India’s digital payments ecosystem has transformed the way people manage money. From UPI and mobile banking to online shopping and digital wallets, electronic transactions have become a part of daily life. However, the rapid growth of digital finance has also led to a rise in cyber frauds, including phishing attacks, fake UPI requests, OTP scams, QR code frauds, SIM swapping and AI-enabled impersonation scams.
To strengthen consumer protection and build confidence in digital banking, the Reserve Bank of India (RBI) has introduced a revised compensation framework under the RBI (Commercial Banks-Responsible Business Conduct) Third Amendment Directions, 2026. The new rules will come into effect from January 1, 2027.
The central idea behind the framework is simple: genuine victims of digital fraud should not have to bear the entire financial burden of losses caused by fraudulent electronic banking transactions. Under the new rules, a bona fide victim who loses up to ₹50,000 in a digital banking fraud can receive compensation equal to 85 per cent of the net loss amount, subject to a maximum of ₹25,000. This benefit can be claimed only once during a person’s lifetime.
The move is significant because even relatively small frauds can seriously affect household finances. By providing partial reimbursement, the RBI aims to reduce the immediate financial impact on victims. Another important feature of the framework is the principle of zero liability where the bank is at fault. If a fraudulent transaction occurs due to negligence, security lapses or deficiencies on the part of the bank, the customer is entitled to a full reversal of the disputed amount. The framework also recognises that modern frauds often involve deception and coercion rather than direct hacking. As a result, protection extends to cases where customers are manipulated into making payments through social engineering techniques.
However, timely reporting is critical. To qualify for compensation, victims must report the fraud within five calendar days to both their bank and the National Cyber Crime Reporting Portal or cybercrime helpline 1930. Quick reporting increases the chances of tracing funds and preventing further misuse of stolen money.
The RBI has also introduced stricter timelines for complaint resolution. Banks are expected to determine liability within 45 days in domestic cases and within 60 days in cross-border cases. These timelines are intended to provide faster relief and reduce the uncertainty often faced by fraud victims.
A notable feature of the framework is its shared-responsibility approach. The cost of compensation will not be borne entirely by one institution. Instead, the RBI, the customer’s bank, and where applicable, the beneficiary bank will share the financial burden.
The new framework comes at a time when digital frauds are becoming increasingly sophisticated. While regulatory protection is important, customers must continue to remain vigilant, avoid sharing sensitive information, verify payment requests carefully, and report suspicious transactions immediately.
