Reserve Bank of India (RBI) has put in place a Central Fraud Registry. It has informed that 13,083, 16,468 and 13,653 cases of ATM/Debit Card and Internet Banking frauds, where the amount involved is ₹ 1 lakh and above, were reported by commercial banks during financial years 2014-15, 2015-16 and 2016-17 respectively. As per RBI’s instructions, banks are required to report cases of fraud to law enforcement agencies. No centralised information is maintained regarding the outcome of investigations by law enforcement agencies.

For security of e-transactions, RBI has issued Cyber Security Framework to banks and Cyber Security Instructions to issuers of pre-paid instruments(“wallets”). Further, CERT-In issues alerts and advisories to financial institutions regarding latest cyber-threats/vulnerabilities and counter measures. RBI reviews cyber security developments and threats on an ongoing basis and takes necessary measures to strengthen cyber-resilience of banks.

To protect customers, RBI has issued instructions providing for zero liability of a customer where an unauthorised electronic transaction occurs due to contributory fraud or negligence or deficiency on the part of the bank, irrespective of whether or not the transaction is reported by the customer, and where a third-party breach occurs and the deficiency lies neither with the bank nor with the customer but elsewhere in the system, and the customer notifies the bank within three working days of receiving communication from the bank regarding the transaction Further, under RBI’s Banking Ombudsman Scheme, customers can lodge a complaint with the Banking Ombudsman against banks, for non-adherence to RBI’s instructions regarding mobile/electronic banking services.

This was stated by Shri Shiv Pratap Shukla, Minister of State for Finance in written reply to a question in Lok Sabha today.

Zero liability for unauthorised electronic transactions protects customers when bank or system deficiencies meet prescribed conditions. A centralised registry compiles bank-reported ATM/debit-card and internet-banking frauds while outcomes of law-enforcement investigations are not centrally maintained. Banks must report frauds to law enforcement and comply with a Cyber Security Framework and prepaid-instrument instructions. Customer protection includes a zero liability regime for unauthorised electronic transactions subject to conditions and timely notification, and customers may seek redress under the Banking Ombudsman for non-compliance with electronic-banking instructions.