With the rapid growth of digital payments, cases of online fraud are also rising quickly. In response to this problem, the Reserve Bank of India (RBI) has proposed new rules to protect bank customers.
According to the proposal, if a customer loses up to ₹50,000 due to digital banking fraud, they may receive partial compensation.
The RBI has also explained when the bank will be responsible, when the customer may be at fault, and how people should report fraud.
If approved, these new rules could come into effect from July 1, 2026.
Transactions Covered Under the New Rules
According to the RBI proposal, the rules will apply to digital transactions made through multiple banking channels. These include:
Unified Payments Interface (UPI)
Internet banking
Mobile banking
Debit cards
Credit cards
ATM transactions
If an unauthorized transaction happens through any of these methods, customers may get protection under the new rules.
However, the proposal currently applies only to commercial banks. Other institutions such as small finance banks, payment banks, and regional rural banks will not be included for now.
Compensation in Case of Digital Fraud
If a customer becomes a victim of digital fraud and the total loss is up to ₹50,000, they may receive compensation.
According to the proposal:
Customers can receive 85% of the total loss, or
A maximum compensation of ₹25,000
This benefit will be available only once in a lifetime, and customers must report the fraud quickly to qualify for compensation.
What Will Be Considered an Authorized Transaction
The RBI has clarified that certain transactions will be considered authorized.
For example, if a customer enters their:
OTP
PIN
Password
Card details
to complete a payment, the transaction will generally be treated as authorized.
However, if someone steals the customer’s information or tricks them into transferring money, the transaction may be considered fraudulent.
Bank’s Responsibility vs Customer’s Responsibility
The draft rules also explain when the bank may be responsible and when the customer may be at fault.
A bank may be considered negligent if:
Its security systems are weak
Transaction alerts are not sent
There is no proper system to report fraud
On the other hand, customers may be considered negligent if they:
Share OTP, passwords, or card details with others
Ignore warnings issued by the bank
Download suspicious or unsafe mobile apps
Fraud Caused by Third Parties
In some situations, fraud may not be the fault of either the bank or the customer.
Problems can also arise due to third-party systems, such as:
Payment gateways
Third-party payment apps
Telecom companies
Payment aggregators
If fraud happens because of technical issues or security problems in these services, it may be treated as a third-party breach.
How to Report Digital Fraud
The RBI advises customers to report any suspicious transaction immediately to their bank.
Customers should also file a complaint on the National Cyber Crime Portal or call the cyber fraud helpline number 1930.
To be eligible for compensation, the complaint must be filed with both the bank and the cyber crime portal within five days.
Special System for Small Fraud Cases
For small digital fraud cases, most of the compensation may come from the RBI, while some portion will also be contributed by the customer’s bank and the receiving bank.
If the stolen money is later recovered, the compensation amount given earlier will be adjusted accordingly.
