Current Affairs Topics Archive
International Relations Economics Polity & Governance Environment & Ecology Science & Technology Internal Security Geography Social Issues Art & Culture Modern History

RBI plans shared liability for digital frauds, pushes open card ecosystem in Vision 2028

March 27, 2026 5 min read Economics Science & Technology GS3 (Indian Economy Technology Cybersecurity)
On This Page

What Happened

  • The Reserve Bank of India's Payments Vision 2028 proposes a shared responsibility framework for unauthorised digital payment transactions, distributing liability between the customer's bank and the beneficiary bank rather than leaving the full burden on consumers.
  • RBI is exploring a switch-on/switch-off facility for all digital payment modes, allowing users to individually enable or disable specific payment channels (e.g., UPI, cards, net banking) as a fraud prevention tool.
  • The Vision 2028 also pushes for an open card ecosystem where debit and credit cards can operate across multiple payment networks, ending the current system where a card is typically locked to a single network.
  • Security and data privacy have been declared the topmost priority for the 2028 Vision period, reflecting growing concerns about the sharp increase in digital payment fraud as transaction volumes scale.
  • These proposals build upon the RBI's earlier 2017 framework on limiting customer liability in unauthorised electronic transactions, which provided partial relief but placed heavy responsibility on timely reporting by customers.

Static Topic Bridges

RBI's Existing Framework on Unauthorised Electronic Transactions (2017)

The RBI issued a circular in July 2017 titled "Customer Protection — Limiting Liability of Customers in Unauthorised Electronic Banking Transactions," which established the principle that customers should not bear full losses from fraud if they are not at fault. Under the 2017 framework, liability depended on the reporting time and whether the breach was at the bank's end or the customer's end. If the fraud was due to negligence by the bank, the customer bore zero liability. If due to third-party breach with prompt customer reporting (within 3 working days), liability was capped at ₹5,000 to ₹25,000 depending on account type. However, the framework was criticised as insufficient because beneficiary banks — which receive fraudulent funds — faced no consequences.

  • RBI Circular: July 6, 2017 — Customer liability in unauthorised electronic transactions
  • Zero liability: When fraud is due to bank's negligence or breach at bank's systems
  • Capped liability: ₹5,000–₹25,000 if breach is third-party but customer reports within 3 days
  • Gap: Beneficiary bank (where fraudster holds account) bore no liability under 2017 rules
  • New Vision 2028 proposal: Shared liability — both originating and beneficiary banks responsible
  • Covers: UPI, IMPS, NEFT, RTGS, card transactions

Connection to this news: The shared liability framework in Vision 2028 directly addresses the biggest gap in the 2017 circular — that beneficiary banks had no skin in the game — by making them co-responsible for losses from unauthorised transactions passing through their accounts.

Digital Payment Fraud and Cybersecurity in India

India's digital payment ecosystem — processing over 17 billion UPI transactions monthly — has simultaneously seen a steep rise in cyber fraud. According to RBI's Annual Report, digital payment fraud cases reported under the payment fraud framework rose significantly between 2021 and 2025. Common fraud types include phishing, vishing (voice call fraud), fake UPI payment links, SIM-swapping, and screen-mirroring malware. The Indian Cyber Crime Coordination Centre (I4C) under the Ministry of Home Affairs and the National Cybercrime Reporting Portal (NCRP) are the primary government mechanisms for tracking and responding to digital financial crime.

  • UPI transactions: Over 17 billion/month (2025); India's share of global real-time payments is ~50%
  • Digital fraud trend: Rising sharply — RBI annual reports show increasing fraud volumes 2021-2025
  • Key fraud types: Phishing, vishing, fake payment requests, SIM-swap, malware
  • I4C (Indian Cyber Crime Coordination Centre): Nodal agency under MHA for cybercrime coordination
  • NCRP: National Cybercrime Reporting Portal (cybercrime.gov.in) for citizen reporting
  • IT Act, 2000 (Section 66C, 66D): Primary legal provisions for identity theft and impersonation online
  • Switch-on/switch-off proposal: Granular user control over each payment mode to reduce fraud exposure

Connection to this news: The switch-on/switch-off facility proposed in Vision 2028 is a direct consumer-protection response to the fraud landscape — if a user is not travelling, they can disable international card transactions; if they do not use credit cards, they can switch that mode off, shrinking the attack surface for fraudsters.

Open Card Ecosystem and Payment Network Competition

Currently, credit and debit cards in India are issued on specific payment networks — Visa, Mastercard, or RuPay (National Payments Corporation of India's network). The open card ecosystem proposed under Vision 2028 would allow a single card to be operated on multiple networks, enhancing competition and interoperability. This follows RBI's earlier 2022 instruction requiring card networks to allow tokenisation (replacing card numbers with unique tokens for merchant payments) as a security measure. An open ecosystem reduces merchant payment costs, expands acceptance, and prevents anti-competitive lock-in by any single network.

  • Current networks: Visa, Mastercard, RuPay (domestic) — cards tied to one network
  • RuPay market share: Over 60% of debit cards issued in India are on RuPay (as of 2025)
  • RBI card tokenisation mandate: Effective October 2022 — all card-on-file data replaced by tokens at merchant level
  • Open ecosystem: One card, multiple networks — similar to global co-badging schemes
  • Benefit for merchants: Lower MDR (Merchant Discount Rate) through network competition
  • NPCI: National Payments Corporation of India — manages RuPay, UPI, IMPS, NACH, FASTag

Connection to this news: The open card ecosystem push is Vision 2028's most market-structure-changing proposal for cards — it would fundamentally alter how card payments work in India by removing the exclusivity of single-network card issuance, increasing competition and potentially reducing transaction costs for merchants and consumers.

Key Facts & Data

  • Vision 2028 top priority: Security and data privacy
  • Shared liability framework: Both originating bank and beneficiary bank bear responsibility for unauthorised transactions
  • Switch-on/switch-off: User-controlled enabling/disabling of individual payment modes
  • Open card ecosystem: Cards operable on multiple payment networks (not locked to one)
  • RBI 2017 circular: Capped customer liability at ₹5,000-₹25,000 for timely-reported third-party fraud
  • UPI transactions: Over 17 billion/month (2025)
  • I4C: Indian Cyber Crime Coordination Centre (under MHA)
  • NCRP: National Cybercrime Reporting Portal
  • RuPay: Over 60% of debit cards in India (NPCI's domestic network)
  • Tokenisation mandate: Effective October 2022 (card-on-file protection)
  • PSS Act 2007 (amended May 2025): Legal basis for Payments Regulatory Board overseeing Vision 2028