New Delhi | Amid rising cases of digital banking fraud, the Reserve Bank of India (RBI) has released draft guidelines aimed at strengthening customer protection in electronic financial transactions. Under the proposed Third Amendment Directions, 2026, of the Responsible Business Conduct framework, security measures for digital payments are expected to be tightened. The new rules are planned to be implemented from July 1, 2026.
The draft issued by the RBI covers electronic fund transfers including internet banking, mobile banking, debit and credit card payments, ATM transactions, and UPI payments. The central bank aims to protect customers from cyber fraud and unauthorised transactions.
Women in Cyber Policing: Nominations Open for Excellence Awards 2026
According to the proposed guidelines, customers will be advised to immediately inform their bank if any suspicious or fraudulent electronic transaction occurs in their account and file a complaint on the National Cyber Crime Reporting Portal or through the cyber helpline 1930.
The draft also provides a clear definition of authorised and unauthorised digital transactions. RBI states that transactions authenticated using OTP, PIN, password, or card credentials will be treated as authorised transactions. However, if a customer is tricked or coerced into transferring money, such transactions will be classified as fraudulent.
The proposal also states that if a third party conducts transactions by stealing customer credentials, or if fraud occurs due to security lapses in intermediaries within the payment ecosystem, it will be treated as a system-level failure. In such cases, responsibility may be fixed on banks, telecom service providers, or payment gateways.
The RBI has also proposed a compensation mechanism for small digital fraud losses. If a customer suffers a loss of up to ₹50,000 and reports the incident in time, they may receive 85 percent of the net loss or up to ₹25,000, whichever is lower. This compensation facility will be available only once in a customer’s lifetime.
To qualify for compensation, customers must lodge a complaint with both their bank and the cybercrime portal within five days of the fraud incident. If the lost money is later recovered, the compensation amount will be adjusted accordingly. Experts believe this system is intended to provide relief to small investors and general bank customers.
The RBI has also clarified that customer negligence may limit compensation claims. Sharing passwords, OTPs, or banking credentials with others, downloading suspicious applications, or ignoring fraud alerts may be considered customer negligence.
The central bank believes that with the expansion of digital financial services, the risk of cybercrime is also increasing. Therefore, strengthening technological security, fraud monitoring systems, and grievance redress mechanisms in the banking sector has become necessary.
According to RBI officials, feedback from stakeholders will be invited on the draft guidelines. All technical and administrative aspects will be reviewed before the final implementation of the rules. Banking experts believe the new regulations will help enhance trust in the digital financial ecosystem.
About the author — Suvedita Nath is a science student with a growing interest in cybercrime and digital safety. She writes on online activity, cyber threats, and technology-driven risks. Her work focuses on clarity, accuracy, and public awareness.
