The Reserve Bank of India has introduced draft rules to compensate victims of electronic banking fraud up to ₹25,000 for losses of ₹50,000 or less. These regulations, effective July 1, 2026, aim to increase digital transaction security and consumer trust. Banks will be required to resolve valid claims within 30 days of reporting.
What Happened
The Reserve Bank of India (RBI) has released draft regulations to provide financial protection to customers affected by electronic banking fraud. Under the proposed 'Review of Framework of Limiting Customer Liability in Digital Transactions', victims can receive compensation for up to 85% of their net loss, capped at ₹25,000, for incidents involving losses of ₹50,000 or less.
To qualify, customers must report the fraud to the bank and the National Cyber Crime Reporting Portal (or the 1930 helpline) within five calendar days. These rules apply to transactions made on or after July 1, 2026. Banks will have a 30-day window to investigate, determine liability, and notify the customer of the outcome, with payouts for valid claims required within five days of verification.
Expanding the Scope of Fraud
The RBI's proposal broadens the definition of fraudulent digital transactions to include more than just unauthorized fund withdrawals. It now explicitly covers scenarios where customers are tricked into sending money to scammers posing as legitimate parties, as well as cases where users approve transactions under duress or have their credentials stolen. This shift addresses the evolving nature of cybercrimes where social engineering and deception are as common as direct hacking.
Liability and Bank Responsibility
The regulations differentiate between customer negligence and bank failure. If a fraud is caused by a bank's security lapse or negligence, the customer faces zero liability, and the bank must reverse the transaction without interest loss or additional charges. Similarly, breaches at the third-party service provider level will result in no customer liability, provided the fraud is reported within the five-day window.
However, actions like sharing OTPs, passwords, or PINs, downloading malicious software, or ignoring official scam warnings are classified as customer negligence. Even in these cases, eligible victims may receive partial compensation if they meet the specific criteria outlined by the RBI.
What Investors May Track
This move toward standardized compensation for digital fraud will influence the operational and compliance landscape for Indian banks.
Investors may look at how banks manage the additional workload of verifying and compensating claims. While this initiative is intended to build consumer confidence and encourage digital banking adoption, it also places the onus on banks to strengthen cybersecurity to minimize potential losses.
Key areas to monitor include:
- Operational Costs: Whether banks increase spending on fraud prevention and internal monitoring systems.
- Claim Settlement: How efficiently individual banks handle the 30-day investigation and 5-day payout timeline, which could impact customer service metrics.
- Digital Adoption: Any long-term shifts in customer behavior as enhanced fraud protection might encourage higher digital payment volumes.
The final benefit to the banking sector will depend on their ability to balance consumer protection with effective fraud detection, ensuring that the cost of compensation remains manageable compared to their overall digital transaction volume.