Zero Liability Policy
Definition
Zero Liability Policy — Meaning, Definition & Full Explanation
A zero liability policy is a consumer protection guarantee under which a credit cardholder is not held responsible for unauthorised or fraudulent transactions made on their card. Once the cardholder reports the fraud to the issuing bank, they are protected from financial liability for those charges, regardless of how the fraud occurred—whether through theft, phishing, data breach, or card cloning. This protection is now standard across all major Indian banks and card networks.
What is Zero Liability Policy?
A zero liability policy is a contractual safeguard embedded in credit card terms and conditions that shields cardholders from losses caused by unauthorised transactions. When a fraudster uses your card details—whether the physical card is stolen, compromised online, or details are phished—the cardholder bears zero financial burden once they notify the bank of the fraud. The bank and the card network (Visa, Mastercard, RuPay) absorb the loss.
The policy distinguishes between two scenarios: transactions made without the cardholder's knowledge or consent (true fraud), and transactions made due to cardholder negligence (e.g., sharing the PIN with someone). Most banks cover the former fully under zero liability; the latter may have limited or no coverage depending on the bank's specific policy.
Free • Daily Updates
Get 1 Banking Term Every Day on Telegram
Daily vocab cards, RBI policy updates & JAIIB/CAIIB exam tips — trusted by bankers and exam aspirants across India.
Zero liability policies exist because credit cards are high-value targets for cybercriminals. As card details are stored in merchants' databases, payment gateways, and online platforms, breach risks are constant. Without such protection, cardholders would face enormous uncertainty, making credit card adoption risky. This policy has become a competitive necessity in banking and is now mandated or strongly encouraged by regulators like the RBI (Reserve Bank of India) and NPCI (National Payments Corporation of India).
How Zero Liability Policy Works
Step 1: Fraudulent transaction occurs A cardholder's card details are compromised—either stolen, phished, or exposed in a data breach—and an unauthorised transaction is charged to the account.
Step 2: Cardholder detects fraud The cardholder reviews their statement (online, app, or paper) and spots a transaction they did not authorise. Time is critical: most banks require dispute filing within 30–90 days of the transaction.
Step 3: Cardholder reports to issuing bank The cardholder contacts their bank's customer service, fraud department, or uses the mobile app to report the unauthorised transaction. They provide details: transaction amount, merchant, date, and reason it is unauthorised.
Step 4: Bank initiates investigation The bank and the card network (Visa, Mastercard, or RuPay) investigate whether the transaction meets fraud criteria. They examine merchant records, merchant category code, transaction patterns, and cardholder's usual spending behaviour.
Step 5: Reversal and credit If the transaction is confirmed as unauthorised and the cardholder is not found negligent, the bank reverses the charge and credits the amount back to the cardholder's account within 7–30 days, depending on the bank's policy.
Cardholder negligence caveat: If the cardholder's own actions—sharing their PIN, CVV, or OTP with others, writing the PIN on the card, or ignoring security warnings—contributed to the fraud, the bank may deny or limit coverage under the zero liability clause.
Zero Liability Policy in Indian Banking
The Reserve Bank of India (RBI) has made zero liability protection a regulatory expectation for all scheduled commercial banks and payment service providers. In 2013, the RBI issued guidelines under the "Master Circular on Credit Cards and Debit Cards" which recommend that banks implement comprehensive fraud protection policies. While not strictly mandatory, RBI circulars make it clear that consumer protection is non-negotiable.
All major Indian banks—SBI, HDFC Bank, ICICI Bank, Axis Bank, Kotak Mahindra Bank, and others—offer zero liability policies on credit and debit cards. NPCI, which operates RuPay (India's indigenous card scheme), mandates zero liability coverage on all RuPay cards at issuing banks.
In practice, Indian banks often differentiate liability based on negligence:
- No negligence (true fraud): Zero liability; 100% reversal.
- Minor negligence (cardholder's role is incidental): Limited liability, often capped at ₹1,000–₹10,000.
- Gross negligence (cardholder shared PIN/OTP or ignored fraud warnings): Bank may deny coverage or cap at ₹50,000.
The JAIIB (Junior Associate in Indian Institute of Banking) and CAIIB (Certified Associate in Indian Institute of Banking) syllabi cover consumer protection, credit card fraud, and cardholder rights under banking regulation modules. Zero liability policy appears as a key topic under "Banking Regulation and Customer Protection."
Practical Example
Deepak, a software engineer in Bengaluru, uses his HDFC Bank credit card to book a flight on a registered booking website. Three days later, he receives an SMS notification for a ₹45,000 purchase at an electronics retailer in Delhi—a city he has never visited. Deepak immediately opens the HDFC Mobile app, views the transaction, and clicks "Report as Fraud."
HDFC's fraud team investigates and finds that Deepak's card details were exposed in a data breach at the booking website. The transaction at the electronics store was made by a fraudster using the stolen details; Deepak never visited the merchant, and his device location at the time of transaction was in Bengaluru.
Within 10 days, HDFC confirms the fraud, confirms Deepak bears zero liability, and reverses the ₹45,000 charge. Deepak's credit card account is restored, and HDFC issues a replacement card with a new number. Deepak's credit score remains unaffected because the reversal occurred before the billing cycle closed.
Zero Liability Policy vs Chargeback
| Aspect | Zero Liability Policy | Chargeback |
|---|---|---|
| Trigger | Unauthorised fraud reported by cardholder | Cardholder disputes a legitimate-appearing transaction as unauthorised |
| Who initiates | Cardholder → Bank | Cardholder → Card network → Acquiring bank → Merchant |
| Speed | Fast (7–30 days) | Slower (30–90 days) |
| Outcome | Bank reverses; no merchant inquiry needed | Merchant has right to dispute and provide proof of authorisation |
A zero liability policy is the bank's internal protection promise to the cardholder; a chargeback is a formal dispute process involving the card network and merchant. Zero liability is proactive consumer protection, while chargeback is a cardholder's remedy when zero liability does not apply or is denied.
Key Takeaways
- A zero liability policy protects cardholders from financial responsibility for unauthorised credit card transactions once reported to the issuing bank.
- Indian banks follow RBI guidelines recommending zero liability protection on all credit and debit cards; NPCI mandates it for RuPay cards.
- Cardholder negligence (sharing PIN, ignoring fraud alerts, or writing CVV on card) can limit or deny zero liability coverage.
- The cardholder must report unauthorised transactions within 30–90 days of the transaction date; delays may void coverage.
- Most Indian banks reverse fraudulent charges within 7–30 days of investigation confirmation.
- Zero liability is a contractual protection offered by the issuing bank and card network; it is not the same as a chargeback.
- Liability caps for negligence-related fraud vary by bank; some impose limits of ₹10,000–₹50,000.
Frequently Asked Questions
Q: Do I have to pay a fee for zero liability protection? A: No. Zero liability is a standard cardholder right included in your credit card terms at no extra cost. However, some banks may offer enhanced fraud protection insurance as an optional add-on, which may carry a fee.
Q: What if the fraud happened because I shared my OTP with someone? A: Sharing your OTP or PIN is considered gross negligence. The bank may deny zero liability coverage or cap your liability at a specific amount (e.g., ₹50,000). Always keep your OTP confidential, even if a caller claims to be from your bank.
Q: How long does it take for the bank to credit back the fraudulent amount? A: Most Indian banks complete investigation and credit within 7–30 days of your dispute report. However, if the transaction was very recent or the investigation is complex, it may take longer. SBI and HDFC typically credit within 15–20 days.