Internet Banking in India:
The Retail Habits, Internet Banking/ Card Fraud &
the Preventive- Remedial Measures
I dream of a Digital India where Cyber Security becomes an Integral Part of our
National Security-Hon'ble Prime Minister Narendra Modi
Internet Banking or Net Banking allows any individual or any association to
transfer the funds from its bank account to another bank account through the
Bank's or other financial institutions website.
It is to noted that the speed and the intensity with which the online
transactions has reached most of the urban households is worth appreciable and
this was only made possible by the initiatives that were taken by the Government
of India after demonetization in 2017 where the Union Government impliedly
highlighted the need for Indian Population to adopt cashless mode of
transaction. Four years down the line, and here we are preferring online mode of
transaction over the cash transactions.
Online Transactions: Classification
The financial transactions are of different types which are enumerated below:
- NEFT (National Electronic Fund Transfer)
National Electronic Funds Transfer (NEFT) is a nation- wide centralised payment
system owned and operated by the Reserve Bank of India and as per the RBI
guidelines this mode of online payment is accessible to any person or body to
transfer the money from its Bank Account to the receiver's bank account by
visiting the Bank's website and filling simple details in the NEFT form.
It is accessible to the public 24*7*365 days, including holidays and there is no
transaction limit for NEFT transactions as per the RBI guidelines.
Transactions are not instantaneous but take place in batches.
It is one of the most popular ways of transferring funds online.
- RTGS (Real Time Gross Settlement)
Real Time Gross Settlement or RTGS is the instantaneous mode of transfer of
funds from one's bank account to another. Therefore it is also known as
continuous mode of transfer of funds.
Although there is no upper limit for funds transfer, a minimum amount of Rs. 2
Lakhs need to be transferred to be eligible for RTGS.
It is accessible to the public 24*7*365 days. Can be done through offline as
well as online mode through the Bank's website.
- ECS (Electronic Clearing System)
Electronic Clearing System is the mode of transaction through which a person can
pay his or her bills.
- IMS (Immediate Payment Service)
It is the instantaneous mode of transfer of funds from one's bank account to
another with the help of mobile phones. This online mode of transferring the
money has proved to be the most convenient of all, especially for the day-to-day
financial transactions for the purpose of small businesses, buying and selling
of goods and services.
To be eligible for IMS, a person need to go for KYC (Know your customer or
client) and has to fulfill all the norms that are laid down by the RBI as per
its Mobile Payment Guidelines of 2008.
These are the four online modes of payment that have made life easier for the
customers throughout the country.
Payment Habits Of The Indian Population: A Survey
According to the Pilot Survey Report of the Reserve Bank of India dated April 26
of 2021 titled Retail Payment Habits in India- Evidence from a pilot survey
conducted in six cities in the time period of December 2018 to December 2019, it
has been found out that there has been an exponential rise in the number of
people using digital payments and one of the strong reasons behind this drift
away from the paper notes has been the convenience in making a digital payment
and after debit/ credit card payments, the payments made through net banking is
the second most preferred mode for Digital payments in India.
Therefore, safety and precautionary measures become the priority in Debit or
Credit card payments and Net Banking. The next segment of this Article deals
with the same.
Preventive Measures & The Guidelines Laid Down By The Rbi
The Reserve Bank of India (RBI) has been issuing guidelines in the form of
notifications on a regular basis to educate the people in cases of fraudulent
transactions or irregularities cited in their Bank Accounts.
Customer Protection- Limiting Liability of Customers in Unauthorised Electronic
One of such notifications is titled Customer Protection- Limiting Liability of
Customers in Unauthorised Electronic Banking Transactions dated July 6 of 2017
where the RBI has notified the liabilities of a customer in order to protect
them in certain unwanted situations.
Master Directions on Frauds- Classification and Reporting by Commercial Banks
and select FIs
- For instance, it has been made mandatory for the customers to opt for the SMS
alerts and wherever available register for emails as well.
- It is the obligation on a customer to notify their banks of any unauthorised
electronic banking transaction at the earliest after the occurrence of such
transaction, as longer the time he would take to inform the higher may be the
loss for him or the bank. The Reserve Bank of India has also come up with a toll
free no. 14440 for spreading awareness.
- Similarly, a reverse obligation is on the Banks as well to provide a 24*7 route
to the customers through multiple channels so that they may inform the Bank at
the earliest of the unauthorised transaction.
- Limited liability of a Customer
There shall be zero liability of the customer in cases where unauthorised
transactions took place due to the Contributory Fraud/ Negligence/ deficiency on
the part of the Bank (whether or not reported by the Bank) and in cases where
third party breach where neither the Bank nor the customer is responsible
(reported within 3 working days from the day the communication is received from
the Bank), and
There shall be limited liability and the customer shall be liable to the loss
occurred to him in cases, where the unauthorised transaction took place as a
result of his own negligence and in cases where he reports to the Bank and
unauthorised transaction takes place after such reporting then the Bank shall be
liable for the loss occurred and in cases where neither the Bank nor the
customer is responsible and there is a delay of four to seven working days from
the day the communication is received from the Bank.
- Reversal Timeline for Zero Liability/ Limited Liability of a customer
Once the customer notifies the Bank about the unauthorized transaction, then the
Bank mandatorily needs to transfer such an amount to the Customer's bank account
within 10 working days of such notification. In addition to it, the Bank lifts
up the obligation to resolve the complaint of the customer within 90 days from
the date of notification.
- The burden of proof is on the bank to prove the customer liability pertaining to
unauthorized electronic banking transactions.
This was the notification dated July 1 of 2016 (updated as on July 3 of 2017)
where the RBI dealt with the bank fraud comprehensively by providing a legal
framework to banks in order to enable them to do fraud risk management
effectively and covered all the aspects concerning it. Some of the essential
highlights are enumerated below:
To provide a uniformity in implementation fraud has been classified in
accordance with the Indian Penal Code into:
- What is Fraud: Legal Terms: Fraud is defined in Section 421 of the Indian Penal
Code 1860 and Section 17 of the Indian Contract Act 1872 and has the following
- There must be a representation and assertion;
- It must relate to a fact;
- It must be with the knowledge that it is false or without belief in its
- It must induce another to act upon the assertion in question or to do or
not to do a certain act
- Misappropriation (Section 403 IPC) and Criminal Breach of Trust (Section 405
- Fraudulent encashment through forged instruments, manipulation of books
of account or through fictitious account and conversion of property (Section
477A and 378 IPC)
- Unauthorized credit facilities extended for reward or for illegal
- Cash shortages
- Cheating (Section 415 IPC) and forgery (Section 463 IPC)
- Fraudulent Transactions involving foreign exchange
- Any other type of fraud not coming under the specific heads as above
When we are dealing with fraud in internet banking or debit/ credit card fraud
we are talking basically about misappropriation of funds or cheating that may
lead to unauthorized credit of funds to a person who is not entitled to receive
such an amount.
The CEO or Managing Director of the Bank must give priority to the Fraud
Prevention and Management Function so that effective investigation may be
conducted by the Law Enforcement Agencies as well as accurate reporting is made
to the Reserve Bank of India.
The Fraud Prevention and Management Function can be classified into:
- Fraud Risk Management
- Fraud Monitoring, and
- Fraud Investigation Function
Where the former is a preventive measure while the latter two are the remedial
measures. The Banks are bound to send Fraud Monitoring Returns (FMR) to RBI
electronically of the individual cases of fraud that have been committed. For
the frauds involving a monetary sum of Rs. 50 million or more a Flash Report
(FR) is sent to the RBI and other law enforcement agencies.
To avoid bank frauds in the future, the RBI has made available a database by the
name of Central Fraud Registry (CFR) that is a collection of all the Fraud
Monitoring Returns filed by the Bank throughout the country, which in turn helps
the Bank in identifying, controlling, reporting and mitigation of risk and
proves to be a guide in dealing with incoming customers.
Central Vigilance Commission (CVC) Guidelines on reporting of Fraud Cases to
Police or CBI
From time to time, the Central Vigilance Commission (an independent statutory
authority formed by the CVC Act of 2003 with a vision to fight corruption) has
issued guidelines in the form of circulars pertaining to the reporting criteria
that finds its place even in the master guidelines issued by the RBI in the year
The following table sums up the reporting criteria:
To be lodged with Joint Director (Policy), CBI.
||Amount involved in the Fraud
||To whom complaint should be made
|Foreign or Private Sector Banks
||Rs. 10,000 or above
||If committed by Staff
||Rs. 1,00,000 or above
||If committed by Outsiders OR with the aid of
||Rs. 1 Crore or above
||State Police + Serious Fraud Investigation
Office (SFIO), Ministry of Corporate Affairs, Government of India
||Report to SFIO in Fraud Monitoring Return (FMR)
|Public Sector Banks
||Rs. 10,000 or above but below Rs. 1,00,000/-
||If committed by Bank Staff
||Rs. 1,00,000 or above but below Rs. 3 Crores
||State CID or EOW (Economic Offences Wing) of
the State concerned
||To be lodged by the Regional Head of the Bank
||Rs. 3 Crores or above but upto Rs. 25 Crores
||Central Bureau of Investigation (CBI)
- Lodged with Anti- Corruption Bureau of CBI where there is prima
facie staff involvement OR,
- Where there is no staff involvement then to be lodged with EOW
wing of the CBI
||More than Rs. 25 Crores but upto Rs. 50
||To be lodged with the Banking Security and
Fraud Cell (BSFC) of CBI
||More than Rs. 50 Crores
||To be lodged with Joint Director (Policy),
All fraud cases of value below ₹ 10,000/- involving bank officials, should be
referred to the Regional Head of the bank, who would scrutinize each case and
direct the bank branch concerned on whether it should be reported to the local
police station for further legal action.
Steps To Be Taken By The Fraud Victim
The victim should after being notified through SMS or emails about the
unauthorized transaction should immediately inform the Bank about the fraud and
lodge a complaint with the Bank concerned and should opt for blocking the card
or the bank account that has been targeted.
Secondly, the victim should collect the information from the Bank pertaining to
the mode through which the unauthorized bank transaction has taken place.
Approach the nearest Police Station and lodge a complaint by narrating to them
the entire incident that has taken place.
In addition to it, submit to the Police the following documents:
- Bank statement of the last 6 months of the Bank account concerned
(collect it from the bank)
- A copy of the SMS received related to the alleged transaction
- Any ID Proof along with the address proof that is in the Bank Records
The victim can dial the helpline number 155260 or report the incident through
www.cybercrime.gov.in on National Cybercrime Reporting Portal.
The following credentials need to be provided at the time when the victim choose
to make a complaint through the helpline number:
- Mobile Number
- Name of Bank/Wallet/ Merchant from which amount has been debited
- Account No./Wallet ID/ Merchant ID/ UPI ID from which amount has been
- Transaction ID
- Transaction date
- Debit/Credit Card number if their credentials are used for committing
- Screenshot of SMS received from the Bank after the transaction or any
other image reflecting fraud, if available
After which, the complainant will receive a system generated ID and password
through which he has to complete the registration on the National Cybercrime
Reporting Portal (www.cybercrime.gov.in) within 24 hours. (mandatory).
The concerned Police Officer will be deputed for this case and due legal course
would be adopted by the Police
Bank Frauds Over The Years- Data Analysis
According to the RBI Annual Report 2020-21, there has been a decline in the
number of fraud cases by 15% and 25% decline has been seen in the fraud value in
the Public Sector Banks. On the other hand, the Private Sector Bank Fraud Cases
as well as the Fraud Value has been on a continuous rise.
The report also enshrines the classification in the area of operations as well,
where it has been found out that although there has been a slight decline in the
number of fraud cases by 132 pertaining to Card or Internet Fraud as compared to
2019- 20 but the share of Card or Internet Fraud has been on a rise since 2018-
19 from 27.5% of all the frauds to 34.6% of all the frauds.
One of the key objectives of CVC and the RBI after the fraud has been committed
is to reduce the time gap between the date of occurrence of fraud and the date
of detection and according to the Annual Report 2020- 21 the average time lag
has been found to be 23 months while in frauds involving amount greater than Rs.
100 Crore, the average lag was 57 months.
In Derry v. Peak
, it was observed that with either knowingly or possessing the
reasons to believe that such statement is false and even then making it would
amount to fraud.
In CBI v. Vikaram Anantrai Doshi and Others
, the Supreme Court observed that
Banking frauds cannot be clubbed with the personal or individual frauds as it
impacts the whole society and larger population.
Similarly in a landmark judgment of State Trading Corporation of India v. M/S
Millennium wires (P) Ltd and Others, the Delhi High Court was of the view that
the verity that there is existence of fraud in itself is not sufficient, but
what is important is that the notice of such fraud to the Bank must be proven.
This Article was an honest effort on the part of the Author to serve the readers
with the preventive measures that a user of online mode of money transfer should
take while being aware of the essential guidelines issued by the law enforcement
agencies such as RBI, Cyber Cell, Central Vigilance Commission etc. in order to
avoid any kind of unauthorized transactions from their account that may affect
their living. In addition to it, the remedial measures for victims of bank fraud
have been enumerated in brief so that this piece of paper may prove to be a
guide in such unwanted circumstances.
This paper also explains some of the technical terms and topics pertaining to
the online transactions including the vast domain of what internet banking is,
the evolution of the Internet Banking in India along with the retail habits of
the Indian Population as well as the data reflecting the bank frauds over the
years so that this Article also covers the legal education for the research and
Written By: Aniket Rai,
5th Year, BA.LLB with spz. Energy Laws, UPES