Relief to digital fraud victims: How losses upto 50K can be recovered

Why in the News?

The RBI notified a revised compensation framework for victims of digital payment fraud, effective 1 January 2027. Under the scheme, victims can recover part of losses up to ₹50,000 through a state-supported fund. The move follows a sharp rise in fraud value despite fewer reported cases.

Why did the RBI intervene now, and what does the scale of digital fraud reveal about the existing liability framework?

1. Rising fraud value: Fraud cases fell to 10,114 in FY26, but the amount involved increased 46% to ₹48,021 crore, indicating fewer but larger frauds.
2. Consumer liability gap: The earlier framework placed the burden of proof and recovery on customers. Banks faced limited liability unless negligence was established
3. Electronic Banking Transactions (EBTs) as the primary vector: EBT are a digitally initiated banking transaction, including NEFT, RTGS, UPI, and card-based payments. They became the primary fraud channel, exposing a liability gap.
4. State absorption of residual risk: The new framework makes the RBI the majority loss-bearer for unrecovered fraud amounts. This signals that the regulator treats digital fraud loss as a systemic risk requiring regulatory underwriting, not merely a bilateral consumer-bank dispute.

What is the consumer entitlement under the new framework, and what conditions govern eligibility?

1. Maximum compensation ceiling: A victim is eligible for compensation of up to 85% of net loss amount or ₹25,000, whichever is less. This applies to gross fraudulent EBT losses up to ₹50,000.
2. Lifetime cap: The compensation is available once during the lifetime of the account holder. Repeat claims for subsequent fraud events are not covered under this mechanism.
3. Complaint filing window: Victims must lodge a complaint regarding the fraud within five calendar days of the event. Claims filed beyond this window are ineligible regardless of the loss amount.
4. Loss verification standard: The loss must be established in accordance with the internal processes set out in the victim’s bank’s policy. The framework does not prescribe a uniform evidentiary standard across banks, leaving verification to individual bank procedures.
5. Threshold-based compensation rate: For losses below ₹29,412, the victim receives 85% of the amount lost. For losses between ₹29,412 and ₹50,000, the victim receives a flat ₹25,000 (the ceiling).

How is the cost of compensation shared between the RBI, the victim’s bank, and the beneficiary bank?

1. Domestic fraud (below ₹29,412): RBI bears 65% of compensation. The victim’s bank and beneficiary bank contribute 10% each.
2. Domestic EBT fraud between ₹29,412 and ₹50,000 (₹25,000 flat compensation): The RBI contributes ₹19,118 (76.5%). The victim’s bank and the beneficiary bank each contribute ₹2,941 (approximately 12% each).
3. Cross-border EBT fraud (elevated bank contribution): In cross-border cases, the victim’s bank’s contribution rises to 20% for frauds below ₹29,412, and to ₹5,882 for frauds in the ₹29,412-₹50,000 band.
4. Multiple beneficiary banks (proportionate allocation): Where more than one beneficiary bank receives the fraudulent amount, each bank’s share of the compensation is proportionate to the amount credited to its accounts.
5. Numerical illustration (official example): If fraud loss is ₹40,000 and ₹15,000 is recovered, the net compensable loss is ₹25,000. The victim receives 85% of ₹25,000 = ₹21,250. The RBI contributes ₹16,250; victim’s bank and beneficiary bank contribute ₹2,500 each. If nothing is recovered, the victim receives ₹25,000 (ceiling), distributed in the same proportion.

What standard of bank negligence triggers full bank liability, and what are the banks’ procedural obligations?

1. Full bank liability for own negligence: Where fraud arises from the bank’s own negligence, the bank must compensate the victim entirely. The RBI cost-sharing mechanism does not apply in such cases.
2. Safety and security failures: Failing to ensure proper safety and security mechanisms for EBTs constitutes negligence. This includes system malfunctions and security breaches.
3. Alert failures: Failing to send mandatory transaction alerts for EBTs above ₹500 is classified as negligence. The alert obligation is non-discretionary.
4. Complaint handling failures: Failing to provide 24×7 channels for customer complaints and failing to act diligently on received complaints both constitute negligence. Banks cannot limit complaint access to business hours.
5. Complaint resolution timelines: Banks must resolve fraudulent EBT complaints within 45 calendar days for domestic EBTs and within 60 calendar days for cross-border EBTs. Breach of these timelines has implications for bank liability assessment.
6. Post-complaint containment obligation: On receipt of any fraudulent EBT complaint, a bank must take prompt steps to prevent further unauthorised EBTs in the customer’s account. This is a proactive duty, not a passive acknowledgment obligation.

Does the framework resolve the consumer’s structural vulnerability to digital fraud, or does it shift the problem without eliminating it?

1. Consumer protection: The framework guarantees time-bound compensation and imposes liability for proven bank negligence.
2. Limited bank incentives: RBI bears most compensation costs. Banks usually contribute only 10-20%, reducing incentives to strengthen fraud prevention.
3. Procedural burden: Victims must report fraud within five days and satisfy bank-specific verification standards.
4. Source of fraud: The framework compensates losses but does not strengthen EBT security standards or regulate payment intermediaries.
5. Residual reporting: Victims must also report fraud to the National Cyber Crime Reporting Portal or Cyber Crime Helpline. This supports record-keeping, not recovery.
6. Coverage mismatch: The compensation cap is ₹25,000, whereas average fraud value in FY26 was about ₹4.75 crore per case, limiting relevance to small-value consumer fraud.

Conclusion

The RBI framework introduces the first regulatory mechanism for sharing consumer losses from digital fraud. It reduces immediate customer losses but leaves banks with limited financial incentives to prevent fraud. Large-value frauds, security standards and accountability of payment intermediaries remain unresolved.