RBI Releases Draft Framework to Improve Fraud Protection
The Reserve Bank of India (RBI) has proposed a new set of guidelines designed to strengthen safeguards against fraud in digital banking transactions. The proposal comes under the Draft Third Amendment Directions, 2026 within the central bank’s Responsible Business Conduct framework.
The initiative aims to enhance customer protection as digital payments continue to expand rapidly across India. With millions of transactions now taking place daily through online banking platforms, the RBI is seeking to ensure stronger accountability and clearer rules for dealing with unauthorised transactions.
Digital Payment Channels Covered Under the Proposal
The draft regulations mainly address fraud occurring through various digital banking channels, including:
-
- UPI transactions
- Internet banking
- Mobile banking
- Debit and credit card payments
- ATM withdrawals
According to the RBI, the new rules will apply to transactions conducted on or after July 1, 2026.
The framework will cover commercial banks, while small finance banks, payments banks, regional rural banks, and local area banks will remain outside the scope of these proposed directions.
Updated Rules on Customer Liability
A key objective of the amendment is to revise existing provisions that determine customer liability in cases of unauthorised electronic transactions.
The draft guidelines, released on March 6, 2026, define electronic banking transactions as payments carried out through internet banking, mobile banking, card-based systems, or any other method considered an electronic fund transfer under the Payment and Settlement Systems Act, 2007.
Clearer Definition of Authorised Transactions
To reduce confusion in fraud investigations, the RBI has proposed clearer definitions for authorised transactions.
Payments carried out using customer authentication methods such as OTP, PIN, passwords, or card credentials will generally be treated as authorised transactions.
The same classification will apply to transactions executed by previously approved third parties, including payments made through standing instructions or mandates registered with banks.
Cases That Would Be Treated as Fraud
Despite the use of authentication, certain situations may still qualify as fraudulent transactions.
These include:
- When a third party carries out a payment using credentials obtained from a customer through deception or fraud
- When customers approve a transaction after being threatened or coerced by scammers
- When individuals are tricked into transferring funds to fraudsters posing as legitimate recipients
These scenarios are intended to ensure that victims of sophisticated scams are not unfairly held responsible.
Responsibilities of Banks and Customers
The draft framework also outlines circumstances that could amount to negligence by either banks or customers.
Possible negligence by banks:
- Failure to maintain secure digital infrastructure
- Delay in sending transaction alerts to customers
- Lack of effective channels for reporting suspicious activity
Possible negligence by customers:
- Sharing sensitive information such as OTPs or passwords
- Ignoring fraud warnings or alerts from banks
- Installing suspicious applications that compromise account security
Addressing Failures in the Digital Payment Ecosystem
The RBI proposal also recognises that fraud may occur due to failures in the broader digital payment ecosystem.
A third-party breach refers to situations where the problem arises from lapses by intermediaries such as:
- Third-party payment applications
- Payment gateways
- Payment aggregators
- Telecom service providers
In such cases, the responsibility may not lie directly with either the bank or the customer.
Reporting Fraud Through National Cybercrime Channels
The central bank has urged banks to actively encourage customers to report fraudulent transactions immediately.
Victims should notify their bank as soon as possible and also register a complaint through the National Cyber Crime Reporting Portal or contact the National Cyber Crime Helpline (1930).
Prompt reporting is considered essential for investigating fraud and improving the chances of recovering lost funds.
Proposed Compensation for Small Fraud Losses
The draft amendment also introduces a compensation mechanism for smaller digital fraud cases.
Under the proposal:
- Customers suffering a genuine fraud loss of up to ₹50,000 may be eligible for compensation.
- The reimbursement may cover 85% of the net loss or up to ₹25,000, whichever is lower.
- This benefit can be claimed once in a lifetime by an individual customer.
To qualify, the fraud must be reported to both the bank and the cybercrime portal or helpline within five days of the incident.
For such cases, most of the compensation is expected to be funded by the RBI, with smaller contributions from the customer’s bank and the beneficiary bank. If the stolen amount is later recovered, the compensation will be adjusted accordingly.
Summary
The Reserve Bank of India has proposed new draft rules to strengthen protection against fraud in digital banking transactions. The framework covers UPI payments, mobile banking, internet banking, card transactions, and ATM withdrawals. It introduces clearer definitions for authorised and fraudulent transactions, revises guidelines on customer liability, outlines responsibilities for banks and customers, and addresses breaches involving third-party service providers. The proposal also includes a compensation mechanism for small fraud cases of up to ₹50,000, allowing eligible customers to receive partial reimbursement if the fraud is reported promptly.
Disclaimer
The information in this article is based on publicly available announcements and draft guidelines issued by the Reserve Bank of India. As these regulations are currently in draft form, the final rules and implementation details may change after consultations and review by the central bank. The content is intended for informational purposes only. The publication does not independently verify third-party claims or assertions mentioned in developments.