Current Affairs Topics Archive
International Relations Economics Polity & Governance Environment & Ecology Science & Technology Internal Security Geography Social Issues Art & Culture Modern History

Digital fraud cases: RBI plans compensation up to Rs 25,000 even if victim shares OTP

February 07, 2026 5 min read Economics Science & Technology GS Paper III (Indian Economy Cyber Security)
On This Page

What Happened

  • RBI Governor Sanjay Malhotra, during the Monetary Policy Committee meeting on February 6, 2026, announced a proposed framework to compensate victims of small-value digital frauds up to Rs 25,000.
  • The compensation applies even in cases where the victim shared a one-time password (OTP) with the fraudster, provided the transaction is not found to be mala fide (deliberately dishonest).
  • The payout is capped at Rs 25,000 or 85% of the total fraud amount, whichever is lower, for fraudulent transactions involving amounts up to Rs 50,000.
  • Compensation will be funded from the Depositor Education and Awareness Fund (DEAF), with a loss-sharing arrangement of 70% RBI, 15% bank, and 15% customer.
  • The compensation can be availed only once in a customer's lifetime, targeting first-time unintended losses from digital fraud.

Static Topic Bridges

RBI's Customer Protection Framework for Digital Payments

The RBI has progressively strengthened customer protection norms for electronic banking transactions. The circular on "Customer Protection — Limiting Liability of Customers in Unauthorised Electronic Banking Transactions" (2017) established the framework for zero-liability and limited-liability scenarios based on reporting timelines.

  • Under the 2017 framework, customers have zero liability if they report unauthorized transactions within 3 working days, limited liability (up to Rs 5,000-25,000 depending on account type) for reporting within 4-7 days, and full liability beyond 7 days.
  • A key limitation of the existing framework: if the customer contributes to the fraud (e.g., by sharing OTP or credentials), the bank bears no liability regardless of reporting timeline.
  • The RBI's 2024 Master Direction on Payment Aggregators mandated additional authentication requirements and settlement timelines.
  • Banks are required to send real-time SMS/email alerts for all electronic transactions and provide 24/7 reporting channels.

Connection to this news: The proposed compensation for OTP-sharing victims represents a significant departure from the existing zero-liability-for-negligence principle, acknowledging that social engineering attacks can deceive even cautious customers.

Depositor Education and Awareness Fund (DEAF)

The DEAF was established by the RBI in 2014 under Section 26A of the Banking Regulation Act 1949. It holds unclaimed deposits (savings/current accounts inactive for 10 years or term deposits unclaimed for 10 years from maturity) transferred by banks.

  • As of January 2026, the DEAF holds Rs 72,454 crore — comprising Rs 60,571 crore from public sector banks, Rs 9,608 crore from private banks, and Rs 2,275 crore from foreign banks.
  • There is no time limit for depositors to reclaim their deposits from the fund; banks must return the amount to the rightful claimant on demand.
  • The RBI launched the UDGAM (Unclaimed Deposits — Gateway to Access InforMation) portal to help depositors search for unclaimed deposits across banks.
  • The RBI announced a one-year accelerated payout scheme running until September 2026 to facilitate return of unclaimed deposits.

Connection to this news: Using the DEAF to fund fraud compensation is a novel application of these unclaimed deposits, channeling idle funds toward consumer protection rather than letting them remain dormant.

Digital Payment Fraud Landscape in India

India's digital payment ecosystem has grown rapidly — UPI processed over 16 billion transactions monthly by late 2025 — but digital fraud has grown alongside. The shift to the proposed compensation framework reflects the scale of the problem.

  • Between January and November 2025, Indians lost Rs 805 crore to UPI payment frauds across over 10.6 lakh reported cases.
  • UPI fraud incidence rose by 85% in FY 2023-24 compared to FY 2022-23.
  • Total losses from cyber frauds in India reached Rs 22,845 crore in 2024, a 206% increase from 2023.
  • A survey found that 51% of UPI fraud victims did not file any official complaint — with police, bank, UPI platform, or regulatory bodies.
  • Common fraud methods include phishing calls, fake payment links, remote access trojans, and social engineering attacks where victims are tricked into sharing OTPs.

Connection to this news: The proposed Rs 25,000 first-loss compensation acknowledges that small-value fraud victims often suffer disproportionately and have limited recourse under existing mechanisms, particularly when they unknowingly facilitated the fraud by sharing OTPs.

Cyber Security Infrastructure and IT Act Provisions

India's legal framework for cyber fraud includes the Information Technology Act 2000 (amended 2008), the Indian Cyber Crime Coordination Centre (I4C) under MHA, and the national cyber crime reporting portal (cybercrime.gov.in). The Digital Personal Data Protection Act 2023 adds data security obligations on financial service providers.

  • Section 66C of the IT Act 2000 covers identity theft and Section 66D covers cheating by personation using computer resources.
  • The Indian Cyber Crime Coordination Centre (I4C) operates the "1930" helpline for reporting cyber financial frauds.
  • The Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS) enables real-time interception of fraudulent transactions.
  • RBI mandated banks to establish a dedicated nodal officer for cyber fraud coordination with law enforcement.

Connection to this news: The proposed compensation framework complements the existing enforcement infrastructure by providing immediate financial relief to victims, addressing the gap between fraud reporting and actual recovery of stolen funds.

Key Facts & Data

  • Compensation cap: Rs 25,000 or 85% of fraud amount, whichever is lower.
  • Applicable to fraudulent transactions up to Rs 50,000.
  • Loss sharing: RBI 70%, bank 15%, customer 15%.
  • Funded from DEAF, which holds Rs 72,454 crore (as of January 2026).
  • Compensation available once per customer's lifetime.
  • UPI fraud losses (Jan-Nov 2025): Rs 805 crore across 10.6 lakh cases.
  • UPI fraud incidence rose 85% in FY 2023-24 vs FY 2022-23.
  • Total cyber fraud losses in India (2024): Rs 22,845 crore (206% rise from 2023).
  • 51% of UPI fraud victims do not file complaints.
  • Existing framework: zero liability within 3 days of reporting, but no cover if customer shares OTP.