Banks cannot make it mandatory for customers to choose any digital banking channel to avail services like debit cards, the Reserve Bank of India (RBI) said in a draft circular on digital banking.

The draft norms, issued on Monday, has also proposed stronger fraud protection rules to protect customers.

"While it may be more convenient for the customer to opt for some services together (for example, virtual access to card controls), the choice to apply for digital banking facilities shall lie solely with the customer," the draft said.

As per the draft norms, banks will have to obtain explicit consent from the customer for providing digital services, which may be duly recorded and documented.

“It shall also be clearly indicated that SMS/email alerts will be sent to the mobile number/email of the customer registered with the bank for operations, both financial and non-financial, in their account(s),” the RBI said.

Banks need to disclose the terms, including fees and redressal channels, and send transaction alerts via SMS or email. 

As per the draft norms, third-party products and services should not be displayed on banks’ digital channels.

"Third-party products and services, including those of promoter groups or bank group entities (subsidiaries/joint ventures/associates), shall not be displayed on banks' digital banking channels except as specifically permitted by the Reserve Bank from time to time," it said.

Banks offering mobile banking service (other than through mobile applications) must ensure that customers across mobile network operators can avail of the service, i.e. the service will be network independent.

Further, banks should put in place risk-based transaction monitoring and surveillance mechanisms.

“Study of customer transaction behaviour patterns and monitoring unusual transactions or obtaining prior confirmation from customers for outlier transactions may be incorporated in the systems in accordance with the Fraud Risk Management Policy of the bank,” the RBI said.

Comments on the draft norms are invited from stakeholders until 11 August.

The draft said banks shall put in place appropriate risk mitigation measures in accordance with their policies, like transaction limit (per transaction, daily, weekly, monthly), transaction velocity limit, and fraud checks depending on their risk perception.

Banks are also required to obtain prior approval from the RBI for launching full-scale transactional digital banking services such as fund transfers and loan applications. They will have to provide supporting documents, including related to minimum net worth of Rs 50 crore or regulatory threshold, whichever is higher, as on 31 March of the immediately preceding financial year.

For being eligible to provide view-only banking facility for internet banking, mobile banking and other digital banking channels-based services, banks are required to have implemented core banking solution (CBS) and to have enabled their public-facing Information Technology (IT) infrastructure to handle Internet Protocol Version 6 (IPv6) traffic.