It is said that the thief is always a step ahead of the police. This has relevance in the world of financial crime and policing too. Gone are the days when the unscrupulous elements used to misuse your bank account through traditional ways like making a phone call and claiming to be your bank manager and asking all your credit and debit card details. In an advancement, later on, the unknown and untraceable caller would ask for an OTP—the password that one receives by a text message at the time of transaction. To sum up, these thieves could only steal your money and carry out unknown and unauthorised transactions on your bank account if you shared your details with them like ATM PIN, Credit Card CVV, OTP, login details, etc.
To counter these potential dangers, the banks used to frequently advise their customers not to share such details with anybody including the bank officials. They often used to reiterate "Bank never calls you for your details."
Nowadays, it is quite worrisome to know that the thieves of today are not dependent upon such traditional ways. Nowadays, there are modern theft mechanisms like skimmers, cloning devices, hacking, phishing and what not. With the help of these new tools, a financial thief can steal your card details and online banking credentials without your knowledge. You may follow all procedural guidelines and take all precautions but you will be astonished to see that your bank account gets misused despite all these precautions. Of late, there have been millions of such unauthorised debits leaving the gullible common man clueless as to how how the thing happened.
Having said that, the million-dollar question that comes to our mind are "What can be done to safeguard our hard earned money and, if misuse has taken place, can we get our money back?" Well, the good news is that we have an answer.
On July 6, 2017, Reserve Bank of India issued a circular (RBI/2017-18/15DBR). This circular contains detailed guidelines on such fraudulent transactions. This circular covers a myriad of such transactions. However, I would limit my focus specifically on the issue of unauthorised and unknown transactions that take place without any mistake on the part of the customer. The RBI circular mentions that if a transaction took place in such a way that it was neither the customer's mistake nor the bank's mistake and the problem lied somewhere else in the system, then the customer is not liable. In such cases, the bank has to carry out its processes and procedures and reverse the total amount involved. The customer, in such cases, is not bound to prove that he did not make the transaction and that he did not share the card and login details with anybody; it is the bank that has to prove the same if they claim that the customer had made a mistake. It must also be noted that in such cases, the bank has to respond and reverse the money within a reasonable time frame of 30 days. They also have to shadow-reverse the amount within 15 days of the date of complaint. Shadow-reversal means a temporary reversal of money that should get reflected in the monthly statement. It must, however, be remembered that the intimation to the bank must be done within three days of the occurrence of such an incident. Such intimation may be done via an email, online complaint, a telephone call to the Customer Service Centre or physical submission of the complaint letter at your bank branch. Don't forget to take an acknowledgment of the receipt of your letter.
When this procedure is followed, the bank solves the case within 30 days. Once this is done, your monthly fresh statement reflects no such debits and your outstanding liability is exactly the same as without such unauthorised transactions.
If, unfortunately, the bank does not solve the case within 30 days, the customer may approach the Banking Ombudsman who is appointed by the Reserve Bank of India. In almost all cases, the bank solves the case and you do not have to approach the Banking Ombudsman.
Being a banker, I can write this with firm belief that banks have a proper system to deal with such cases of unauthorised transactions and we make it sure that our customers do not face any sort of inconvenience and loss. The only thing that is needed is patience and this understanding that it is a third-party-initiated fraud and not the bank's fault.
Here, I would also like to have the attention of those readers who belong to the Police Department, Cyber Crime and the like. When a customer faces such an incident and approaches a Police Station, he is asked to go to the Cyber Crime wing. But, when a common man goes to the Cyber Crime Wing, it is said to him that he has to approach the police and get an FIR forwarded to them. Common man, therefore, keeps running from one corner of this maze to the other corner. This unending puzzle laid down by the police and cyber cell brings inconvenience and chaos to the common man who finally gives up his chase. It's for the authorities to look into the matter and intervene and guide common masses with respect to this confusion of where to go to report such incidents.
Having said this, I would conclude with this reiteration that your bank account details, card details, login details and OTPs must not be shared with anybody. You should also carry out online banking transactions from a trusted computer and only use your card and bank login details on a trusted website (preferably the one starting with https and displaying a lock icon at the top). I would also recommend using Temporary-Card-Blocking Apps designed by some banks wherein you can switch your cards ON and OFF at your will. 'M-Serve' by Canara Bank is one such example. It is really a saviour.
The author is an MBA and works as branch incharge of a PSU bank in Srinagar