Customer Liability Policy

Customer Liability Policy

The Board of Directors of OBOPAY has directed the Management to draw up a Policy for determining Customer Liability in unauthorized electronic payment transactions in PPIs issued by OBOPAY.  Following this directive from the Board, OBOPAY has formulated Policy that complies with RBI Circular dated 04 January, 2019. The Policy is as follows:

Unauthorized electronic payment transactions have the potential to pose a risk to both customers and OBOPAY.  On its part OBOPAY has put in place its own set of safety measures, whether as a result of internal assessment of such risk or in compliance of regulatory or even to reassure partner-entities.  However, when transactions happen as per laid down procedures and authenticated as prescribed and are isolated instances that do not leave a pattern, only further damage can be avoided.  Even such future damage can be checked only if the customer/s report unauthorized transactions and report immediately on realizing that transactions not authorized by them have taken place.

Since the damage-control is wholly customer-dependent, a two-pronged approach will be necessary:

1. The first will be to educate the customer of consequences of disclosing sensitive information whether for reasons of voluntarily parting with such information believing the misrepresentation of fraudsters or for the reason of losing either the PPI or misplacing authenticating details making it easy for others to access them
   1. This part of action is covered by putting out do’s and don’ts on our Website, in the APP, in and through email
   2. Customers to mandatorily register for SMS/App alerts and wherever available register for e-mail alerts, for electronic banking transactions. OBOPAY will send App/SMS alerts to the customers, while email alerts may be sent, wherever registered
   3. The customers must notify OBOPAY of any unauthorised electronic banking transaction at the earliest after the occurrence of such transaction. Customers are cautioned that the longer the time taken to notify OBOPAY, the higher will be the risk of loss to customer. To facilitate this, OBOPAY will provide customers with 24×7 access through multiple channels viz., via website, App, e-mail, etc. for reporting unauthorised transactions that have taken place and/ or loss or theft of payment instrument such as card, etc. OBOPAY will also enable customers to instantly respond by “Reply” to the App and e-mail alerts
   4. Further, a direct link for lodging the complaints, with specific option to report unauthorised electronic transactions will be provided by OBOPAY on home page of our website
   5. On noticing an unauthorised transaction the customer should first change their MPIN and immediately inform OBOPAY. Based on Customer consent OBOPAY will b/lock the account to ensure that further unauthorised transactions are avoided.
2. The second will be to put in place systems that block further unauthorised transactions once customer reports an instance. This will help limit the loss to the customer
   1. This is achieved by ensuring robustness of our Platform, ISO 27001 certification related audits and Security Audit
   2. The loss/ fraud reporting system will also ensure that an immediate auto response is sent to the customers acknowledging the complaint along with the registered complaint number
   3. The communication systems used by OBOPAY to send alerts and receive their responses, records the time and date of delivery of the message and receipt of customer’s response, if any.

OBOPAY will not offer facility of electronic transactions to customers who do not provide mobile numbers to OBOPAY.

Limited Liability of a Customer

1. A customer’s entitlement to zero liability shall arise where the unauthorised transaction occurs in the following events:
   1. Contributory fraud/ negligence/ deficiency on the part of OBOPAY (irrespective of whether or not the transaction is reported by the customer)
2. Third party breach where the deficiency lies neither with OBOPAY nor with the customer but lies elsewhere in the system, and the customer notifies OBOPAY regarding the unauthorised transaction:
   1. If reported within 3 days, customer’s liability is: Zero
   2. If reported within 4-7 days, customer’s liability is: Transaction value or Rs.10,000 per transaction whichever is lower
   3. If reported beyond 7 days customer’s liability is: To the fullest extent

OBOPAY shall, upon receiving Customer’s intimation of unauthorised transaction within the period specified as at 2.a & 2.b above ie., within 3 days/4-7 days, shall effect a notional reversal of the amount involved in the unauthorised electronic payment transaction by giving credit to the Customer’s Wallet within 10 days from the date of such Customer’s intimation and value date it to match the date of the unauthorised transaction.

Liability of a Customer

1. A customer shall be liable for the loss occurring due to unauthorised transactions in the following cases:
   1. In cases where the loss is due to negligence by a customer, such as where he has shared the payment credentials, the customer will bear the entire loss until he reports the unauthorised transaction to OBOPAY
   2. Any loss occurring after the reporting of the unauthorised transaction shall be borne by OBOPAY
2. Further, OBOPAY may, at its sole discretion, shall not admit customer’s claim of the said benefit entirely or shall increase the amount of customer’s liability in this regard:
   1. If OBOPAY, in its sole opinion, determines, based on available evidence (provided by the customer or otherwise obtained) that the customer has shown any delay in reporting or was negligent or fraudulent in the handling of the card (including protecting the card or the PIN or reporting the loss or unauthorised transactions)
   2. If OBOPAY, in its sole opinion, decides that further investigation is necessary including those for the unauthorised transactions and/or merchant types
   3. If the prior card handling history of the customer is unsatisfactory

OBOPAY will submit to its Board every time it meets, a list of customer liability cases with details such as number of cases, types of cases and total amount involved in the unauthorized electronic payment transactions and whether timelines comply with regulatory requirements as stipulated in RBI Circular dated 04 January 2019 etc.

The Board will be requested to also review customer grievance redressal mechanism and to direct OBOPAY appropriately to improve systems and procedures, wherever necessary.

OBOPAY will provide these policy details in regard to customers’ liability formulated in pursuance of regulatory requirements to individual customers at the time of opening the accounts; it will be available on the website and will be accessible through a link in the OBOPAY APP.

The Company Secretary will alert the date of next Board Meeting to the Customer Engagement Team (CET) through an email with a copy to the Compliance Officer.  CET will then prepare a note regarding the number and value of the Customer Liability cases along with category-wise cumulative figures of value and volume of the Customer Liability cases and email to the Company Secretary who shall place it on the agenda of the Board. Board when it meets, will deliberate and its review comments will be captured in the Minutes and once signed, will be communicated to CET and the Compliance Officer.

Further, OBOPAY will ensure that:

• A complaint is resolved and liability of the customer, if any, established within 90 days. If, for any reason, the complaint remains unresolved within 90 days, then OBOPAY will pay the customer on the lines laid out in the foregoing regardless of whether the negligence is on the part of the customer or otherwise.