RBI Rules on Unauthorised Bank Transactions – When the Customer Has Zero Liability

Digital and electronic banking has become the backbone of modern financial transactions. But along with convenience comes risk—fraudulent online transactions, card misuse, UPI hacks, SIM swaps, phishing, and unauthorised withdrawals.

To protect customers, the Reserve Bank of India (RBI) issued strong guidelines titled:

“Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions.”

Originally issued for banks earlier, RBI later extended the same protection to Co-operative Banks as well, through its important circulars.

These rules ensure that if a customer reports an unauthorised transaction promptly, he may not have to bear any financial loss.

🔹 1. What Is an Unauthorised Electronic Banking Transaction?

An unauthorised transaction means:

• The customer did not approve it

• The customer did not act fraudulently

• The transaction happened without the customer’s knowledge

Examples:

✔ Debit card swipe without possession
✔ UPI fraud or OTP misuse
✔ Net-banking hacking
✔ SIM swap fraud
✔ Money sent to unknown accounts without consent

When this happens, speed of reporting is the most important factor.

🔹 2. RBI’s Zero Liability Rule – Customer Pays Nothing

According to RBI, a customer has zero liability if:

✔ They report the unauthorised transaction to the bank within 3 days

of receiving SMS / email alert / passbook entry.

In such cases:

• The bank must credit (reverse) the amount

• The customer does not suffer any financial loss

• The reversal must happen within 10 working days

This rule applies to:

• All Scheduled Commercial Banks

• Co-operative Banks

• Payments banks

• Small Finance Banks

🔹 3. Why the Zero Liability Rule Exists

RBI stated that because:

• Online frauds have grown sharply

• Customers cannot be blamed for sophisticated cyber-attacks

• Banks must improve security systems

→ Therefore, banks must protect innocent customers.

This approach encourages trust in digital banking and ensures consumers feel safe using electronic channels.

🔹 4. When Customers Have Limited Liability

If the fraud happened due to:

• Customer sharing OTP

• Customer sharing password

• Customer clicking a suspicious link

• Delay of more than 3 days but less than 7 days in reporting

→ The customer may have partial liability, depending on the delay and circumstances.

But the bank must still investigate and resolve the complaint quickly.

🔹 5. When Customers Have Zero Liability (Detailed Coverage)

Customer has no financial liability at all when:

1. The bank’s system fails
   Example: Fraud due to security breach on bank’s side.

2. The bank has not ensured secure systems
   Example: Weak authentication that allowed fraudsters to bypass controls.

3. The customer reports the fraud within 3 days of receiving the alert
   Example: Customer gets SMS at 2 pm, reports by 4 pm the next day.

In all these cases, bank must:

✔ Re-credit the customer's account
✔ Complete the process within 10 working days
✔ Not charge the customer any penalty

🔹 6. How to Report an Unauthorised Transaction (Step-by-Step)

Customers should follow these steps immediately:

Step 1: Call the bank’s toll-free number

Use the helpline listed on the ATM card or website.

Step 2: Send written complaint through email or branch

Mention account number, transaction time, and details.

Step 3: Block card / net-banking / UPI

Banks must freeze channels instantly to prevent further loss.

Step 4: Request written acknowledgment

This is important for claiming zero liability under RBI rules.

Step 5: Follow up for refund

Bank must reverse the amount within 10 working days.

🔹 7. What Must Banks Do Under RBI Rules?

Banks are required to:

• Provide 24×7 reporting channels

• Offer SMS/email alerts for every transaction

• Take complaint immediately

• Reverse the disputed amount within 10 days

• Resolve the complaint within 90 days

• Improve fraud-prevention systems

A bank cannot refuse or delay your complaint simply by saying “we will investigate for months.”

🔹 8. Why 3 Days Is Critical – Do Not Delay

RBI clearly states:

If complaint is made within 3 days, customer has ZERO liability.

Delays reduce protection because the assumption is:

• Customer should regularly check SMS and email alerts

• Immediate reporting reduces further loss

Therefore, the sooner you notify, the stronger your case.

🔹 9. Important RBI Circular References (Simplified)

• RBI Circular UBD.BSD.I/PCB/No.45/12.05.00/2001-02

• Circular RPCD.CO.RCB.BC.No.36/07.51.010/2014-15

• Master Directions on Customer Protection – Limiting Liability

These circulars form the foundation of customer protection rules for Co-operative Banks and all other Indian banks.

⭐ Conclusion

RBI’s customer protection regulations ensure that innocent customers do not lose money due to cyber fraud or unauthorised electronic banking transactions.

If a customer:

✔ Reports the fraud within 3 days,
✔ Did not participate in the transaction,
✔ Did not act carelessly,

Then the customer has ZERO liability, and the bank must refund the entire amount quickly.

Timely reporting, documentation, and awareness of RBI rules are key to protecting your money.