Summary of this article
Customers face zero liability for bank-linked digital fraud.
Compensation up to Rs 50,000 offered for small losses.
Banks and RBI share costs; third-party breaches covered.
The Reserve Bank of India (RBI) has proposed that customers will face nil liability if fraudulent digital banking transactions occur due to negligence by lenders. The draft guidelines were issued on March 6, 2026 as part of the 'Review of Framework of Limiting Customer Liability in Digital Transactions' following the February 2026 Monetary Policy Committee (MPC) meeting.
Henceforth, lenders would be required to reverse unauthorised transactions if the fraud is linked to lapses on their part. The norms will apply to digital banking transactions conducted on or after July 1, 2026, once the framework is finalised.
Nil Liability For Bank-Linked Fraud
The draft says that, "a customer shall be entitled to zero liability and reversal of the transaction in cases where the fraudulent electronic banking transaction occurs due to negligence / deficiency on the part of the bank (irrespective of whether the transaction is reported by the customer or not) and in cases of third-party breach where the customer reports the unauthorised fraudulent electronic banking transaction to the bank within five calendar days from the date of its occurrence”.
Negligence by a bank includes failure to put in place mandated systems and procedures to ensure safety and security, not sending mandatory alerts for transactions, system malfunctions, security breaches, or internal frauds that lead to unauthorised transactions.
Compensation For Small-Value Transactions
For fraudulent transactions up to Rs 50,000, a genuine victim may receive 85 per cent of the net loss or Rs 25,000, whichever is lower, as a once-in-a-lifetime compensation. Net loss is calculated after deducting any recoveries made before or after paying the compensation.
Compensation is granted only if the loss is bona fide, the victim reports the fraudulent transactions to the National Cyber Crime Reporting Portal (NCCRP) or helpline (1930), and the bank within five calendar days.
Third-Party Breaches And Bank Responsibility
For third-party breaches, where the customer reports the fraud within five calendar days, lenders bear full responsibility and must reverse the transactions. Third-party breach refers to failures in systems including deficiencies by Third-Party Application Providers (TPAP), Payment Aggregators (PA), Payment Gateways (PG), and Telecom Service Providers (TSP).
Sharing Of Compensation Costs
For complaints involving losses under Rs 29,412, where 85 per cent of net loss is paid, RBI will bear 65 per cent, the customer's bank 10 per cent, and the beneficiary bank 10 per cent. For losses between Rs 29,412 and Rs 50,000, where compensation is capped at Rs 25,000, the RBI, customer's bank, and beneficiary bank will contribute Rs 19,118, Rs 2,941, and Rs 2,941, respectively.
Customer Liability and Reporting
The draft further says that “in cases where the fraudulent electronic banking transaction occurs due to negligence by the customer, he / she shall be liable for the loss incurred by him / her, to the extent of loss not eligible for compensation as per the mechanism detailed at paragraph 76T below, until he / she reports the fraudulent electronic banking transaction to the bank".
The draft framework centres the burden of proof of customer liability on the lender. If a complaint is rejected, banks must include reasons along with supporting evidence, such as OTP logs, SMS logs, transaction history, etc. Lenders are also liable for loss incurred from unauthorised transactions after the customer informs about the fraud.
Transaction Reversal And Value Dating
When a bank is required to compensate for a fraudulent transaction, the bank should ensure that the reversal is value dated to the original transaction date. This is to ensure that the customer does not lose interest or incurs additional charges due to the fraud.
