In a significant move aimed at strengthening consumer protection in the digital banking ecosystem, the Reserve Bank of India (RBI) has finalised a compensation framework for victims of small-value digital banking frauds. Under the new regime, customers who suffer losses of up to ₹50,000 in fraudulent electronic banking transactions will be eligible for compensation of up to ₹25,000, subject to prescribed conditions. The framework will come into force on January 1, 2027, and will apply to electronic banking transactions undertaken on or after that date.
According to the RBI, the framework is designed to expand customer protection in cases of fraudulent electronic banking transactions while clearly defining the responsibilities of banks in handling complaints, reversing unauthorised transactions and compensating eligible victims. Individuals and sole proprietors will be entitled to receive compensation once in their lifetime under the scheme. The compensation amount will be 85 per cent of the net loss suffered by the customer or ₹25,000, whichever is lower.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
To qualify for compensation, customers must report the fraud to their bank and also lodge a complaint on the National Cyber Crime Reporting Portal or through the 1930 cybercrime helpline within five calendar days of the incident. Failure to report the fraud within the stipulated period may affect eligibility for compensation.
The framework introduces a structured compensation mechanism based on the amount lost. Customers who suffer losses below ₹29,412 will receive compensation equivalent to 85 per cent of the net loss. In such cases, the RBI will bear the majority of the compensation burden, while the customer’s bank and the beneficiary bank will contribute specified portions. For frauds involving losses of ₹29,412 or more, up to ₹50,000, compensation will remain capped at ₹25,000.
The central bank has also made it clear that the burden of proving customer negligence will rest with the bank. Unless a bank can establish that the customer was responsible for the loss through negligence, the customer may continue to receive protection under the framework.
Importantly, the existing “zero liability” provisions remain intact. Customers will continue to bear no liability where fraud occurs due to negligence, deficiencies, security lapses, system failures or internal frauds within the bank. Similarly, in cases involving third-party breaches, customers who report unauthorised transactions within five calendar days will continue to enjoy full protection.
Banks will be required to strengthen their fraud-response mechanisms under the new directions. They must provide customers with round-the-clock channels to report fraudulent transactions and lost debit or credit cards. In addition, instant SMS alerts will be mandatory for all electronic banking transactions exceeding ₹500. Email alerts must also be sent wherever customers have registered email addresses.
The RBI has prescribed strict timelines for complaint resolution. Banks will have to examine complaints, determine liability and issue a response within 45 calendar days in domestic fraud cases and within 60 calendar days for cross-border fraudulent transactions.
In a customer-friendly measure, banks will also be required to provide a “shadow reversal” equivalent to the disputed amount in fraudulent credit-card transactions within five days of receiving notification from the customer. During this period, customers will not be required to bear additional interest charges or penalties related to the disputed transaction.
Commenting on the development, renowned cybercrime expert and former IPS officer Prof. Triveni Singh said the framework could serve as a crucial safeguard for victims of digital fraud in an era of rapidly expanding online payments. He noted that the first few hours after a cyber fraud are often critical and that prompt reporting to banks and the 1930 helpline significantly improves the chances of fund recovery and successful investigation. He also urged citizens to remain vigilant against suspicious links, fake investment schemes, screen-sharing applications and requests for OTPs, stressing that awareness and timely reporting remain the most effective tools against cybercriminals.
Experts believe the RBI’s latest initiative could enhance public confidence in digital banking while encouraging banks to strengthen cybersecurity controls and customer protection measures in the face of evolving online fraud threats.
