Legal remedies in case of fraudulent credit card transactions
Niranjana T G, Associate, Dispute Prevention & Resolution Practice
As the popular saying by Eckhart Tolle goes, ‘Awareness is the greatest agent of change’, it is vital in today’s technology-driven world to know about various kinds of cybercrimes that we could possibly be exposed to and the legal remedies available for the same. In this article, the author intends to discuss about one particular kind of cybercrime – credit card fraud and the legal solutions.
Fraudulent credit card transactions may happen due to multiple reasons notably due to hacking, phishing or the card being stolen. In such cases, a third party fraud gains access to the personal security information such as passwords of the credit card holder and initiates the transactions without authorization from the cardholder.
The first thing to do when a person suspects a fraudulent transaction being effected from their account is to immediately intimate the bank authorities about it and give explicit instructions to ‘stop the payment’ in respect of any transaction that has been initiated 24 hours before or after such complaint. This is crucial. In order to ascertain the extent of liability of credit cardholders to repay the money lost, the Reserve Bank of India (RBI)’s major determinant is how soon the cardholder notified the Bank of such transaction.
According to RBI guidelines on Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions, the credit card holder shall have ‘Zero liability’ in case of a fraudulent credit card transaction that occurred neither due to the deficiency of the cardholder nor that of the Bank. This is subject to a condition that the cardholder reports the transaction within 3 working days of receiving a communication from the Bank regarding the unauthorized transaction. On the other hand, if the cardholder reports within 4-7 working days in case of aforesaid transactions, the per transaction liability of cardholder has been limited by the RBI to either the transaction value or to the cap fixed in ‘Table-I’ of the said notification, whichever is lower. If the cardholder notifies the fraud after 7 days of receipt of communication from the Bank, the liability is fixed as per the concerned Bank’s norms and internal policies.
Interestingly, even if the cardholders cause the loss by their negligence such as by sharing the passwords and other payment credentials, they shall not have any liability for losses that occur after reporting the transaction to the Bank. It is thus absolutely essential to notify the Bank about fraudulent transactions at the earliest.
RBI uses the words ‘upon receipt of communication from the Bank regarding the unauthorized transaction’. The reason for usage of such words instead of ‘communication from the Bank about money having been debited’ could probably be to include within its purview, any sort of communication that puts the cardholder to knowledge of such transaction occurred or likely to occur. For example, if a cardholder receives an OTP for a transaction that was not initiated by him or her but receives no message regarding debit of money, the cardholder is expected to immediately notify the Bank of possibility of a fraudulent transaction.
To make the above provision effective, the RBI, vide the aforesaid guidelines, urges the banks to ensure that their customers register for SMS alerts and wherever possible, register for e-mail alerts, in respect of electronic banking transactions. The aforesaid RBI guidelines mandate that the amount involved in the unauthorised electronic transactions be credited to the cardholder’s account within 10 working days from the date of reporting without waiting for settlement of insurance claim, if any.
The legal remedies available to cardholders in case of unauthorized transactions are:
- filing a complaint in a consumer court against deficiency of services under the Consumer Protection Act, 2019,
- filing a complaint with the Banking Ombudsman for non-adherence of the instructions of RBI credit card operations under Banking Ombudsman Scheme, 2006
- filing a criminal complaint with the Police.
During the time spent in litigating the aforesaid disputes, two consequential issues are faced by the cardholders – (i) interest accumulation for non-payment of outstanding dues; (ii) receiving low credit score in view of such dues. The legal provisions to safeguard a cardholder from the aforesaid consequential issues are discussed below.
(i) Regarding interest accumulation: According to RBI Mandate on Master Direction – Credit Card and Debit Card – Issuance and Conduct Directions, 2022, the Bank shall not levy any charges on transactions disputed by the cardholder as ‘fraud’ until such dispute is resolved.
(ii).Regarding receipt of low credit score: According to the Credit Information Companies Rules, 2006, while supplying credit information, the banks are obligated to inform the Credit information companies about the pendency of disputes before any court of law or other legal forum in respect of such transaction. If the information was supplied prior to the knowledge of the dispute being raised by the cardholder, the Banks are obligated to inform the credit information company to include a remark about pendency of the dispute against such information published. Recently, the RBI in its Notification dated April 21, 2022 has mandated that the disclosure/release of information about default in respect of disputed transactions shall be made only after the dispute is settled.
In case the Banks do not adhere to any of the aforesaid Rules and Regulations, the cardholders can avail any of the legal remedies stated hereinabove.
 The fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.[source:oxford]
 RBI guidelines on Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions dated July 6, 2017 published vide circular no. DBR.No.Leg.BC.78/09.07.005/2017-18,
 Master Direction – Credit Card and Debit Card – Issuance and Conduct Directions, 2022 dated April 21, 2022 issued vide circular RBI/2022-23/92 DoR.AUT.REC.No.27/24.01.041/2022-23