This would easily qualify as one of the worst moments of your life. That ping which says: your account debited with Rs30,000, and your current balance is now Rs2,467.20. Your blood chills and hands shake as you realise that you’ve been robbed—this is not a transaction you just made. Did I schedule a payment and forget about it? Did my spouse, who has my personal identification number (PIN), make a transaction? But I did not get a one-time password (OTP). You feel exactly the same way as you would, had somebody physically snatched your purse out of your hands. Robbery leaves the same feeling of disbelief and damage, whether it is virtual or not—the loss is very real.
While the loss you take home when cash is ripped out of your hand is yours, the responsibility is that of the bank when it happens in the virtual world. The banking regulator, Reserve Bank of India (RBI), has taken forward the draft it had released in August 2016 that thought through liability issues of electronic theft of money. The bank will now have to make good your entire loss if it happens through an unauthorized transaction or if the electronic theft happens due to a fault within the bank’s systems. You don’t even need to report this. For instance, when the data of nearly 3.2 million debit cards was compromised between May and July 2016, it was due to a virus in the systems of Hitachi Payment Services, the firm that manages the bank’s ATM network. In an event such as this, you do not have to report the loss of money, the bank will have to make good on it because its system failure caused the loss and many people are affected.