The Nanded Merchant's Co-Op Bank

Call Our Support

7722092444

Nanded Bank

431604

Our Working Hours

Mon - Sat: 10 am - 5 pm

Customer protection policy

Customer protection policy

lS Poticy No 15
Version
3
Release Date
1-12-2021

1 Background :

Nanded Merchants Co-Op Bank Limited. (The Bank), since its inception has been committed to rendering excellent services to its customers. All the branches of the Bank are fully computerized having Core Banking Software (CBS) and apart from the traditional banking operations, customers are offered services through various digital delivery channels such as ATM, POS, The Bank has its own state of the art Data Center and has implemented adequate security controls and procedures to ensure security of electronic banking transactions. However, taking into account the probable risks arising out of unauthorized electronic transactions, the aspect of customer protection in such situations, if any, has been considered by the Bank’s Board of Directors ln this new policy

2 OBJECTIVES :

This policy seeks to communicate in a fair and transparent manner the Bank’s policy on:

  1. Customer protection (including mechanism of creating customer awareness on the risks and responsibilities involved in electronic banking transactions).
  2. Customer liability in cases of unauthorized electronic banking transactions.
  3. Customer compensation due to unauthorized electronic banking transactions (within defined timelines).
3 SCOPE :

The scope of the policy is given below:

  1. Giving assurance to customers regarding Bank’s secured systems and procedures for electronic ban king transactions.
  2. Bank’s efforts for Creation of customer awareness on the risks and responsibilities involved in electronic banking transactions.
  3. Defining the rights and obligations of the customers as well as the Bank for measuring the liability arising out of unauthorized electronic transactions.
  4. Customer liability in cases of unauthorized electronic banking transactions resulting in debits to customers’ accounts.
  5. Mechanism and timelines for compensating the customers for the losses due to unauthorized electronic banking transaction.

 

4 APPLICABILITY :

This policy is applicable to the electronic banking transactions which can be broadly divided into two categories:

  1. Remote/online payment transactions (transactions that do not require physical payment instruments to be presented at the point of transactions e.g. internet banking, mobile banking, card not present (CNP) transactions) and .
  2. Face-to-face/ proximity payment transaction (transactions which require the physical payment instrument such as card or mobile to be present at the point of transaction e.g. ATM, POS, etc.) .
  3. a)This policy is applicable to entities that hold relationship with the bank viz.:
    i) lndividual and non-individual customers who hold current or savings account.
    ii) lndividual / non-individual entities that hold Debit/ATM card.
    iii) lndividual / non-individual entities that use other electronic platforms of the Bank.
    b) This policy is not applicable to:
    i) Non-Customer that use Bank’s infrastructure e.g. ATlt4s, electronic wallet (if any)
    ii) Entities that are parl of the ecosystem such as interchange organizations, Franchises, lntermediaries, Agencies, Service partners, Vendors, Merchants etc.
5 DEFINITIONS & EXPLANATIONS :

a) Real loss is defined as financial outgo from customer’s account e.g. debit to customer’s’ account or card.

b) Card not present (CNP) transactions are defined as transactions that require use of Card information without card being physically used e.g. e-commerce transactions.

c) Card present (CP) transactions are defined as transactions that require use of physical card e.g. at ATM or shops (POS). 

d) Payment transactions are defined as transactions that involve transfer of funds from one account/ wallet to another electronically and do not require card information e.g. NEFT.

e) Unauthorized transaction is defined as debit to customer’s account without customer’s consent.

f) Consent includes authorization of a transaction debit either through standing instructions, as per accepted banking practice and regulation, based on account opening process and related matters or based on additional authentication required by the bank such as use of security passwords, input of dynamic password (OTP) or static VBV/ IVCSC, challenge questions or use of Card details (CVV/ Expiry date) or any other electronic authentication option provided by the Bank.

g) Date & time of reporting is defined as date & time on which customer has submitted a unique complaint. Date of receiving communication from the Bank, is excluded for purpose of computing number of working days for all action specified in this policy. The working schedule of the home branch would be considered for calculating working days for customer reporting. Time of reporting will be as per lndian Standard Time.

h) Notification means an act of the customer reporting unauthorized electronic banking transaction to the bank.

  i) Number of days will be computed based on working days

j) Mode of reporting will be the channel through which customer complaint is received first time by the Bank, independent of multiple reporting of the same unauthorized transaction.

 

6 POINTS COVERED UNDER THE POILICY :
6.1 Bank's measures to ensure safety and security of electronic banking transactions

For ensuring safety and security of electronic banking transactions carried out by the customers, the Bank has implemented various safeguards and procedures through documented lT Security policies and procedures duly approved by the Bank’s Board of directors.  Some of the security measures in respect of electronic banking transactions are given below

  • Bank has implemented System to analyses/monitor daily transactions to identify suspicious transactions.
  • Monitoring of transactions and monitoring of network is regularly carried out to check authenticity of source of transaction.
  • SMS alerts are sent to customers for every electronic banking transaction carried out by them.
  • The Risk Assessment and analysis in respect of security of IT systems is carried out every six months and also whenever the situation demands. Changes are made to Bank’s policies accordingly and approved by Bank’s Board of Directors.
6.2 Bank's efforts for creating customer awareness on the risks and responsibilities involved in electronic banking transactions:
  • The customers, who wish to carry out electronic banking transactions, are mandatorily asked by the Bank to register their mobile number for receiving SMS alerts.
  • The Bank will regularly {yeartv) conduct awareness programme on carrying out safe electronic banking transactions to its customers and staff. The Bank repealedly , advises its customers about the risks and responsibilities involved in electronic banking transactions by various means such as
  1.  Frequent SMS alerts sent to customer regarding importance of maintaining confidentially of data such as card no, pin, cvv, user id and Password.
  2. Mentoring of individual customers who require help at branch level.
  3.  Training programs for the customers.
  4. Notifications on web-site.
  5. customer education through user manuals prescribed by Npcl.
6.3 customer liability in cases of unauthorized etectronic banking transactions:

ln spite of all the efforts, described in above paragraph, if Jny unauthorized electronic transaction takes place in the customer’s account, the customer should inform the Bank at the earliest by any of the following means –

  • By calling bank’s 24 lT available toll-free helpline no.
  • By calling mobile nos.
  • By calling Landline no.
  • By personally reporting to home branch during working hours of the Branch.

On receipt of report of an unauthorized transaction, the Bank will take immediate steps to prevent further unauthorized transactions in the account.

6.4 Customer liability in cases of unauthorized electronic banking transactions resulting in debits to customers' accounts.:

lf, unfortunately, an unauthorized transaction results in debit to his/her account, the liability of the customer shall be measured as per the table given below –

A) Zero liability of the customer:

Customer will have no liability when the unauthorized transaction takes place in the following scenarios.

  1. Contributory fraud/negligence/deficiency on the part of bank.
  2. Third party breach where the deficiency lies neither with the bank nor with the customer but lies elsewhere tn the system, and the
    customernotifiesthe bank within three working days of receiving the communication from the bank regarding the unauthorized transaction.
  3. The number of working days shall be counted as per the working schedule of the home branch of the customer excluding the date
    of receiving the communication.

B) Limited liability of the customer:

A customer shall be liable for the loss occurring due to unauthorized transactions in the following cases:

  1.  ln cases where the loss is due to negligence by a customer, such as where he has shared the payment credentials details namely
    viz, internet banking user id /PlN, Debit Card PIN/OTP or due to improper protection on customer devices like mobile/
    laptops/desktops leading to malware/Trojan or phishing/vishing attacks, the customer will bear the entire loss until he/she reports
    the unauthorized transaction to the bank. Any loss occurring after the reporting of the unauthorized transaction shall be borne by the
    bank.
  2. In cases where the responsibility unauthorized electronics banking transaction lies neither with the bank nor with the customer, but lies elsewhere in the system and the customer notifies the bank of such a transaction and when there is a delay beyond three working days in reporting by the customer,i.e if a customer notifies the Bank after three working days but before expiry of 7 working days of receiving a communications of the transaction, the per transaction liability of the customer shall be limited to the transaction value or the amount as shown below in table, whichever is lower.
Type of Account Maximum liability (Rs.)
Basic Savings Bank Deposit Account
5,000
All other Savings Bank accounts
10,000
Current / Cash Credit / Overdraft accounts of individuals with average balance (during 365 days preceding the incidence of fraud)/ limit upto Rs. 25 lakh
10,000
All other Current / Cash Credit / Overdraft Accounts
25,000

C)  Limited liability of the customer:

  1. Customer shall bear the entire loss in cases where the loss is due to negligence by the customer, e.g. where the customer has shared payment credentials or AccounUTransaction details, viz. lnternet Banking user ld & PlN, Debit/Credit Card PIN/OTP or due to improper protection on customer devices like mobile / laptop/ desktop leading to malware / Trojan or Phishing / Vishing attack. This could also be due to SIM deactivation by the fraudster.Under such situations, the customer will bear the entire loss until the customer reports unauthorized transaction to the bank. Any loss occurring after reporting of unauthorized transaction shall be borne by the bank.
  2. In cases where the responsibility for unauthorized electronic banking transaction lies neither with the Bank nor with the customer, but lies elsewhere in the system and when there is a delay on the part of the customer in reporting to the Bank beyond 7 working days, the customer would be completely liable for all such transactions.

D)  Additional  Points:

  1. Customer would not be entitled to compensation of loss if any, in case customer does not agree to get the card hot listed or does not cooperate with the Bank by providing necessary documents including but not limited to police complaint and cardholder dispute form.
  2. Compensation would be limited to real loss after deduction of reversals or recoveries received by the customer.

E)The number of working days mentioned in above paragraphs shall be counted as per the working schedule of the home branch of the customer
     excluding the date of receiving the communication.

6.5 Reversal timeline for zero liability and limited liability of customers:
  1. On being notified by the customer, the Bank shall credit (shadow reversal)the amount involved in the unauthorized electronic transaction to the customer’s account within 10 working days from the date of such notification by the customer The credit shall be value dated to be as of the date of unauthorized transaction. However, the customer will not be able to withdraw it unless the complaint is fully resolved.
  2. The Bank shall ensure that –
    (i) A complaint is resolved and liability of the customer if any, established within 90 days from the date of receipt of the complaint and the customer is compensated as per provisions of paragraphs no.
    (ii) Where the Bank is unable to resolve the complaint or determine the customer liability, if any, within 90 days, the compensation as prescribed in clause 6.4 is paid to the customer; and
    (iii) ln case of debit card I bank account, the customer does not suffer loss of interest, and in case of credit card, the customer does not bear any additional burden of interest.
6.6 THIRD PARTY BREACH:

The following would be considered as Third-party breach where deficiency lies neither with the Bank nor customer but elsewhere in the system:
a) Application frauds
b)Account takeover
c)Skimming/cloning
d) External frauds / compromise of other systems, for e.g. ATMs / mail servers etc. being compromised

6.7 RIGHTS & OBLIGATIONS OF THE CUSTOMER:

A) Customer is entitled to:
i) SMS alerts on valid registered mobile number for all financial electronic debit transactions;
ii) Email alerts where valid email ld is registered for alerts with the Bank;
iii) Register complaint through the modes specified in this document;
iv) lntimation at valid registered email/ mobile number with complaint number and date & time of complaint
v) Receive compensation in line with this policy document where applicable. This would include getting shadow credit within 10 working days from reporting date and final credit within 90 days of reporting date subject to customer fulfilling obligations detailed here in and with customer liability being limited as specified in clause 6.4.

B) Customer is bound by following obligations with respect to banking activities
i) Customer shall mandatorily register valid mobile number with the Bank.
ii) Customer shall regularly update his /her registered contact details as soon as such details are changed. Bank will only reach out to customer at the last known email/ mobile number. Any failure of customer to update the Bank with changes shall be considered as customer negligence. Any unauthorized transaction arising out of this delay shall be treated as customer liability.
iii) Customer should provide all necessary documentation – customer dispute form, proof of transaction success/ failure and should also file a police complaint and provide copy of the same to the Bank.
iv) Customer should co-operate with the Bank’s investigating team and provide all assistance.
v) Customer must not share sensitive information (such as DebiUCredit Card details & PlN, CW, Net-Banking ld & password, OTP, transaction PlN, challenge questions) with any entity, including bank staff.
vi) Customer must protect his/her device as per best practices specified on the Bank’s website, including but not limited to updating of latest antivirus software on the device (Device includes smart phone, feature phone, laptop, desktop and Tab)
vii) Customer shall abide by the tips and safeguards mentioned on the Bank’s website on Secured Banking available at https://www. ind rayanibank. in
viii) Customer shall go through various instructions and awareness communication sent by the bank on secured banking
ix) Customer must set transaction limits to ensure minimized exposure.
x) Customer must verify transaction details from time to time in his/her bank statement and/or credit card statement and raise query with the bank as soon as possible in case of any mismatch.

6.8 Proof of customer liability:

The Bank has a process of second factor authentication for electronic transactions, as regulated by the Reserve Bank of lndia. Bank has onus to prove that all logs / proofs /reports for confirming two factor authentications is available. Any unauthorized electronic banking transaction which
has been processed post second factor authentication known only to the customer would be considered as sufficient proof of customer’s involvement / consent in effecting the transaction.

6.9 FORCE MAJEURE:

The bank shall not be liable to compensate customers for delayed credit if some unforeseen event (including but not limited to civil commotion, sabotage, lockout, strike or other labour disturbances, accident, fires, natural disasters or other “Acts of God”, war, damage to the bank’s facilities or of its correspondent bank(s), absence of the usual means of communication or all types of transportation, etc. beyond the control of the bank prevents it from performing its obligations within the specified service delivery parameters.

6.10 COMPLIANCE:

The report of unauthorized electronic banking transactions and actions taken there on shall be placed before every board meeting. AII such transactions will be reviewed by Bank’s internal Auditors. The Board of Directors has powers to make changes in the Policy from time to  time.