With the rapid growth of digital payments, cases of online fraud are also increasing quickly. To protect bank customers, the Reserve Bank of India (RBI) has proposed new rules that could provide relief in cases of digital banking fraud.
According to the proposal, if a customer loses up to ₹50,000 due to digital fraud, they may receive partial compensation.
The RBI has also explained when the bank will be responsible, when the customer may be considered at fault, and how people should report fraud. If these rules are approved, they could come into effect from July 1, 2026.
Contents
Transactions Covered Under the New Rules
As per the RBI proposal, the new rules will apply to digital transactions made through UPI, internet banking, mobile banking, debit cards, credit cards, and ATMs.
If an unauthorized transaction happens through any of these channels, customers may be eligible for protection under the new guidelines.
However, these rules will apply only to commercial banks for now. Small finance banks, payment banks, and regional rural banks will not be included under this proposal at present.
Compensation in Case of Digital Fraud
If a customer becomes a victim of digital fraud and the loss is up to ₹50,000, they may receive compensation. Under the proposal, customers could get 85% of the total loss or up to ₹25,000, whichever is lower.
However, this benefit will be available only once in a lifetime. Customers will also need to report the fraud within the required time to be eligible for compensation.
What Will Be Considered an Authorized Transaction
According to the RBI, a transaction will be considered authorized if the customer enters details such as OTP, PIN, password, or card information to complete the payment.
But if someone obtains the customer’s information through fraud or tricks the customer into transferring money, the transaction may be treated as fraudulent.
Bank’s Responsibility vs Customer’s Responsibility
The draft rules also explain when the bank may be responsible and when the customer may be considered negligent.
A bank could be considered at fault if:
Its security systems are weak
Transaction alerts are not sent
There is no proper system to report fraud
On the other hand, the customer may be considered negligent if they:
Share OTP, password, or card details with someone
Ignore warnings from the bank
Download suspicious apps
Role of Third Parties in Fraud
In some situations, the issue may not be caused by the bank or the customer but by a third party.
For example, fraud may occur due to technical problems involving a payment gateway, third-party app, telecom company, or payment aggregator. These cases will be treated as third-party breaches.
How to Report Digital Fraud
The RBI has advised customers to immediately inform their bank if they notice any suspicious transaction.
Customers should also file a complaint on the National Cyber Crime Portal or call the helpline number 1930. To be eligible for compensation, the fraud must be reported to both the bank and the cyber crime portal within five days.
Special System for Small Fraud Cases
For smaller digital fraud cases, most of the compensation may come from the RBI, while a part will also be paid by the customer’s bank and the receiving bank.
If the stolen money is later recovered, the compensation amount will be adjusted accordingly.