RBI digital fraud rules 2027: Who can claim compensation and who cant
x
People tricked into sending money via UPI or net banking can now recover up to ₹25,000 for small-value frauds. Image: iStock

RBI digital fraud rules 2027: Who can claim compensation and who can't

Bona fide victims who inadvertently share credentials can make claims; banks have to establish customer liability and not place burden of proof on customer


Click the Play button to hear this message in audio format

The Reserve Bank of India (RBI) has revamped its digital fraud compensation rules, effective for transactions on or after January 1, 2027. The new framework allows bona fide victims who inadvertently share credentials to claim compensation and requires banks to establish customer liability rather than placing the burden of proof on the customer.

Key details of the framework

Compensation for small-value frauds: For eligible scam transactions in which a customer is tricked into transferring money, victims can claim 85% of their net loss or ₹25,000, whichever is lower. This is available once in a customer’s lifetime for losses up to ₹50,000.

Zero liability: Customers have zero liability if the fraud is due to bank negligence or a third-party system breach, provided the breach is reported to the bank within five calendar days.

Mandatory reporting: To be eligible, the victim must report the fraud within five calendar days to both their bank and the National Cyber Crime Reporting Portal (or call the 1930 helpline).

Credit card protection: For credit card fraud, banks must provide a provisional credit (“shadow reversal”) to the customer’s account within five days of receiving the complaint to prevent additional charges.

Bank accountability: Banks must resolve domestic complaints within 45 days. If a valid compensation claim is established, banks must make the payout within five days.

Transaction alerts: Banks are mandated to send instant SMS alerts for all electronic banking transactions exceeding ₹500.

Who benefits from the new rules

The revised RBI digital fraud guidelines are primarily useful for individual banking customers, financial institutions, and digital merchants by creating a safer, faster, and more transparent financial system.

Here is exactly how these rules help different groups:

Individual banking customers

• Scam victims: People tricked into sending money via UPI or net banking can now recover up to ₹25,000 for small-value frauds.

• Credit card holders: Users get “shadow reversal” credits within five days of reporting fraud, protecting them from wrongful interest or late fees.

• Everyday digital users: Customers gain peace of mind because banks must now prove customer negligence; the burden of proof is no longer on the victim.

Financial institutions & fintechs

• Cybersecurity teams: Banks now have clear, unified timelines (such as the 45-day resolution window) to investigate and close fraud cases.

• Risk managers: Fraud prevention teams can use the strict five-day customer reporting window to quickly trace and freeze stolen funds before they leave the banking ecosystem.

Digital businesses & merchants

• E-commerce platforms: Clearer liability rules reduce friction and disputes among banks, merchants, and buyers during payment failures or fraud.

• Payment gateways: The rules incentivise stricter security protocols, leading to fewer chargeback disputes and higher consumer trust in online shopping.

Who won’t benefit from the new rules

The revised RBI digital fraud guidelines may not be useful for habitual fraud victims, negligent users who delay reporting, and customers of specific excluded financial institutions.

The rules specifically exclude or offer no relief to the following groups:

Repeat or high-value scam victims

• Repeat victims: The 85% small-value compensation mechanism (up to ₹25,000) is strictly a once-in-a-lifetime benefit. It will not help anyone who falls for scams multiple times.

• Large-scale fraud victims: If a user is scammed out of a massive sum (e.g., ₹5 lakhs or ₹10 lakhs) through an authorised transfer they were tricked into making, the compensation cap remains limited to a maximum of ₹25,000.

Customers excluded by bank type

• Specific banking customers: The new 2027 directions explicitly exclude Small Finance Banks, Payments Banks, Regional Rural Banks (RRBs), and Local Area Banks. If you hold an account with these specific entities, you do not get the benefit of this updated framework.

Users who delay reporting

• Late reporters: If a third-party system breach occurs and the customer fails to report it to the bank within five calendar days, they lose their right to absolute zero liability.

• Delayed scam filings: To get the small-value scam compensation, a victim must report the incident to both the bank and the 1930 Cyber Crime Helpline within five days. Missing this tight deadline disqualifies the user entirely.

Negligent users (before reporting)

• Immediate losses: If a customer compromises their own security by sharing an OTP, password, or PIN, they remain 100% liable for all financial losses incurred up until the exact moment they formally report the fraud to the bank. The new rules do not offer retrospective protection for immediate self-negligence.

Your actionable takeaway

While this framework offers unprecedented financial lifelines—particularly the partial compensation for small-value scams—it is not a blank cheque for negligence.

The protections are capped (at a maximum of ₹25,000 or 85% of the loss) and are strictly bound by the new reporting windows.

The golden rule of digital banking remains unchanged: vigilance and speed are your best defences. Reporting any suspicious activity to your bank immediately within the five-day window will be the crucial deciding factor in securing your compensation.

Next Story