, the per transaction liability of the customer shall be limited to the range of INR 5000 to INR 25,000 based on the type of the accounts and the average balance/credit limit.
  • Where the delay in reporting is beyond 7 working days, the customer liability shall be determined as per the bank’s Board approved policy.

Customer Liability – Summary

Time Taken To Report Fraudulent Transaction From Date Of Receiving The Communication Customer’s Liability (in INR)

Within 3 working days

Zero liability

Within 4 to 7 working days

The transaction value or the amount mentioned in Table 1, whichever is lower

Beyond 7 working days

As per the bank’s Board approved policy

Moreover, the bank should credit the amount involved in unauthorised transactions to the customer’s account within 10 working days from the date of reporting by the customer.

These measures will certainly take digital adoption to the next level for the Indian banking sector and the overall economy.

While banks must invest in the enabling technology and processes, the benefits of increased customer confidence in digital adoption far outweigh the enablement costs.

Fraud Prevention systems: A Panacea for all Banking fraud

Minority Report might not be one of Steven Spielberg’s very famous movies, but it sure does throw some light on what crime prevention could do to our society.  For the uninitiated, it is about a movie in which how the crimes are being prevented by an organization which has access to the future through 3 people who can see the future in their dreams.  They call it pre-crime. A few hours to days before an actual incident / crime is supposed to happen one or more of the 3 people dreams about it which the Pre-crime team taps from their brains and watches it on a regular LCD screen. Well, that needs some technological breakthrough to achieve what Mr. Spielberg has envisioned – to see through the dreams of people and project it on screen.

But one of the good things that the movie was able to show was how the pre-crime team was able to bring down the crime rates because of being able to act before an event has occurred and also how in general the crimes decrease because of the fear of getting caught. Proof of the same has been seen worldwide with industries as diverse as insurance companies’ to pharmaceutical companies’ bottom lines being positively affected by the fear of getting caught.

In 1994, an American Company created a tracking system for cars which was remotely enabled by the owner of the car if and when the car was stolen. This system was initially adopted in Texas, US and was initially very successful in tracking cars and putting the culprits behind the bar. But slowly the total number of culprits that were caught drastically came down. This was not because the thieves could do something with the tracking system to prevent them from being caught, but it was generally because thieves, who were initially targeting cars to earn a quick buck, understood that it was not too smart to vanish with a car since the stakes were too high and hence they had to either migrate to other states or generally look at other opportunities.  This in effect created a very positive bottom line for insurance companies as they had to settle with very few stolen car cases in the state of Texas.

As per Forrester Feb 2013 report the conservatively estimated loss of banks, worldwide due to fraud is anywhere between USD 10 Billion to USD 12 Billion. It is also estimated that the total percentage of frauds from within the bank is anywhere between 15% & 35%.  One of the reasons the internal frauds are so high is because there are really no effective fraud prevention (pre-crime like) products in the market. Most of today’s so-called fraud prevention products are actually at best end-of-day reports / post-facto analysis algorithms. Also there are few products in today’s market which makes it difficult for a possible perpetrator to get through, but then again it cannot identify a possible crime from happening or probably predict a crime which could have happened.

This is where a pre-crime like product or algorithm can make the difference. Firstly, it will be able to catch possible frauds and fraudsters before the crime actually takes place. Secondly, it prevents any further frauds because the fraudsters would not dare to take a chance on a system which can predict their moves. For effective reduction of internal frauds we need pre-crime like products. A true to its word fraud prevention product and not a post-facto, end-of- day report on the what would have been stories.

But, one of the best things about the movie is to show how a person who has in-depth knowledge about the pre-crime system manipulates the system to work in his favor. More on this in my next post. Till then, do let me know your views on envisioning such banking systems that would sense and prevent fraud even before the fraud event occurs. Would love to hear from you.

– By Michael Lawrence









Michael Lawrence is Implementation Lead – BAS at CustomerXPs. He can be reached at

CustomerXPs offers real-time, intelligent products that empower banks with instant insights enabling influenced outcomes of deeper customer engagement and fraud-free transactions. Learn more about CustomerXPs Clari5

Customer taking control to combat potential fraud








                          Customer                                             Bank







By Manish Ranjan

Manish Ranjan is Software Engineer at CustomerXPs.

He can be reached at



CustomerXPs offers real-time, intelligent products that empower banks with instant insights enabling influenced outcomes of deeper customer engagement and fraud-free transactions.

Learn more about CustomerXPs Clari5