In this article, Jagriti Bharti of Amity Law School, Lucknow discusses How can I recover my money back if someone else misused my Debit Card details.
Introduction
To make life easier technology was developed and it indeed fulfilled the purpose. It covers different aspects of our day to day life without which it would have been nearly impossible to survive. Nowadays, part and parcel of our life is dependant on technology and banking system has not remained untouched from this.
Earlier, banking transactions was only limited to transactions which were physical in nature i.e. through card, ATM, POS, direct withdrawal of cash from bank etc. But gradual development in technology of banking system made it more electronic in nature; resulting in transaction not only limited to face to face transactions but also online transactions i.e. transactions occurring over internet.
Kinds of Electronic Banking Transaction
Broadly, the electronic banking transactions can be divided into two categories:
- Remote/online payment transactions (payments that do not require physical payment instruments to be presented at the time of the transactions). E.g. internet banking, mobile banking, Prepaid Payment Instrument (PPI), Card Not Present (CNP) transactions.
- Face to Face/Payment Proximity Transaction (payments that require physical payment instruments to be presented at the time of the transactions). E.g. card or mobile phone to be presented at the time of the transactions, ATM, POS etc.
Debit Card Frauds
Regardless of the facilities provided for safe banking transactions, frauds do occur while using electronic banking system. One of them is transaction through Debit Cards. It is a payment card that deducts money directly from the consumer’s bank account on the account of purchase made by the consumer. It has dual function:
- Withdrawing money from the bank account.
- Paying for the purchases made by the consumer.
Debit card works using details provided on the card (which is directly linked to consumer’s bank account details) and PIN. Misusing debit card details leads to frauds. Debit card frauds occurs when a fraudster get access to any person’s card details as well as PIN and make unauthorised transactions from that person’s account leading to loss of his hard earned money. A debit card can be misused in three ways namely:
- By making unauthorised cash withdrawal from a consumer’s bank account.
- By online transfer of cash from consumer’s bank account to fraudster’s bank account.
- By making online purchases through consumer’s debit card.
Now the question arises, how can a person who has become victim of debit card frauds get back his money ? What are those legal procedures which needs to be followed by the victim in order to get back his money?
Before proceeding to the legal procedures, let’s focus on some points which should be taken immediate care of when someone misuses a person’s debit card details:
- First of all contact your bank and get your debit card blocked.
- If the card has been misused for online transactions just after you made some online transactions through your device then run a good anti virus scanner through your device in order to eradicate any further chances of your card details getting accessed by the fraudsters.
- Change the PIN and other security details of your card.
RBI guidelines on Unauthorised Electronic Banking Transactions
Now, moving further to the legal procedures which needs to be adopted by the victim in case of Debit Card frauds in order to get his money back, RBI has prescribed certain guidelines via its Circular DBR.No.Leg.BC.78/09.07.005/2017-18 dated July 6, 2017 titled “Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions.” The Circular suggests the extent to which the customer has chances to get his money back from the bank which he has lost due to unauthorised transaction. The sooner a customer report about unauthorised transaction to the bank the more chances he has to get his money back.
Liability of a customer in case of an unauthorised transaction
As per the circular, there can be two kinds of liabilities of a customer:
-
Zero Liability of a Customer
A customer’s entitlement to zero liability shall arise where the unauthorised transaction occurs in the following events:
- Contributory fraud/ negligence/ deficiency on the part of the bank (irrespective of whether or not the transaction is reported by the customer).
- Third party breach where the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system, and the customer notifies the bank within three working days of receiving the communication from the bank regarding the unauthorised transaction.
-
Limited Liability of a Customer
A customer shall be liable for the loss occurring due to unauthorised transactions in the following cases:
- In cases where the loss is due to negligence by a customer, such as where he has shared the payment credentials, the customer will bear the entire loss until he reports the unauthorised transaction to the bank. Any loss occurring after the reporting of the unauthorised transaction shall be borne by the bank.
- In cases where the responsibility for the unauthorised electronic banking transaction lies neither with the bank nor with the customer, but lies elsewhere in the system and when there is a delay (of four to seven working days after receiving the communication from the bank) on the part of the customer in notifying the bank of such a transaction, the per transaction liability of the customer shall be limited to the transaction value or the amount mentioned in Table 1, whichever is lower.
TABLE 1: MAXIMUM LIABILITY OF A CUSTOMER
Sr.no. |
Type of account |
Maximum liability (in Rs.) |
1. | BSBD accounts | 5,000 |
2. | ● All other SB accounts
● Prepaid Payment instruments and gift cards ● Current/cash credit/overdraft accounts of MSMEs ● Current/cash credit/overdraft account of individuals with average balance (during 365 days preceding the incidence of fraud) limit up to Rs.25 lakhs ● Credit card with limit up to Rs.5 lakhs |
10,000 |
3. | ● All other current/cash credit/overdrafts account
● Credit card with limit above Rs.5 lakh |
25,000 |
If the delay is beyond 7 working days, the customer’s liability shall be determined as per Bank’s Board approved policy. Overall liability of a customer in third party breaches, where deficiency lies neither with the bank nor with the customer but lies elsewhere in the system is summarized in the Table 2.
TABLE 2: SUMMARY OF CUSTOMER’S LIABILITY
Time taken to report the fraudulent transaction from the date of receiving the communication from the bank |
Customer’s liability (in Rs.) |
Within 3 working days | Zero liability |
Within 4 to 7 working days | The transaction value or the amount mentioned in Table 1 whichever is lower |
Beyond 7 working days | As per Bank’s Board approved policy |
Duties of Bank in case of reporting of unauthorised transactions by customers
The Circular further states the duties of the bank towards its customers on reporting of unauthorised transactions by customers to the banks:
- It is the duty of the bank to ask their customers to register themselves mandatorily for SMS alerts and email alerts for electronic banking transactions and it should enable the customers to instantly respond by “Reply” to the SMS or email alerts.
- The customer must be advised to notify the bank about any unauthorised transactions from their bank account at the earliest to reduce the risk of loss occurring through the transaction.
- For reporting unauthorised transactions or loss of cards, banks should provide their customers with 24*7 access through multiple channels (like via website, email, SMS, phone banking, toll free helpline etc).
- The fraud reporting system should ensure that immediate reply should be sent to the customer acknowledging their complaint alongwith registered complaint number.
- Banks must record the time and date of customer’s message in order to determine the extent of customer’s liability.
- Banks should take immediate actions on the receipt of report of unauthorized transaction by the customer to prevent further unauthorised transactions in the account.
How to get money back if the account has been hacked and debit card details have been misused?
If your money has been lost due to online purchase of any goods from your debit card which is not done by you but someone else, you will definitely want your money back. This situation can arise when your system gets hacked and fraudsters get access to your card details and PIN.
Whenever a transaction is made from a customer’s account, it is the the duty of the bank to provide the details of the transaction to the customer through SMS or email alerts. So, when the fraudster will make transaction from your account then also you will get alert. This SMS or email provides you the basic transaction details which is done from your account. Watch out the name of the gateway which is used in the transaction while purchasing the goods by fraudster. Suppose it is eBay then contact to eBay customer care and alert them that the transaction has not been done by you. They may ask you to prove your identity.
Once they get convinced that the transaction was fraudulent, the will block the transaction and you will get your money back. But this needs to be done as soon as possible because once the goods get delivered nothing can be done by the company to refund your amount. Normally it takes 24 hours to deliver the goods to the prescribed address.
Conclusion
Whether you have lost your money due to fraudulent:
- Cash withdrawal
- Online transfer of cash
- Online transaction to purchase goods
- Hacking of card details
Only your promptness in registering complain can give you your money back.
References
- http://blogs.quickheal.com/how-to-recover-your-money-if-your-bank-account-is-hacked-or-your-card-details-are-stolen/
- http://www.investopedia.com/articles/pf/09/debit-card-fraud-at-risk.asp
- investopedia.com/terms/d/debitcard.asp
- https://rbidocs.rbi.org.in/rdocs/notification/PDFs/NOTI15D620D2C4D2CA4A33AABC928CA6204B19.PDF
If my email id is hacked and my OTP is compromised which leads to fraudulent trxs, what is my liability? Bank claims that it is full customer liability since they have sent OTP only in registered mobile & email id