From January 1, 2027, the Reserve Bank of India will implement updated rules to protect customers against digital banking fraud by shifting the burden of proof onto banks and introducing a capped compensation scheme for victims of low-value cyber fraud.
- Customers gain zero liability in fraud linked to bank negligence or third-party breaches.
- Banks must now prove customer involvement in fraud disputes.
- Compensation available for small-value losses reported within five days.
What happened
The Reserve Bank of India has released final amendment directions that redefine customer and bank responsibilities in electronic banking fraud. Under the new framework, customers will be protected from liability where banks are negligent or when fraud results from third-party breaches. Importantly, the burden of proving a customer’s liability in fraud cases shifts entirely to banks.
The directions mandate that banks implement comprehensive fraud reporting policies, including clear customer rights, timely complaint resolution, and awareness initiatives. Additionally, transaction alerts must be strengthened to help customers detect unauthorized activities quickly. A compensation mechanism also comes into effect, providing small-value fraud victims with a limited one-time payout.
Why it matters
Cyber fraud in India caused losses estimated at Rs 22,495 crore in 2025, highlighting the urgent need for stronger consumer safeguards in digital transactions. The RBI’s new rules mark a significant shift by placing the onus on banks to determine and prove customer liability, offering customers greater protection against unfair blame in fraud cases.
However, the compensation scheme is capped at Rs 50,000 and requires victims to report fraud within five calendar days, which limits relief for those affected by larger scams or delayed reporting. Still, these changes bring clarity and enhanced accountability to an area where millions of fraud complaints were filed recently but protections were previously inadequate.
What to watch next
As the new rules take effect from January 2027, industry stakeholders will closely monitor their impact on fraud resolution processes and customer trust in digital banking. Banks will need to upgrade their fraud detection, reporting infrastructure, and customer communication practices rapidly to comply with RBI’s expectations.
Regulators and consumer groups may push for further reforms to expand compensation limits or refine eligibility criteria based on early implementation challenges. The evolution of these protections will also be influenced by the growing volume and sophistication of digital payment fraud in India’s expanding fintech ecosystem.