The RBI's revised framework compensates small-value digital fraud victims up to ₹25,000 and mandates dynamic Two-Factor Authentication. Coupled with the government's e-Zero FIR initiative, this policy drastically strengthens India's cybersecurity, consumer protection, and overall digital payments ecosystem.
Why In News?
The Reserve Bank of India (RBI) publishes revised draft directions to provide financial compensation for victims of small-value digital payment frauds.
What is Digital Fraud?
Digital fraud involves the illegal, deceptive acquisition of financial credentials or funds by exploiting electronic banking channels and human psychology. Common typologies include:
RBI’s New Digital Fraud Framework
Scope: The framework covers all Electronic Banking Transactions (EBTs), including UPI, credit/debit cards, and prepaid wallets.
Resolution Timelines: Regulated entities must resolve domestic complaints within 45 calendar days and cross-border frauds within 60 calendar days.
Compensation: Victims with a gross loss up to ₹50,000 qualify for one-time lifetime compensation. The system pays 85% of the net loss or ₹25,000, whichever is lower.
Skin in the Game Model: For losses under ₹29,412, the RBI bears 65%, the customer’s bank bears 10%, and the beneficiary bank bears 10%.
Institutional Coverage: Compliance mandates extend to Urban Co-operative Banks (UCBs), Payments Banks, Small Finance Banks, and NBFCs.
Rights and Responsibilities
Zero Liability: Customers incur no liability for bank-side security breaches or third-party breaches reported within five calendar days.
Limited Liability: Customers bear full loss for negligence (e.g., sharing OTPs/PINs) until they report the incident; the bank assumes liability for subsequent losses.
Reporting Requirements: Victims must report fraud within five days to their bank and the National Cyber Crime Reporting Portal (1930).
Shadow Reversal: Banks must execute a shadow reversal for credit card disputes within five days to prevent interest penalties.
Authentication Standards: Effective April 1, 2026, banks must implement Two-Factor Authentication (2FA) or Additional Factor of Authentication (AFA), moving beyond static OTP models.
Mandatory Alerts: Entities must dispatch instant SMS alerts for transactions exceeding ₹500 and email alerts for all transactions.
Significance
Strengthening Trust: The framework shifts the regulatory posture from liability-sharing to proactive protection.
Promoting Payments: A ₹25,000 safety net insulates retail UPI users, who account for 65% of digital fraud incidents.
Systemic Accountability: Cost-sharing forces beneficiary banks to execute rigorous KYC to prevent the proliferation of mule accounts.
Challenges
Jurisdictional Barriers: Transnational syndicates exploit the "golden hour" of asset recovery, outpacing local police.
Digital Literacy: Rural populations and senior citizens struggle to identify phishing attempts.
AI-Enabled Frauds: Criminals use voice-cloning and deepfakes to enhance the success of social engineering.
Reporting Hurdles: The five-day window often disqualifies victims who fail to detect fraud immediately.
Mule Account Proliferation: Scammers layer stolen funds through corporate accounts and cryptocurrency gateways to evade tracking.
Way Forward
AI-Based Detection: Banks must scale the MuleHunter.AI framework to autonomously intercept money mule networks.
Awareness Campaigns: The state must expand the Centre for Financial Literacy (CFL) and the "RBI Kehta Hai" campaign.
e-Zero FIR: States must operationalize the e-Zero FIR to allow instant freeze orders on suspect accounts.
IDPIC Integration: The government must fully operationalize the Indian Digital Payment Intelligence Corporation (IDPIC) to leverage big data at the national gateway level.
Risk-Based Authentication (RBA): Entities must transition to RBA, using biometric friction for high-value anomalous transfers.
Conclusion
By integrating the RBI’s progressive compensation framework with the PMO’s borderless e-Zero FIR mechanism, India structurally fortifies its digital economy against sophisticated cyber syndicates while ensuring absolute consumer trust.
Source: INDIANEXPRESS
|
PRACTICE QUESTION Q. Consider the following statements regarding the Reserve Bank of India's revised framework on small-value fraudulent electronic banking transactions: 1. A customer is eligible for a one-time compensation of 85% of the net loss or ₹25,000, whichever is lower, for gross losses up to ₹50,000. 2. The burden of proving customer negligence in a fraudulent transaction lies entirely on the customer. 3. The framework mandates that banks must resolve domestic fraudulent transaction complaints within 45 calendar days. Which of the statements given above are correct? (a) 1 and 2 only (b) 2 and 3 only (c) 1 and 3 only (d) 1, 2, and 3 Answer: (c) Explanation: Statement 1 is correct: A bona fide victim (individuals and sole proprietors) suffering a gross loss of up to ₹50,000 is eligible for a one-time compensation of 85% of the net loss or ₹25,000, whichever is less. Statement 2 is incorrect: The framework expressly states that the burden of proving customer liability or negligence lies entirely on the bank. Customers enjoy zero liability in cases of bank negligence or third-party breaches reported within 5 days. Statement 3 is correct: The RBI mandates that banks must complete investigations and resolve complaints regarding domestic fraudulent electronic banking transactions within 45 calendar days (and 60 calendar days for cross-border complaints). |
The Reserve Bank of India's newly finalized Master Directions on Customer Protection—taking effect on January 1, 2027—significantly expanded user safeguards by establishing a mandatory compensation safety net for small-value scams and legally recognizing manipulation, coercion, and duress as grounds for claiming fraud.
Under the revamped framework, customers have zero liability for bank-attributable security lapses, face zero liability for third-party system breaches reported within five calendar days, and qualify once-in-a-lifetime for an 85% reimbursement (up to ₹25,000) for small frauds up to ₹50,000 even if they were tricked into approving the transaction, provided they file dual complaints with their bank and the National Cyber Crime Helpline (1930) within five days.
The RBI actively shields users by mandating strict Two-Factor / Additional Factor Authentication (AFA) on all digital channels, shifting the complete legal burden of proving customer negligence onto the banks, enforcing instant credit card shadow reversals within 5 days of a dispute, and introducing strict 45-day domestic resolution timelines for banks.
The most common variants plaguing users include impersonation-based "digital arrest" scams via WhatsApp, social engineering trickery that coerces victims into making voluntary UPI transfers, phishing links deployed to compromise multi-factor credentials, and the illicit utilization of rented bank accounts (mule accounts) to rapidly launder stolen digital funds.
© 2026 iasgyan. All right reserved
