While the nation is gradually moving towards a cashless age, data from an RTI query shows that since January 2015 to December 2017, a total of 35,551 credit cards and 21,860 debit/ATM card frauds have been reported in the country. The amount involved in this fraud is Rs 14,165 lakh for credit cards, and Rs14, 869 lakh for ATM/debit card. However, on June 2, 2016, the Reserve Bank of India has issued a circular where banks have been advised to report all unusual cyber security incidents to RBI within 2-6 hours of detection, till December 2017, and compensate the account holder of the lost amount.
The RTI that was addressed to Reserve Bank of India a reply of which came on January 19, to Pune based RTI activist Prafful Sarda.
He had also asked who compensates the customer in case of a loss by skimming or card cloning, to which the RBI asked Sarda to go through their circular of July 2017. The circular has specified that, on being notified by the customer, the bank shall credit (shadow reversal) the amount involved in the unauthorised electronic transaction to the customer's account within 10 working days from the date of such notification by the customer (without waiting for settlement of insurance claim, if any). Banks may also at their discretion decide to waive off any customer liability in case of unauthorised electronic banking transactions even in cases of customer negligence. The credit shall be value dated to be as of the date of the unauthorised transaction. Further, the circular reads, "In case of debit card/ bank account, the customer does not suffer loss of interest, and in case of credit card, the customer does not bear any additional burden of interest."
One of the circulars by the RBI even mentioned that banks need to report all unusual cyber security incidents to RBI and they have observed banks are hesitant to share such incidents with them. The June 2, 2016 circular reads, "It is observed that banks are hesitant to share cyber-incidents faced by them. However, the experience gained globally indicates that collaboration among entities in sharing the cyber-incidents and the best practices would facilitate timely measures in containing cyber-risks. It is reiterated that banks need to report all unusual cyber-security incidents (whether they were successful or were attempts which did not fructify) to the Reserve Bank."
Sarda said, "My RTI was to understand the importance RBI and banks are giving to cashless transaction and what they are doing to make it safe. With increasing cashless transactions, frauds are also increasing. I request banks to increase their safety so as to avoid such cases so that all people can use debit and credit card fearlessly."