RBI's ₹25,000 fraud compensation shifts burden to banks

The Reserve Bank of India has shifted the burden of proof in digital banking fraud disputes. Starting 1 January 2027, banks must demonstrate customer negligence before rejecting liability for unauthorised electronic transactions. The revised framework, issued under the RBI's Responsible Business Conduct Directions, also introduces a compensation payout for small-value fraud victims.

Individual customers who lose up to ₹50,000 in a fraudulent transaction can claim 85% of the net loss, capped at ₹25,000. The benefit is available once per customer's lifetime. To qualify, the fraud must be reported within five calendar days to both the bank and the National Cyber Crime Reporting Portal or helpline 1930. The bank must also determine the claim as bonafide.

Banks face tighter deadlines. Complaint resolution for domestic fraud must close within 45 calendar days; cross-border cases get 60 days. For credit card disputes, a shadow reversal must occur within five days so the customer incurs no interest during investigation. Banks must offer round-the-clock reporting channels – phone, SMS, email, IVR, toll-free lines – and cannot charge for regulatory SMS alerts. Transaction alerts are mandatory for all electronic transactions above ₹500.

The new rules build on the RBI's existing framework for unauthorised transaction liability. Until now, customers bore most losses when negligence was assumed. The revised directions explicitly define bank negligence: failure to maintain security systems, missing transaction alerts, delayed complaint responses, system breaches, and internal fraud. Third-party breaches – failures at payment gateways, telecom providers, or aggregators – also shift liability away from the customer if reported within five days.

The RBI's latest revision is its most extensive overhaul of digital fraud protection in recent years. It places greater accountability on banks while establishing a financial safety net for small-value cyber fraud victims.