RBI Ombudsman Office Is Flooded With ATM Related Complaints

After improving ATM security in India, reserve bank of India (RBI) is now planning to conclusively establish the responsibility of ATM frauds. Most of the complaints received by the ombudsman’s office of RBI pertain to fraudulent transaction through ATMs.

The ombudsman’s office is registering a growing number of customers’ complaints claiming that despite funds not having been withdrawn, the amount gets debited from the account. RBI is now planning to mandate that banks have to prove the customer received the funds.

This means that the burden of proof is now upon the concerned bank to prove that the customer has actually withdrawn the money. With the proposed due diligence requirements by RBI, this liability of banks have become even more onerous.

Banking industry has not taken due diligence and cyber crimes seriously. Whether it is phishing scams, spam frauds, Nigerian frauds, ATM frauds or credit card cloning frauds, Indian banking industry is not serious about them. The truth is that banking industry of India is not at all prepared to tackle the growing banking related technological crimes.

Even the government of India is responsible for this position. Under pressure of industrial lobbying, Indian government has made the sole cyber law of India impotent. For instance, even if a cyber criminal is apprehended for a banking related cyber crime, he has to be released on bail as a matter of right under the information technology act, 2000 of India.

Even RBI sources claim that the present cyber law is losing its significance in the fast changing banking sector. The customer service committee is expected to highlight the need to re-look at the cyber law. Some urgent steps must be taken as soon as possible by Indian government before banking industry is severely hit by cyber criminals.

Cyber Due Diligence For Banks In India

Cyber security of banking sector is an area that must be taken very seriously by banks of India. Cyber risks for banking industry in India are increasing at an alarming rate. Whether it is phishing scams, spam frauds, Nigerian frauds, ATM frauds or credit card cloning frauds, Indian banking industry is not prepared to tackle them.

Realising the gravity of the situation, the Reserve Bank of India (RBI) has recently released a report of its working group on information security, electronic banking, technology risk management, and cyber frauds.

The report has also issued many recommendations that Indian banks would be required to follow in order to provide safe and secure technology driven banking. Practically, this means that banks in India would be required to adopt techno driven and cyber law related due diligence requirements.

Till now banks have not taken due diligence requirements seriously. Already many cyber law related contraventions adjudication proceedings have started in India. The trend is going in the direction of more such consumer disputes and adjudication proceedings in India.

A major reason for this apathy on the part of banks for due diligence is lack of awareness regarding provisions of cyber law of India. The information technology act, 2000 (IT Act, 2000) clearly mandates observation of due diligence on the part of banks. In the absence of such due diligence, banks can be held liable for consumer losses.

Banks must establish core IT committees as per RBI directions that must consist of good techno legal professionals who can guide them regarding various due diligence requirements under the IT Act, 2000 and other laws.