New Delhi, Mar 9 (KNN) The Reserve Bank of India (RBI) has proposed revisions to its framework on customer liability in unauthorised electronic banking transactions, aiming to expand protection for users and speed up complaint resolution in digital fraud cases.
The central bank issued draft amendment directions on March 6, 2026, and invited comments from stakeholders and the public until April 6, 2026.
Wider Coverage for Digital Transactions
The proposed amendments seek to broaden the scope of the guidelines to cover more categories of fraudulent electronic banking transactions, including payments made through internet banking, mobile banking, cards and other digital channels.
These transactions fall under the definition of electronic funds transfers as per the Payment and Settlement Systems Act, 2007.
The draft also introduces clearer definitions for authorised and unauthorised transactions. Transactions carried out using authentication methods such as OTPs, PINs, passwords or card details will generally be treated as authorised. However, transactions executed using credentials obtained through fraud, coercion or deception will be classified as fraudulent electronic banking transactions.
Defined Roles for Banks, Customers and Third Parties
The RBI has also clarified what constitutes negligence by banks and customers.
Bank negligence may include failing to maintain secure systems, not sending transaction alerts or not providing proper channels for reporting fraud. Customer negligence could involve sharing sensitive details such as passwords or OTPs, ignoring fraud warnings from banks, or downloading malicious applications.
The draft directions also recognise third-party breaches, where fraud arises due to intermediaries such as payment gateways, telecom service providers or third-party application providers rather than the bank or the customer.
Customers will be advised to immediately report fraudulent transactions to their bank and lodge a complaint through the National Cyber Crime Reporting Portal or the National Cyber Crime Helpline (1930).
Compensation for Small-Value Fraud
The RBI has also proposed a compensation mechanism for small-value digital banking frauds.
Under the draft rules, if an individual customer suffers a loss of up to Rs 50,000 in a genuine fraudulent transaction, they may receive 85 per cent of the net loss or up to Rs 25,000, whichever is lower, once in their lifetime.
To qualify, the fraud must be reported to both the bank and the national cybercrime reporting system within five days.
For smaller losses, most of the compensation will initially be borne by the RBI, with smaller contributions from the customer’s bank and the beneficiary bank. If funds are later recovered, the compensation amount will be recalculated.
One-Year Pilot Period
The compensation arrangement will remain in force for one year from the effective date of the directions, after which it will be reviewed.
The RBI said the objective is to gradually increase the share of compensation borne by banks and reduce or eliminate the central bank’s contribution.
The proposed directions will apply to electronic banking transactions carried out on or after July 1, 2026, once the final rules are notified.
(KNN Bureau)
