google.com, pub-8701563775261122, DIRECT, f08c47fec0942fa0
Hollywood News

RBI’s digital scam compensation pilot | Explained

For losses up to ₹50,000, individual victims can claim 85% of the amount up to ₹25,000 as compensation only once in their lifetime. | Photo Credit: The Hindu

The Reserve Bank of India on Wednesday, June 24, 2026, issued new rules to protect customers from fraudulent transactions where they lose money to fraudsters and cyber attacks. These instructions amend the RBI’s 2017 circular on “Limitation of Liability of Customers for Unauthorized Electronic Banking Transactions”. The previous framework left banks liable only to compensate defrauded customers if transactions were not approved by customers, such as in a successful hacking incident.

These rules are for pilot purposes only for now but may be expanded in the future. These are effective from January 1, 2027 and are valid throughout the year.

In Wednesday’s changes, drafted for public comment in March, customers will be able to get refunds when they fall victim to some of the scams, such as digital intercepts (in which they are “forced” to pay money), or when one-time passwords (OTPs) are “fraudulently” stolen from them. Most financial frauds currently rely on “social engineering” attacks that require customers to be tricked in some way; Since banks’ underlying cybersecurity infrastructure is tightly regulated and subject to RBI audits, “zero-click” attacks are extremely rare.

Transactions included

The new key concept is “fraudulent electronic banking transactions (EBTs)”. The RBI defines these as transactions “carried out by a third party using credentials obtained from the customer through fraud or with consent taken by the customer under coercion or duress of the third party” or “transactions that are not authorized by the customer and include an EBT that occurs due to, inter alia, negligence on the part of a bank and/or breach by a third party.”

This means that customers who ignore fraud signal warnings on the UPI PIN screen that a particular transaction may be fraudulent will not be eligible for any compensation. In case of an attack by third parties, the period for the customer to report the loss has been increased from three business days to five calendar days. As with the 2017 rules, if any amount is deducted after the customer reports fraud, the customer has no liability and has the right to reverse the transaction.

Banks may waive liability to their customers even if there is a negligent transaction, but this is at their discretion. If a user’s most recent phone number or email address is not registered with the bank, this is considered negligence as the bank will not send fraud alerts to the correct person.

Compensation amount

For losses up to ₹50,000, individual victims can claim 85% of the amount up to ₹25,000 as compensation only once in their lifetime. (This means that for any amount between ₹29,412 to ₹50,000, customers will receive a fixed compensation of ₹25,000.) About three-quarters of the amount will be paid by the RBI itself, while the customer and beneficiary banks will pay half of the remaining amount.

However, to qualify, the customer must contact the cybercrime hotline (1930) within five days. It is worth noting that scams above ₹ 50,000 do not fall under the purview of this framework at all.

Draft changes

From the March draft, banks were given more time to implement this new system; The effective date of the draft rules was July 1. Today is January 1, 2027. Complaint resolution times have now been increased to 45-60 days; The second is valid for international transactions.

Dvara Research, a not-for-profit financial inclusion think tank, had suggested considering customers’ sentiment. “Research shows that Indians face fraud attempts multiple times a week, these attempts are becoming increasingly sophisticated and therefore customers are less likely to fall for them more than once,” the organization wrote.

“Vulnerable clients may not be expected to exercise high standards of care or to defend themselves against sophisticated frauds even for more sophisticated clients… Under the Indian Contract Act, contracts executed under the pretext of information asymmetry, external influence or fraud are void… Bringing together such disparate transactions under the common definition of ‘authorised transaction’ diminishes the fundamental difference between them and may even diminish the importance of a liability framework.”

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button