(Updated as on March 31, 2019)
Q.1 What is purpose of prescribing a framework for “Limiting Liability of Customers for Unauthorised Electronic Payment Transactions in Prepaid Payment Instruments (PPIs) issued by Authorised Non-banks”?
Ans. The framework aims to limit the liability of customers against unauthorised electronic payment transactions in PPIs issued by non-bank issuers.
Q.2 What is the legal basis for issuing this framework and from which date is it applicable?
Ans. The directive is issued under Section 10(2) read with Section 18 of the Payment and Settlement Systems Act, 2007 (Act 51 of 2007), and has come into effect from March 01, 2019.
Q.3 Does the framework cover all the types of PPIs issued under the Master Direction on Issuance and Operations of PPIs (PPI-MD) dated October 11, 2017 updated upto February 25, 2019?
Ans. Except for the PPIs issued under the arrangement of PPI-MTS (PPIs for Mass Transit Systems) as per paragraph 10.2 of PPI-MD, the framework is applicable to all PPIs issued by authorised PPI issuers. Even in PPI-MTS category, the cases of contributory fraud / negligence / deficiency on the part of the PPI-MTS issuer are covered.
Q.4 What is meant by electronic payment transactions?
Ans. For the purpose of this circular / framework, electronic payment transactions can be –
i.) Remote / Online payment transactions (transactions that do not require the PPIs to be presented at the point of transaction e.g. wallets, card not present (CNP) transaction, etc.) or
ii.) Face-to-face / Proximity payment transactions (transactions which require the PPIs such as cards or mobile phones to be present at the point of transaction e.g. transactions at Point of Sale using card, QR code etc.).
Q.5 Is it mandatory for the customer to register for SMS alerts?
Ans. In order to get protection under this framework, it is mandatory to register for SMS alerts.
Q.6 Is the customer supposed to get an alert of transaction in his / her PPI account?
Ans. It is mandatory for the PPI issuers to send an SMS alert to the customer for any payment transaction in his / her account. In addition, an e-mail alert may also be sent, wherever registered. The transaction alert should have a contact number and / or e-mail id on which the customer can report unauthorised transactions or notify the objection.
Q.7 Where can the customer report an unauthorised transaction in his / her PPI account?
Ans. PPI issuers shall provide customers with 24×7 access via website / SMS / e-mail / dedicated toll-free helpline for reporting unauthorised transactions and / or loss or theft of the PPI. Further, a direct link for lodging of complaints, with specific option to report unauthorised electronic payment transactions shall be provided by PPI issuers on the mobile app / home page of their website / any other evolving acceptance mode.
Q.8 Is the customer protected against any unauthorised transaction after he / she has reported to the issuer about such transactions or loss of instrument?
Ans. On reporting of an unauthorised payment transaction or loss of instrument, PPI issuers shall take immediate action to prevent further unauthorised payment transactions in the PPI account of the customer. Any further transactions debit on such an instrument will be the liability of the issuer.
Q.9 Is the customer protected against a contributory fraud / negligence / deficiency on the part of the PPI issuer?
Ans. The liability of a customer in cases of contributory fraud / negligence / deficiency on the part of the PPI issuer is zero. PPI-MTS issuers are also covered for such acts / events.
Q.10 Does the customer need to report to the issuer in case there is a contributory fraud / negligence / deficiency on the part of the PPI issuer?
Ans. It is always advisable to report any unauthorised transaction in the account of the customer. However, an issuer cannot deny compensation against contributory fraud / negligence / deficiency on the part of the PPI issuer, on the ground that the customer has not reported any unauthorised transaction in his / her account.
Q.11 How will the liability of the customer be fixed in cases of third party breach where the deficiency lies neither with the PPI issuer nor with the customer but lies elsewhere in the system, and the customer notifies the PPI issuer regarding the unauthorised payment transaction?
Ans. The ‘per transaction customer liability’ in such cases will depend on the number of days lapsed between the receipt of transaction communication by the customer from the PPI issuer and the reporting of unauthorised transaction by the customer to the PPI issuer. If the issuer is reported within three days’ of receiving of communication, the customer liability will be zero. Similarly, for any such transaction reported between four and seven days of receiving of communication, the customer liability will be limited to a maximum of ₹10,000/-. Reporting beyond seven days’ time will be dealt in accordance with the Board approved policy of the PPI issuer.
Q.12 From when will be the number of days mentioned above shall be counted?
Ans. The number of days mentioned above shall be counted after excluding the date of receiving the communication from the PPI issuer.
Q.13 In cases where the loss is due to negligence by the customer, such as where he / she has shared the payment credentials, who will bear the loss and to what extent?
Ans. In cases where the loss is due to negligence by the customer, such as where he / she has shared the payment credentials, the customer will bear the entire loss until he / she reports the unauthorised transaction to the PPI issuer.
Q.14 Who will bear the loss on the unauthorised transactions carried after reporting of same to the issuer?
Ans. Any loss occurring after reporting of the unauthorised transaction shall be borne by the PPI issuer.
Q.15 After how many days will the eligible amount be credited to the customer’s account?
Ans. The PPI issuer shall credit (notional reversal of) the amount involved in the unauthorised electronic payment transaction to the customer’s PPI within 10 days from the date of such notification by the customer. Such reversal has to be effected even if it breaches the maximum permissible limit applicable to that type / category of PPI. The credit shall be value-dated to be as of the date of the unauthorised transaction.
Q.16 When can one use the notional credit so received?
Ans. The notional credit so received can be used on resolution of complaint and establishing the liability of the customer by the PPI issuer. However, in any circumstances, this period cannot exceed 90 days from the date of receipt of the complaint.
Q.17 Who will be responsible to prove that the transaction is not an unauthorised transaction?
Ans. The burden of proving the customer liability in case of unauthorised electronic payment transactions lies on the PPI issuer.
Q.18 Where can one find more information in this regard?
Ans. The circular is available on the RBI website at the path https://www.rbi.org.in/scripts/FS_Notification.aspx?Id=11446&fn=9&Mode=0.
Q.19 This is specific to non-bank PPI issuers, what about the customers of bank PPI issuers?
Ans. The customers of bank PPI issuers are already covered under similar framework prescribed by Reserve Bank of India for scheduled commercial banks and urban co-operative banks, vide, DBR.No.Leg.BC.78/09.07.005/2017-18 dated July 6, 2017 and DCBR.BPD.(PCB / RCB).Cir.No.06/12.05.001/2017-18 dated December 14, 2017 respectively.
These FAQs are issued by the Reserve Bank of India for information and general guidance purposes only. The Bank will not be held responsible for actions taken and / or decisions made on the basis of the same. For clarifications or interpretations, if any, one may be guided by the relevant circulars and notifications issued from time to time by the Bank.