With expected increase in card-based transactions and movement towards paperless transactions, we need to adopt a new piece of legislation, similar to the Regulation E of the US

It is a praiseworthy move that the Reserve Bank of India (RBI) has decided not to grant any further extension to banks for complying with security norms with respect to card transactions. RBI has said that banks will have to bear the cost of fraudulent credit card transaction through point of sales (PoS) terminals that do not have prescribed security features. As a customer friendly measure, the RBI has directed banks to follow the course of action, if a fraudulent transaction is reported by a customer on a credit card through any PoS terminal.

As per RBI circular, banks are expected to comply with the following course of action:

• • The issuing bank would ascertain, within three working days from the date of the cardholder approaching the bank, whether the respective PoS terminal/s where the said transaction/s occurred is/are compliant with Terminal Line Encryption (TLE) and Unique Key Per Terminal (UKPT) or Derived Unique Key Per Transaction (DUKPT) as mandated.
• • In the event it is found that the PoS terminals are non-compliant as mandated, the issuing bank shall pay the disputed amount to the customer within seven working days, failing which a compensation of Rs100 per day will be payable to the customer from the 8th working day.
• • The issuing bank shall claim the amount paid by it to the customer from the respective bank/s which have acquired the PoS transaction/s in question.
• • The acquiring banks have to pay the amount paid by the issuing bank without demur within three working days of the issuing bank raising the claim, failing which the RBI would be constrained to compensate the issuing bank by debiting the account of the acquiring bank maintained with the Bank.

While this is one good move by RBI, after it decided to ban zero equated monthly instalments (EMI) scheme, it still does not solve the problem of the credit card and debit card holders. Card- related frauds are very common and customers face several problems with respect to the security of the card and potential threat that arises from misuse of cards. Customers holding credit card or that matter any electronic device need better protection against frauds. In order to provide better protection to the customers, there is a need to carry out comprehensive changes in the card industry. The famous US regulation called “Regulation-E” can act as the guide in implementation of preventative measures against credit card frauds.

What is Regulation E?

Regulation E popularly known as REG-E outlines the rules and procedures for electronic funds transfers (EFTs) and outlines guidelines for those who sell and issue electronic debit cards. Regulation E establishes certain types of protection for consumers that employ electronic transfer systems.

How does Regulation E protects card holders?

Regulation E provides protection to the card holders by defining the maximum liability of a card holder. As per the regulation, “A consumer shall be liable for any unauthorised electronic fund transfer involving the account of such consumer only if the card or other means of access utilised for such transfer was an accepted card or other means of access and if the issuer of such card, code, or other means of access has provided a means whereby the user of such card, code, or other means of access can be identified as the person authorized to use it, such as by signature, photograph, or fingerprint or by electronic or mechanical confirmation.” 

This statement clearly indicates that unless it is established that the card was accepted by the customer, the liability of the customer does not arise. While identifying the consumer’s liability, the act says that in no case the liability of the customer would exceed $50.

In the worst case scenario, when the customer fails to notify the fraudulent transaction to the issuer of the card, the limit of penalty has been defined as $500.

Burden of Proof

Another favourable aspect of the regulation is that the burden of proof in the event of a fraud is with the financial institution. As per the Act, the burden of proof lies with the financial institution, “In any action which involves a consumer's liability for an unauthorized electronic fund transfer, the burden of proof is upon the financial institution to show that the electronic fund transfer was authorized or, if the electronic fund transfer was unauthorized, then the burden of proof is upon the financial institution to establish that the conditions of liability.”

This kind of regulation requires support of insurance on a large scale. Additionally, the technology needs to be advanced for implementation of a regulation at the scale of REG-E. However, with expected increase in card based transaction and movement towards paperless transactions we need to adopt a new piece of legislation, which should be extremely customer friendly that in turn would encourage faster transactions and make transaction system more efficient.

(Vivek Sharma has worked for 17 years in the stock market, debt market and banking. He is a post-graduate in Economics and MBA in Finance. He writes on personal finance and economics and is invited as an expert on personal finance shows.)