Unauthorized Electronic Payment Transactions and Customer Liability

February 15, 2019
Digital transactions

Scope of Customer liability in unauthorized digital transactions

The Reserve Bank of India vide notification[1] dated January 04, 2019, reformed the area of unauthorized electronic transactions in prepaid payment instruments (hereinafter referred to as PPIs) by defining customer liability and bringing all the customers to the same level with regard to electronic transactions made by them via any non-bank. PPIs are the methods such as internet account, wallets, mobile wallets, smart cards, etc., wherein goods and services can be purchased against the value pre-stored in such instruments. PPI mechanism was explained in detail in our earlier article .
The notification differentiates between two types of transactions covered under the scope of the notification. Firstly, remote online transaction which do not require physical PPIs to be presented at the point of transactions and secondly proximity payment transactions which require the physical PPIs such as cards or mobile phones to be present at the point of transactions.
Customer’s Liability
The liability of the customers is defined three ways based on contributory fraud, negligence or other deficiencies. These are :

  • If there is a contributory fraud, negligence or other deficiency on the part of the PPI issuer, in this case no liability shall lie on the customer. The customer shall have no liability in this case.
  • If there is loss due to the negligence of the customer such as sharing payment credentials, the customer in this case shall bear the entire loss until the unauthorized transaction is reported to the PPI issuer. Any further loss shall be borne by the PPI issuer.
  • Lastly, in case the fault does not lie on the issuer or the customer and the customer reports within three days, no liability shall be borne by the customer. If the customer reports after three days but before seven days, the customer will be liable towards the transaction amount however not more than ten thousand rupees. Beyond seven days it will be in accordance with the issuer’s policy.

Additional guidelines
The unauthorized payment transaction in the banking sector shall be governed by the earlier notifications[3] on the subject. The RBI imposes a greater burden on the PPI issuer to credit the reversal amount in the customer’s bank within ten days of the notification by the customer and further states that the issuer should ensure that the complaint is resolved within 90 days. The burden of proving customer liability in case of unauthorized electronic payment transactions shall lie on the PPI issuer. Lastly, the notification directs the PPI issuer to put in place a suitable mechanism and structure for reporting of the customer liability cases to the Board or one of its Committees.
[1] Notification No. RBI/2018-19/101 DPSS.CO.PD.No.1417/02.14.006/2018-19 dated January 04, 2019 available at

[2] India: RBI permits interoperability transactions dated October 24, 2018 available at
Tender for Non-competitive Bids .

[3]Notification no. RBI/2017-18/15 DBR.No.Leg.BC.78/09.07.005/2017-18 dated July 6, 2017 available at
https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11040&Mode=0  or Notification no. RBI/2017-18/109 DCBR.BPD.(PCB/RCB).Cir.No.06/12.05.001/2017-18 December 14, 2017 available at
https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=11188&Mode=0 .

Related Posts

Key Features and Issues in the Digital Personal Data Protection Bill, 2022

For more information please contact us at : info@ssrana.com