Clari5

Customer Liability in The Age of Digital Banking

Who is liable for money lost when fraud occurs in a customer’s bank account or card through illegal access/use of ATM or any of the Digital Channels (Internet Banking, Mobile Banking, Payments, E-wallets, etc.)?

The answer depends on the country where the account is being operated.

While the customer is responsible for the safe keeping of his/her ATM Card, Pin, Internet Banking and Mobile Banking credentials, different countries have different regulations on ‘limited liability’ of the customer.

When a customer discovers and reports fraud in her account through the use of ATM, Internet Banking or Mobile Banking, she is not liable for the full funds lost.

In the US, the Federal “Regulation E” Consumer Protection Act ensures that customer’s liability is capped at $50 if she contacts the financial institution within 2 days of discovering loss, theft or theft of the access device. The bank is liable for the rest of the money lost.

Many banks take account protection a step further with their banking guarantee and even waive the $50 liability given the fiercely competitive market.

As a result, banks take the entire responsibility for the loss. The UK too has similar consumer protection clauses for electronic banking transactions.

India’s central banking institution, the Reserve Bank of India (RBI) has been working on beefing up customer protection aspects of banking supervision for the past few years.

RBI’s recent communication to Indian banks on limited customer liability is laudable for its bold steps towards better customer service and protection in the Indian banking ecosystem.

It mandates banks to adopt better systems and processes to ensure safety and security of electronic transactions including the robust fraud detection and prevention mechanisms.

Some of the highlights in the communication:

Mandatory By Banks For All Digital Transactions

  • Registration of customers for text alerts and email wherever available, for electronic transactions.
  • Text alerts to customers for all electronic transactions and email alerts to customer registered email.
  • Ability for customer to report unauthorised transactions 24X7 through multiple channels (including website, phone banking, SMS, email, IVR, toll-free helpline, home branch).
  • Enable customers to instantly respond by Reply to text alert for unauthorised transactions.

Zero Liability of Customer

The customer has zero liability for the loss where unauthorised transaction occurs in case of:

  • Contributory fraud/negligence/deficiency on part of bank irrespective of whether the transaction is reported by the customer.
  • Third party breach, where the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system and the customer notifies the bank within 3 working days of receiving the communication from the bank regarding the transaction.

Limited Liability of Customer

The customer has limited liability for the lost funds due to unauthorised transactions in the following cases:

  • Where loss is due to negligence of the customer, such as sharing payment credentials, the customer will bear the entire loss until customer reports the unauthroised transaction to the bank. Any loss occuring after customer reports unauthorised transaction should be borne by the bank.
  • Where the responsibility for the unauthorised electronic banking transaction lies neither with the bank nor with the customer, but lies elsewhere in the system and when there is a delay (of 4 to 7 working days after receiving the communication from the bank) on the part of the customer in notifying the bank of such a transaction, the per transaction liability of the customer shall be limited to the range of INR 5000 to INR 25,000 based on the type of the accounts and the average balance/credit limit.
  • Where the delay in reporting is beyond 7 working days, the customer liability shall be determined as per the bank’s Board approved policy.

Customer Liability – Summary

Time Taken To Report Fraudulent Transaction From Date Of Receiving The Communication Customer’s Liability (in INR)

Within 3 working days

Zero liability

Within 4 to 7 working days

The transaction value or the amount mentioned in Table 1, whichever is lower

Beyond 7 working days

As per the bank’s Board approved policy

Moreover, the bank should credit the amount involved in unauthorised transactions to the customer’s account within 10 working days from the date of reporting by the customer.

These measures will certainly take digital adoption to the next level for the Indian banking sector and the overall economy.

While banks must invest in the enabling technology and processes, the benefits of increased customer confidence in digital adoption far outweigh the enablement costs.

Are banks using customers’ ‘Situational Intelligence’ for effective real-time fraud protection?


How can you make your bank’s customers control transactions on their accounts and use it as an effective fraud protection mechanism? Customer communication and preferences can be vital in detecting fraud early and costs far less.

Consider the following scenarios:

  • A customer is going on vacation to Switzerland for 2 weeks and he wants all the card transactions (debit card and credit card) originating from home country to be blocked for the next two weeks.
  • Customer wants all fund transfer (Third Party transfer) transactions originating from his internet banking account at any location in home country to be blocked for next 2 months as he is travelling to US for business.
  • Customer runs a domestic business and doesn’t travel abroad. The customer wants to disable any transaction originating abroad.
  • Customer wants all payee addition transactions to be blocked in his account till he turns this feature on (aka Facebook privacy settings).
  • Customer wants to be alerted of any attempt of transaction of more than a set limit with the option to respond with a decision to decline or authorize the transaction (aka. reverse positive payee used for cheque transactions in the commercial banking world).
  • Customer holds multiple credit cards and uses a specific credit card for all his ‘Card Not Present’ transactions (online payments). Customer wants all the CNP transactions to be blocked on all his other debit/credit cards.
  • Customer wants to block or fix specific limits for purchase of electronic or jewelry items on his debit/credit card.
  • Customer wants to limit the use of his debit card/credit card to any particular state/states within the country.

In all these scenarios, the bank customers provide the vital situational intelligence which can be built into the banks’ processes for effective fraud protection.  In turn, customers also benefit with the convenience of banking on their own terms and securing their accounts.

If you think this is too futuristic, you may be wrong. Reserve Bank of India’s expert committee on customer service in banking has published recommendations to this effect (Report of the committee on customer service in banks). We might see these recommendations getting implemented by Indian banks very soon.

Bank’s core system i.e. core banking, internet banking and credit card processing systems, however modern they may be, are ill-suited to handle this kind of agility. Current generation systems can at the best match a transaction to a bank maintained blacklist and stop a transaction when an entity match occurs.

Banks need to handle this using agile fraud management system which can take this situation intelligence into consideration as part of its decision making strategy for fraud protection. What banks need is a dynamic fraud management system that can digest the relevant information about the debit blocks/limit preferences customer has opted for the given time period and the same system is used for real-time fraud protection.

A real-time fraud protection system monitors every transaction and decides whether to allow, decline or challenge based on the fraud risk system inherently derives or based on the customer provided situational intelligence. This is an example of a technology that can truly achieve the dual objectives of enhanced customer experience and improved fraud control.

How do you see your institution using customer context based intelligence for better fraud prevention?

A ‘Yin and Yang’ Approach to Growing Topline and Bottom-line

How To Monetize your Anti-Fraud Solution to Make Money for you

Yin and Yang blogsIn Chinese philosophy,   yin and yang (also yin-yang or yin yang, ‘dark-bright’) explains how seemingly opposite or contrary forces may actually be complementary, interconnected, and interdependent in the natural world.

This intriguing idea actually applies perfectly in the context of banking, if we were to see the yin as saving money (from losses) and the yang as making money (from sales).

The fundamental principle is that the very same investment in data analytics and real-time decisioning for detecting/preventing fraud can be monetized for earning more revenues.

Imagine an intelligent system that understands customers’ behavioral patterns to detect and prevent fraud is also creating precise personas for marketing teams to target.

This is because the same extreme real-time, context-aware logic/approach used to combat cross-channel fraud can also help enable intelligent, hyper-precise targeted and contextual customer engagements.

At the heart of the hypothesis lies the fact that banks have the ‘soul’ of the customer.

Customer flowBanking is the only industry where the entire life of the customer flows through it. A bank knows how much its customers earn, where they live, where they travel to, how much they spend, who’s part of the family, whether they own their home, even how much fuel they put in the car.

No other industry (not even telco or retail) has this very special privilege of having a 360 degree view of a customer’s life. Only banks have the advantage and ability to actually convert this ‘resident intel’ to their benefit.

A real-time, enterprise-wide, cross-channel fraud management solution requires that every banking transaction is available in memory in real-time.

But since only a relatively small percentage of transactions are fraudulent and since the data is available in the system memory, the bank can run positive scenarios in real-time after having assigned fraud risk to certain transactions during the negative-scenario test-run.

Absolute real-timeThe solution can use the same data captured per transaction and analyze the spending and behavior patterns to throw up potential cross-sell and up-sell scenarios in absolute real-time.

Precise data analytics on behavior patterns helps create intelligent and efficiently targeted customer interactions and campaigns to grow the topline.

So while the solution helps the bank’s larger enterprise fraud management initiatives with …

  • A unified case management system for fraud/AML investigation with 360-degree view of behavior across products and channels in one single place.
  • Extreme real-time, context-aware, cross-channel fraud detection and prevention.
  • Monitoring financial and non-financial transactions of customers, accounts, users and employees across branch and channel transactions in real-time to detect suspicious fraud and respond with the right decision in real-time and generate alerts for investigation.
  • Monitoring Salary Accounts’ to identify increase in Salary Credits or non-usage of Salary Accounts.

… it can also be used for –

  • Tracking customers’ POS/E-com channels transactions for generating extreme real-time, as-of-the-moment cross-sell and up-sell alerts.
  • Identifying customers who usually travel internationally and offering them custom products in real-time.
  • Creating customer delight in branch and digital transactions.

So altogether the bank benefits from a –

  • Smart, intelligent, extreme real-time solution that manages fraud detection/prevention as well as enables customer revenue maximization.
  • Non-invasive, bolt-on solution that integrates seamlessly with source systems and reduces TCO.
  • Lowered cost of compliance of fraud and AML regulatory requirements.
  • Single, unified platform that helps protects the bottom-line and grows topline.

Unified Fraud ManagementWhile there may not be many solutions that have the ability to see topline and bottom-line as 2 sides of the same coin, CustomerXPs’ Clari5 seems to one. Its unified fraud management platform leverages the same context-aware, real-time decisioning to enable real-time customer cross/upsell.

Clari5 handles exceptionally large data volumes across multiple channels and source systems in real-time, and processes transactional as well as non-transactional events in real-time and applies over 150 rules to generate alerts in real-time that can be leveraged for both fraud management as well as revenue enhancement.

Banks get to use the same real-time insights that helps combat fraud to also generate profits because the approach that uses the same fundamental logic to protect/save money (curb fraud losses) is also being used to make money (upsell / cross sell).

If banks can view their topline and bottom-line as the yin and yang of their operations, then a single solution that helps achieve both can very well be the proverbial one stone designed to kill two birds.

Online Banking- A blessing or a threat in disguise?

Online Banking- A blessing or a threat in disguise?:

E-banking, or online banking as we call it, has become an accepted norm of financial transactions for millions around the world. The pervasiveness of internet has contributed to this channel of banking gaining prominence not only in developed countries but also in the developing ones.  The modern banking customer who is short on time does not hesitate to log on to her online banking account and make payments online or transfer money, much to her relief.  Aren’t we lucky enough to experience such luxury at the hands of technology?

Well, pause for a second. The growing menace of fraud has posed a big threat to the safety of these banking transactions. Identity theft, phishing & smishing (phishing through mobile phones) are the most common fraud practices threatening the online banking space. According to a report published by Kaspersky in 2013, online fraud is costing the global economy many times more than initial estimates of USD 100bn a year, with bank fraud contributing the maximum. Also with the emergence of various social media channels, fraudsters have upped their ante. As per a research by Microsoft, phishing via social networks was used in 84% of the total attacks carried out in 2011. Such attacks not only expose gaps in the online banking ecosystem but also pose a grave challenge for banks- in how to establish a counter-attack mechanism.

Banks must incorporate a strong combat mechanism- that cannot be achieved by simply following an outside-in defense approach that is reactive in nature. What banks need is an inside-out approach to fraud prevention using customer behavioral intelligence. Customer behavioral intelligence not only makes use of financial transaction patterns but also non-financial transaction patterns, user login patterns and device usage patterns to come out with fraud-risk advice.  This includes using 2-factor authentication to restrict the fraudster from making unauthorized access into the customer’s online banking account, as mandated by Reserve Bank of India, recently.  This fraud-risk advice being available in real-time empowers the banking system to allow, decline or challenge suspicious transactions thereby preventing the internet banking fraud from actually taking place.

Thus, implementing strong online fraud prevention technology is essential not only for making internet banking transactions fraud-proof for customers but also enjoyable. A good fraud prevention solution can not only benefit the bank in terms of improved customer loyalty but also help the bank improve its bottom-line.