RBI issues Directions on Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Payment Transactions in PPIs issued by Authorised Non-banks

Jan 07, 2019 | by Avantis RegTech Legal Research Team

The Reserve Bank of India (RBI) on January 04, 2019 has reviewed the criteria for determining the customers’ liability in unauthorised electronic payment transactions resulting in debit to their Prepaid Payment Instruments (PPIs).

RBI has given reference of paragraph 9 of Statement on Developmental and Regulatory Policies regarding framework for limiting customer liability in respect of unauthorised electronic payment transactions involving PPIs, announced in the Fifth Bi-monthly Monetary Policy Statement for 2018-19 by the RBI.

A framework for ‘Risk Management’ and ‘Customer Protection’ has already been laid down in paragraphs 15 and 16 of Master Direction on Issuance and Operation of Prepaid Payment Instruments (PPI MD) issued vide DPSS.CO.PD.No.1164 / 02.14.006/2017-18 dated October 11, 2017 (updated as on December 29, 2017). With a view to further strengthen customer protection for the PPIs which are issued by entities other than banks, the criteria for determining the customers’ liability in unauthorised electronic payment transactions resulting in debit to their PPIs have been reviewed by RBI are as under:

·         Applicability:

The provisions of these directions will be applicable to all authorised non-bank PPI issuers (referred to as ‘PPI issuer’ hereafter). Bank PPI issuers will continue to be guided by DBR.No.Leg.BC.78/09.07.005/2017-18 dated July 6, 2017 or DCBR.BPD.(PCB / RCB).Cir.No.06/12.05.001/2017-18 dated December 14, 2017, as applicable. PPIs issued under the arrangement of PPI-MTS (PPIs for Mass Transit Systems) as per paragraph 10.2 of PPI MD will be outside the purview of these directions except for the cases of contributory fraud / negligence / deficiency on the part of the PPI-MTS issuer.

·         Categories of electronic payment transactions:

For the purpose of the circular, electronic payment transactions have been divided into two categories:

i.               Remote / Online payment transactions (transactions that do not require physical PPIs to be presented at the point of transactions e.g. wallets, card not present (CNP) transactions, etc.).

ii.             Face-to-face / Proximity payment transactions (transactions which require the physical PPIs such as cards or mobile phones to be present at the point of transactions e.g. transactions at Point of Sale, etc.).

·         Reporting of unauthorised payment transactions by customers to PPI issuers:

i.                     PPI issuers shall ensure that their customers mandatorily register for SMS alerts and wherever available also register for e-mail alerts, for electronic payment transactions.

ii.                   The SMS alert for any payment transaction in the account shall mandatorily be sent to the customers and e-mail alert may additionally be sent, wherever registered.

iii.                  Customers shall be advised to notify the PPI issuer of any unauthorised electronic payment transaction at the earliest

iv.                 To facilitate this, PPI issuers shall provide customers with 24x7 access via website / SMS / e-mail / a dedicated toll-free helpline for reporting unauthorised transactions that have taken place and / or loss or theft of the PPI.

v.                   Further, a direct link for lodging of complaints, with specific option to report unauthorised electronic payment transactions shall be provided by PPI issuers on mobile app / home page of their website / any other evolving acceptance mode

vi.                 The loss / fraud reporting system so established shall also ensure that immediate response (including auto response) shall be sent to the customers acknowledging the complaint along with the registered complaint number. The communication systems used by PPI issuers to send alerts and receive their responses thereto shall record time and date of delivery of the message and receipt of customer’s response, if any.

·         Limited liability of a customer:

A customer’s liability arising out of an unauthorised payment transaction will be limited as per the table mentioned in the Circular (page 3).

·         Reversal timeline for zero liability / limited liability of a customer:

On being notified by the customer, the PPI issuer shall credit (notional reversal) the amount involved in the unauthorised electronic payment transaction to the customer’s PPI within 10 days from the date of such notification by the customer (without waiting for settlement of insurance claim, if any), even if such reversal breaches the maximum permissible limit applicable to that type / category of PPI.

·         Board approved policy for customer protection:

PPI issuers shall formulate / revise their customer relations policy, with approval of their Boards, to cover aspects of customer protection, including the mechanism of creating customer awareness on the risks and responsibilities involved in electronic payment transactions and customer liability in such cases of unauthorised electronic payment transactions.

·         The burden of proving customer liability in case of unauthorised electronic payment transactions shall lie on the PPI issuer.

·         Reporting and monitoring requirements:

The PPI issuers shall put in place a suitable mechanism and structure for reporting of the customer liability cases to the Board or one of its Committees.

Directions contained in paragraph 16.4 of PPI MD as applicable to non-bank PPI issuers are being modified accordingly.

[Notification No.DPSS.CO.PD.No.1417/02.14.006/2018-19(RBI/2018-19/101)]

URL:  https://rbidocs.rbi.org.in/rdocs/notification/PDFs/NT101746BAE75BB964EB1AD2E5BB6DC3FE5DC.PDF


Related Updates

Alternate Text

Get updates on the go on RuleZbook Mobile App.