Current Affairs Topics Archive
International Relations Economics Polity & Governance Environment & Ecology Science & Technology Internal Security Geography Social Issues Art & Culture Modern History

RBI moves to shield customers from small fraud, caps compensation at Rs 25,000

February 06, 2026 4 min read Economics GS Paper 3 (Indian Economy Banking Digital Payments)
On This Page

What Happened

  • The RBI released draft directions proposing that victims of small-value digital banking fraud receive compensation of up to ₹25,000, or 85% of the fraudulent transaction amount, whichever is lower.
  • The framework is designed for digital transactions up to ₹50,000, which account for approximately 65% of all reported digital fraud cases in India.
  • Under the draft, the RBI will bear 65% of the compensation cost; the customer's bank and the beneficiary bank (the bank receiving the fraudulently transferred funds) will each bear 10%; the customer absorbs the remaining 15%.
  • A major departure from existing norms: customers may be eligible for compensation even if they shared an OTP — acknowledging that social engineering fraud can victimise prudent users.
  • Eligibility is conditional on reporting the fraud both to the bank and on the National Cyber Crime Reporting Portal or calling helpline 1930 within five calendar days of the incident.
  • The framework will come into effect from July 1, 2026, and compensation can be claimed only once per customer in their lifetime.

Static Topic Bridges

Digital Payments Ecosystem and Fraud Risk in India

India's digital payments ecosystem — anchored by UPI, IMPS, NEFT, RTGS, debit/credit cards, and mobile banking — processed over 100 billion transactions in FY24, making it one of the world's largest real-time payment systems. The rapid expansion of digital transactions has been accompanied by a proportionate rise in cyber fraud, particularly social engineering attacks where fraudsters deceive customers into sharing credentials.

  • UPI processed approximately 131 billion transactions worth ₹199 lakh crore in FY24.
  • India's UPI is operated by the National Payments Corporation of India (NPCI), a not-for-profit entity set up under the Payment and Settlement Systems Act, 2007.
  • Digital fraud types relevant to this policy: vishing (voice phishing), SIM swapping, fake customer care, OTP theft, phishing links.
  • Existing framework: RBI's circular on 'Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions' (July 2017) provided limited protection primarily for bank negligence cases.
  • India's cybercrime cases: over 15.51 lakh complaints registered on the National Cyber Crime Reporting Portal in 2023, up significantly from previous years.

Connection to this news: The new compensation framework directly responds to the surge in digital fraud, filling a gap in the existing 2017 circular, which provided less protection when customers were perceived to be negligent.

RBI's Consumer Protection Mandate

Beyond its core monetary policy function, the RBI is vested with regulatory and supervisory authority over commercial banks, payment system operators, and NBFCs. Consumer protection in banking is embedded in several RBI frameworks, including the Banking Ombudsman Scheme (now the Integrated Ombudsman Scheme), the Customer Service Policy, and the fair practices code.

  • RBI Integrated Ombudsman Scheme (2021): merged three separate ombudsman schemes (Banking, NBFC, Digital Payments) into one; covers complaints against banks, NBFCs, payment system operators.
  • Ombudsman offices: 22 across India; appeals go to the Appellate Authority (Deputy Governor, RBI).
  • Existing zero-liability provision: Customers already have zero liability if fraud occurs due to bank negligence or a third-party breach without customer fault (provided reported within 3 days).
  • New direction: extends partial protection even in cases of customer-side OTP sharing (acknowledging psychological manipulation).
  • RBI's mandate under RBI Act, 1934 and Banking Regulation Act, 1949 includes protecting depositors and banking customers.

Connection to this news: The ₹25,000 compensation framework complements the Integrated Ombudsman Scheme by providing an automatic, upfront compensation mechanism for small fraud amounts, reducing the need for formal dispute resolution for the most common cases.

Cybercrime Reporting Infrastructure in India

The National Cyber Crime Reporting Portal (cybercrime.gov.in) and helpline 1930 are operated by the Indian Cyber Crime Coordination Centre (I4C) under the Ministry of Home Affairs. These platforms serve as the first point of contact for cybercrime victims and are critical enablers of fraud investigation.

  • I4C (Indian Cyber Crime Coordination Centre): established under MHA to coordinate cybercrime responses; includes the National Cybercrime Reporting Portal and the Cyber Fraud Mitigation Centre (CFMC).
  • Helpline 1930: financial cybercrime helpline that enables real-time freezing of fraudulently transferred funds.
  • National Cyber Crime Reporting Portal: cybercrime.gov.in — registers all types of cybercrime complaints; feeds into police investigation systems.
  • CFMC (Cyber Fraud Mitigation Centre): banks, telecom providers, internet companies, law enforcement collaborate to block fraudulent transactions quickly.
  • Immediate reporting (within the golden hour) to 1930 can trigger fund freezing before fraud proceeds are withdrawn.

Connection to this news: The RBI's new compensation framework requires customers to report on the NCRP portal or via 1930 within 5 days as a condition of eligibility, formally integrating the RBI consumer protection mechanism with the MHA cybercrime infrastructure.

Key Facts & Data

  • Compensation limit: ₹25,000 or 85% of fraud amount (whichever is lower)
  • Applicable transaction size: up to ₹50,000 (covers ~65% of reported digital fraud cases)
  • Cost split: RBI 65%, customer's bank 10%, beneficiary bank 10%, customer 15%
  • OTP sharing: customers may still be eligible (departure from prior norms)
  • Reporting deadline for eligibility: within 5 calendar days of the fraudulent transaction
  • Reporting channels: bank + National Cyber Crime Reporting Portal (cybercrime.gov.in) / helpline 1930
  • Lifetime claim limit: once per customer
  • Effective date: July 1, 2026
  • UPI transactions FY24: ~131 billion; value: ~₹199 lakh crore
  • Cybercrime complaints on NCRP in 2023: 15.51 lakh+
  • I4C established under: Ministry of Home Affairs