In this article, Saumya Sinha, a student of Rajiv Gandhi National University of Law discusses how to lodge a complaint on ATM Card Skimming.
The nature and types of crime never remain stagnant. With development, crime also evolves. The advancement in science and technology has proven to be of great benefit to society at large. However, each progress carries with itself potential for the birth of a new crime. Law works in the direction to change itself and combat these crimes. With the beginning of the era of internet and electronic devices, the need of cyber law emerged. Information Technology Act, 2000 was enacted with one of the objectives to attenuate cyber crimes. With the digitisation of transactions and growth in e-commerce, the rate of cyber crimes has also increased. Such crimes include credit card fraud, phishing, hacking, cyber stalking, ATM Card Skimming, etc.
ATM Card Skimming
The business dictionary has defined it as a type of fraud which occurs when an ATM is compromised by a skimming device. It can be understood as identity theft of debit cards where the information stored in the magnetic strip of the card is captured by a skimmer device. It is a small device and is designed to look like a part of the ATM machine. It is placed near the slot through which ATM is inserted. The information is then used to counterfeit the card. The skimmer device is accompanied by either PIN capturing device or skimming keypads. The former is basically a camera which is placed near the ATM machine to record the PIN code of the card. Sometimes, even the camera placed by the bank is hacked to do the same. Another way of stealing the PIN is placing a fake keypad over the keypad of the machine which captures the PIN.
Thus, what might be a legitimate transaction may lead to many illegitimate transactions. The pieces of information which are captured are then used to withdraw money from the victim’s bank account and many such incidents have been reported time and again.
Tips to avoid falling victim to ATM fraud
Though it is difficult to spot a skimmer device at the first instance, one can locate it by being vigilant. There are some tips which might be useful to not fall into the trap of fraudsters.
- Card Skimmer device can be identified if one is careful about it. Before inserting the card in the slot, ensure that no device is attached to the slot. Sometimes, the slot might look different from the usual slots. This might be a hint of the presence of a skimmer device.
- One should avoid seeking assistance from any person in the ATM even if they appear to be a security guard or a person from the bank.
- In order to identify skimmer keypads, one should see if the keypad is somewhat protruding or if the colour of the keypad is misfitting in the frame of the ATM machine.
- One should also look around once for any cameras. The camera might not be big enough to be visible. Sometimes, a small hole which appears as a lens may be the hidden camera used by the fraudsters.
- A person should use his hands to hide the finger movement so that even if there is a camera, the ATM pin cannot be cracked.
- One should use the ATMs which are well lit and secured and avoid the ATMs which are in deserted or isolated locations.
- One should be cautious and vigilant of one’s account statement so that any discrepancy is immediately identified.
- The RBI has laid down guideline that one should get their mobile numbers and email id, wherever possible linked with the bank account for transaction alerts.
- Also, one should refrain from sharing the ATM pin from anybody, irrespective of the relation.
Steps to lodge a complaint on ATM Card Skimming
It is not very unusual to fall victim to the tactics of fraudsters who try to steal money. Thus, if one fall into this trap, the person should lodge a complaint. A complaint could be a criminal one or a civil one. The former means getting the offender punished which can be done under the Information Technology Act, 2000 and the latter means getting the bank to compensate the lost money. Since ATM Card Skimming falls under the category of cyber crime, the recourse is available under the Information Technology Act, 2000. Further, the RBI has also laid down regulations to provide guidelines to register such complaints with the bank.
The complaint can be lodged with the bank
The RBI regulation on ‘Customer Protection – Limiting Liability of Customers of Co-operative Banks in Unauthorised Electronic Banking Transactions’ is a detailed guideline of the steps that the bank and the customer should take in case of an incident of ATM card skimming.
Regulations for the banks
The responsibility of the banks has increased after the regulation of RBI.
- The banks have been directed to install such systems and procedures which ensure customers safety in electronic transactions.
- The banks must make it mandatory for the customer to link their mobile number and email id with the account so as to receive alerts of all the transactions.
- The banks have been directed to provide such facilities to the customers through which any unauthorised transactions can be reported. For this, the banks have to provide 24×7 helpline access which may be through website, email, IVR, a dedicated toll-free helpline, etc.
- Further, the SMS alerts or the email alerts which are received by the customer must have a reply option so that lodging a complaint is not a difficult task. The customers need not look for any link or email address to do the same.
- The banks have to provide a direct link on their website for lodging complaints. Such a link must contain a specific option to report unauthorised electronic transactions.
- The banks have to ensure that an immediate response is made to the complaint with a registered complaint number.
- The date and time of the complaint must be recorded to determine the liability of the customer.
- The RBI has also come up with a regulation on control measures for ATMs which have to be complied with by the banks within the time prescribed in the regulation.
Determination of liability and payment by the Bank
This regulation has shifted the onus on the bank. Earlier, it was on the customer to prove that fraud has taken place but now the onus is on the bank to prove customer’s liability. The regulation lays down the detailed provision of the liability of the customer in case of an unauthorised transaction.
- The liability of the customer will be zero in certain cases.
- If there is negligence or deficiency or contributory fraud on the part of the bank, then the customer will not at all be liable to bear the brunt of the unauthorised transaction.
- If there is a third party breach which has resulted i.e. neither the bank nor the customer is responsible for the events which led to such unauthorised transaction, and the customer has reported the fraud within three working days, then there will be no liability on the customer.
- RBI has limited the liability of the customer in certain cases.
- If the negligence is on the part of the customer, then he shall be liable for the same until he reports the unauthorised transaction to the bank. However, after he has reported the same to the bank, the liability will be that of the bank.
- If the breach is done by a third party and the complaint is lodged after three days but within seven days of such unauthorised transaction, then the liability of the customer will be limited either to transactional value or the value prescribed by the RBI in its regulation, whichever is less.
- If the complaint is delayed beyond seven days, then the liability of the customer is to be determined by the bank’s Board approval policy.
The banks have been directed by the RBI that the payment in such cases have to be done within ten working days. Such amount which is credited in the account of the customer has also been termed as ‘shadow reversal’. The ten days is to be counted from the date of complaint by the customer.
Steps for lodging complaint with the bank
Thus, it is clear that if a person seeks a civil remedy in case of ATM card fraud then he should lodge a complaint with the bank as soon as possible. The bank has been made duty bound to provided facilities for lodging such complaint. The RBI has regulated that multiple channels should be provided by the bank for the same, along with the ‘reply’ option in the SMS or email alert. The bank in which such complaint has to be made is the one in which the customer has the account and not the bank of the which the ATM machine was used.
The liability of the customer increases with the delay in filing the complaint. If the bank dismisses the complaint or has failed to respond or such response is not satisfactory, then the customer can approach banking Ombudsman. The appeal from the order can be done to the deputy governor of the RBI within 30 days of the order. Further, the appeal from this can be made in a High Court.
A complaint can be lodged with the cyber cells
A customer can also lodge an FIR with the cyber cell of police. The Criminal Investigation Departments (CIDs) have opened up cyber cells in various cities for the effective implementation of cyber laws. A cyber crime can be reported in any cell across the country. The customer needs to follow a detailed procedure for registering a complaint with the cyber cell. Under section 66C and 66D of the Information Technology Act, 2000 such type of unauthorised transaction is an offence and is punishable with such imprisonment which may be of either description and may extend to three years. Such an offender is also liable to pay fine.
Awareness with respect to ATM card skimming is really important to prevent the crime and report it immediately with the concerned authorities. The necessary regulations of the RBI and the provision of cyber cells hold immense importance in providing the remedy to the customer in case of ATM card skimming.