Page 34 - Banking Finance April 2018
P. 34
ARTICLE
The number of working days shall be counted as per the cases and the aggregate value involved and distribution
working schedule of the home branch of the customer across various categories of cases viz. Card present
excluding the date of receiving the communication. transactions ,card not present transactions ,internet
banking, mobilebanking, ATM transactions etc.
Reversal timeline for Zero Liability/
Conclusion:
Limited liability of customer:
Cyber threat is universal and preventive measures are must
The bank shall credit the amount involved in the
to safe guard from the threat. Hence Bank has to prepare
unauthorized electronic transaction to the customer's
IT Governance policy as a subset of cyber security policy
account within 10 working days from the date of such
that covers the usage of all of the Bank's Information
notification by the customer(without waiting for settlement
Technology and communication resources, including all
of insurance claim, if any). Banks may at their discretion
decide to waive off any customer liability in case of computer-related equipment, including portable PCs,
terminals, workstations, telecomm equipment, networks,
unauthorized electronic banking transactions even in cases
databases, printers, servers and shared computers, and all
of customer negligence. The credit shall be value dated to
networks and hardware to which this equipment is
be as of the date of the unauthorized transaction.
connected. All software including purchased or equipment
taken on rent or on outsourced model or licensed business
Banks shall ensure that: software applications, Bank written applications, employee
Y Complaint is resolved and the liability of the customer, or vendor/supplier-written applications, computer operating
if any established within such time as specified in the systems, firmware, and any other software residing on Bank-
bank's Board approved policy, but not exceeding 90 days owned equipment.
from the date of receipt of the complaint and customer
is compensated as per provisions. Policy to clearly define that technologies, processes and
Y In case of debit card /bank account, the customer does practices at the bank cannot be circumvented, allow only
not suffer loss of interest and in case of credit card; the authorized users to modify and/or delete key applications
customer does not bear any additional burden of and information, which will affect the accuracy or integrity
interest. of processing.
Board Approved policy for customer Banks have to prepare cyber crisis management team
headed by Chairman Key functional.
protection:
Unauthorized debits to customer account showing to Bank has to prepare Cyber Crisis Management Plan with
customer negligence/bank negligence /banking system concept to Identify, Protect, Detect, Respond, Recover and
frauds/third party breaches, bank need to clearly define the Learn basis.
rights and obligations of customers in case of unauthorized
transactions. Banks formulate customer relations policy with Ongoing crisis:
approval of their Boards to cover aspects of customer
Detect control Recover Remediate
protection, including the mechanism of creating customer
awareness on the risks and responsibilities involved in Post crisis:
electronic banking transactions.
Post Incident Analysis Reporting Crisis Prevention Plan So we
The policy must be transparent, non-discriminatory and can say that eternal vigilance is useful for safe and secure
mechanism of compensating the customers unauthorized financial system.
electronic banking transactions. Banks shall put in place a
suitable mechanism and structure for the reporting of the References:
customer liability .The reporting include volume/number of RBI circular's/RBI speeches
34 | 2018 | APRIL | BANKING FINANCE
