Internet Banking in India:
The Retail Habits, Internet Banking/ Card Fraud & the Preventive- Remedial Measures

I dream of a Digital India where Cyber Security becomes an Integral Part of our National Security-Hon'ble Prime Minister Narendra Modi

Introduction
Internet Banking or Net Banking allows any individual or any association to transfer the funds from its bank account to another bank account through the Bank's or other financial institutions website.

It is to noted that the speed and the intensity with which the online transactions has reached most of the urban households is worth appreciable and this was only made possible by the initiatives that were taken by the Government of India after demonetization in 2017 where the Union Government impliedly highlighted the need for Indian Population to adopt cashless mode of transaction. Four years down the line, and here we are preferring online mode of transaction over the cash transactions.

Online Transactions: Classification

The financial transactions are of different types which are enumerated below:

1. NEFT (National Electronic Fund Transfer)
   National Electronic Funds Transfer (NEFT) is a nation- wide centralised payment system owned and operated by the Reserve Bank of India and as per the RBI guidelines this mode of online payment is accessible to any person or body to transfer the money from its Bank Account to the receiver's bank account by visiting the Bank's website and filling simple details in the NEFT form.
   
   It is accessible to the public 24*7*365 days, including holidays and there is no transaction limit for NEFT transactions as per the RBI guidelines.
   
   Transactions are not instantaneous but take place in batches.
   
   It is one of the most popular ways of transferring funds online.
    
2. RTGS (Real Time Gross Settlement)
   Real Time Gross Settlement or RTGS is the instantaneous mode of transfer of funds from one's bank account to another. Therefore it is also known as continuous mode of transfer of funds.
   
   Although there is no upper limit for funds transfer, a minimum amount of Rs. 2 Lakhs need to be transferred to be eligible for RTGS.
   
   It is accessible to the public 24*7*365 days. Can be done through offline as well as online mode through the Bank's website.
    
3. ECS (Electronic Clearing System)
   Electronic Clearing System is the mode of transaction through which a person can pay his or her bills.
    
4. IMS (Immediate Payment Service)
   It is the instantaneous mode of transfer of funds from one's bank account to another with the help of mobile phones. This online mode of transferring the money has proved to be the most convenient of all, especially for the day-to-day financial transactions for the purpose of small businesses, buying and selling of goods and services.
   
   To be eligible for IMS, a person need to go for KYC (Know your customer or client) and has to fulfill all the norms that are laid down by the RBI as per its Mobile Payment Guidelines of 2008.

These are the four online modes of payment that have made life easier for the customers throughout the country.

Payment Habits Of The Indian Population: A Survey

According to the Pilot Survey Report of the Reserve Bank of India dated April 26 of 2021 titled Retail Payment Habits in India- Evidence from a pilot survey conducted in six cities in the time period of December 2018 to December 2019, it has been found out that there has been an exponential rise in the number of people using digital payments and one of the strong reasons behind this drift away from the paper notes has been the convenience in making a digital payment and after debit/ credit card payments, the payments made through net banking is the second most preferred mode for Digital payments in India.

Therefore, safety and precautionary measures become the priority in Debit or Credit card payments and Net Banking. The next segment of this Article deals with the same.

Preventive Measures & The Guidelines Laid Down By The Rbi

The Reserve Bank of India (RBI) has been issuing guidelines in the form of notifications on a regular basis to educate the people in cases of fraudulent transactions or irregularities cited in their Bank Accounts.

Customer Protection- Limiting Liability of Customers in Unauthorised Electronic Banking Transactions
One of such notifications is titled Customer Protection- Limiting Liability of Customers in Unauthorised Electronic Banking Transactions dated July 6 of 2017 where the RBI has notified the liabilities of a customer in order to protect them in certain unwanted situations.

• For instance, it has been made mandatory for the customers to opt for the SMS alerts and wherever available register for emails as well.
• It is the obligation on a customer to notify their banks of any unauthorised electronic banking transaction at the earliest after the occurrence of such transaction, as longer the time he would take to inform the higher may be the loss for him or the bank. The Reserve Bank of India has also come up with a toll free no. 14440 for spreading awareness.
• Similarly, a reverse obligation is on the Banks as well to provide a 24*7 route to the customers through multiple channels so that they may inform the Bank at the earliest of the unauthorised transaction.
   
• Limited liability of a Customer
  There shall be zero liability of the customer in cases where unauthorised transactions took place due to the Contributory Fraud/ Negligence/ deficiency on the part of the Bank (whether or not reported by the Bank) and in cases where third party breach where neither the Bank nor the customer is responsible (reported within 3 working days from the day the communication is received from the Bank), and
  
  There shall be limited liability and the customer shall be liable to the loss occurred to him in cases, where the unauthorised transaction took place as a result of his own negligence and in cases where he reports to the Bank and unauthorised transaction takes place after such reporting then the Bank shall be liable for the loss occurred and in cases where neither the Bank nor the customer is responsible and there is a delay of four to seven working days from the day the communication is received from the Bank.
   
• Reversal Timeline for Zero Liability/ Limited Liability of a customer
  Once the customer notifies the Bank about the unauthorized transaction, then the Bank mandatorily needs to transfer such an amount to the Customer's bank account within 10 working days of such notification. In addition to it, the Bank lifts up the obligation to resolve the complaint of the customer within 90 days from the date of notification.
   
• The burden of proof is on the bank to prove the customer liability pertaining to unauthorized electronic banking transactions.

Master Directions on Frauds- Classification and Reporting by Commercial Banks and select FIs
This was the notification dated July 1 of 2016 (updated as on July 3 of 2017) where the RBI dealt with the bank fraud comprehensively by providing a legal framework to banks in order to enable them to do fraud risk management effectively and covered all the aspects concerning it. Some of the essential highlights are enumerated below:

• What is Fraud: Legal Terms: Fraud is defined in Section 421 of the Indian Penal Code 1860 and Section 17 of the Indian Contract Act 1872 and has the following essential elements:
  
  1. There must be a representation and assertion;
  2. It must relate to a fact;
  3. It must be with the knowledge that it is false or without belief in its truth; and
  4. It must induce another to act upon the assertion in question or to do or not to do a certain act

To provide a uniformity in implementation fraud has been classified in accordance with the Indian Penal Code into:

1. Misappropriation (Section 403 IPC) and Criminal Breach of Trust (Section 405 IPC)
2. Fraudulent encashment through forged instruments, manipulation of books of account or through fictitious account and conversion of property (Section 477A and 378 IPC)
3. Unauthorized credit facilities extended for reward or for illegal gratification
4. Cash shortages
5. Cheating (Section 415 IPC) and forgery (Section 463 IPC)
6. Fraudulent Transactions involving foreign exchange
7. Any other type of fraud not coming under the specific heads as above
   And,
   When we are dealing with fraud in internet banking or debit/ credit card fraud we are talking basically about misappropriation of funds or cheating that may lead to unauthorized credit of funds to a person who is not entitled to receive such an amount.

The CEO or Managing Director of the Bank must give priority to the Fraud Prevention and Management Function so that effective investigation may be conducted by the Law Enforcement Agencies as well as accurate reporting is made to the Reserve Bank of India.

The Fraud Prevention and Management Function can be classified into:

1. Fraud Risk Management
2. Fraud Monitoring, and
3. Fraud Investigation Function

Where the former is a preventive measure while the latter two are the remedial measures. The Banks are bound to send Fraud Monitoring Returns (FMR) to RBI electronically of the individual cases of fraud that have been committed. For the frauds involving a monetary sum of Rs. 50 million or more a Flash Report (FR) is sent to the RBI and other law enforcement agencies.

To avoid bank frauds in the future, the RBI has made available a database by the name of Central Fraud Registry (CFR) that is a collection of all the Fraud Monitoring Returns filed by the Bank throughout the country, which in turn helps the Bank in identifying, controlling, reporting and mitigation of risk and proves to be a guide in dealing with incoming customers.

Central Vigilance Commission (CVC) Guidelines on reporting of Fraud Cases to Police or CBI
From time to time, the Central Vigilance Commission (an independent statutory authority formed by the CVC Act of 2003 with a vision to fight corruption) has issued guidelines in the form of circulars pertaining to the reporting criteria that finds its place even in the master guidelines issued by the RBI in the year 2016.

The following table sums up the reporting criteria:

Bank	Amount involved in the Fraud	To whom complaint should be made	Remarks
Foreign or Private Sector Banks	Rs. 10,000 or above	State Police	If committed by Staff
	Rs. 1,00,000 or above	State Police	If committed by Outsiders OR with the aid of Bank Staff
	Rs. 1 Crore or above	State Police + Serious Fraud Investigation Office (SFIO), Ministry of Corporate Affairs, Government of India	Report to SFIO in Fraud Monitoring Return (FMR) format.
Public Sector Banks	Rs. 10,000 or above but below Rs. 1,00,000/-	State Police	If committed by Bank Staff
	Rs. 1,00,000 or above but below Rs. 3 Crores	State CID or EOW (Economic Offences Wing) of the State concerned	To be lodged by the Regional Head of the Bank
	Rs. 3 Crores or above but upto Rs. 25 Crores	Central Bureau of Investigation (CBI)	Lodged with Anti- Corruption Bureau of CBI where there is prima facie staff involvement OR, Where there is no staff involvement then to be lodged with EOW wing of the CBI
	More than Rs. 25 Crores but upto Rs. 50 Crores	CBI	To be lodged with the Banking Security and Fraud Cell (BSFC) of CBI
	More than Rs. 50 Crores	CBI	To be lodged with Joint Director (Policy), CBI.

To be lodged with Joint Director (Policy), CBI.
All fraud cases of value below ₹ 10,000/- involving bank officials, should be referred to the Regional Head of the bank, who would scrutinize each case and direct the bank branch concerned on whether it should be reported to the local police station for further legal action.

Steps To Be Taken By The Fraud Victim

Vis-a-vis Bank:
The victim should after being notified through SMS or emails about the unauthorized transaction should immediately inform the Bank about the fraud and lodge a complaint with the Bank concerned and should opt for blocking the card or the bank account that has been targeted.
Secondly, the victim should collect the information from the Bank pertaining to the mode through which the unauthorized bank transaction has taken place.

Vis-a-vis Police:
Approach the nearest Police Station and lodge a complaint by narrating to them the entire incident that has taken place.

In addition to it, submit to the Police the following documents:

1. Bank statement of the last 6 months of the Bank account concerned (collect it from the bank)
2. A copy of the SMS received related to the alleged transaction
3. Any ID Proof along with the address proof that is in the Bank Records

OR

The victim can dial the helpline number 155260 or report the incident through www.cybercrime.gov.in on National Cybercrime Reporting Portal.

The following credentials need to be provided at the time when the victim choose to make a complaint through the helpline number:

1. Mobile Number
2. Name of Bank/Wallet/ Merchant from which amount has been debited
3. Account No./Wallet ID/ Merchant ID/ UPI ID from which amount has been debited
4. Transaction ID
5. Transaction date
6. Debit/Credit Card number if their credentials are used for committing fraud
7. Screenshot of SMS received from the Bank after the transaction or any other image reflecting fraud, if available
    

After which, the complainant will receive a system generated ID and password through which he has to complete the registration on the National Cybercrime Reporting Portal (www.cybercrime.gov.in) within 24 hours. (mandatory).
The concerned Police Officer will be deputed for this case and due legal course would be adopted by the Police

Bank Frauds Over The Years- Data Analysis

According to the RBI Annual Report 2020-21, there has been a decline in the number of fraud cases by 15% and 25% decline has been seen in the fraud value in the Public Sector Banks. On the other hand, the Private Sector Bank Fraud Cases as well as the Fraud Value has been on a continuous rise.

The report also enshrines the classification in the area of operations as well, where it has been found out that although there has been a slight decline in the number of fraud cases by 132 pertaining to Card or Internet Fraud as compared to 2019- 20 but the share of Card or Internet Fraud has been on a rise since 2018- 19 from 27.5% of all the frauds to 34.6% of all the frauds.

One of the key objectives of CVC and the RBI after the fraud has been committed is to reduce the time gap between the date of occurrence of fraud and the date of detection and according to the Annual Report 2020- 21 the average time lag has been found to be 23 months while in frauds involving amount greater than Rs. 100 Crore, the average lag was 57 months.

Landmark Judgments
In Derry v. Peak, it was observed that with either knowingly or possessing the reasons to believe that such statement is false and even then making it would amount to fraud.

In CBI v. Vikaram Anantrai Doshi and Others, the Supreme Court observed that Banking frauds cannot be clubbed with the personal or individual frauds as it impacts the whole society and larger population.

Similarly in a landmark judgment of State Trading Corporation of India v. M/S Millennium wires (P) Ltd and Others, the Delhi High Court was of the view that the verity that there is existence of fraud in itself is not sufficient, but what is important is that the notice of such fraud to the Bank must be proven.

Conclusion
This Article was an honest effort on the part of the Author to serve the readers with the preventive measures that a user of online mode of money transfer should take while being aware of the essential guidelines issued by the law enforcement agencies such as RBI, Cyber Cell, Central Vigilance Commission etc. in order to avoid any kind of unauthorized transactions from their account that may affect their living. In addition to it, the remedial measures for victims of bank fraud have been enumerated in brief so that this piece of paper may prove to be a guide in such unwanted circumstances.

This paper also explains some of the technical terms and topics pertaining to the online transactions including the vast domain of what internet banking is, the evolution of the Internet Banking in India along with the retail habits of the Indian Population as well as the data reflecting the bank frauds over the years so that this Article also covers the legal education for the research and academic purposes.

Written By: Aniket Rai, 5th Year, BA.LLB with spz. Energy Laws, UPES Dehradun
 (https://www.linkedin.com/in/aniket-rai-81826b14a/