Thursday, June 25, 2026

Digital Frauds

 The Reserve Bank of India (Commercial Banks – Responsible Business Conduct) Third Amendment Directions, 2026 represents a substantial overhaul of the regulatory framework governing customer protection in cases of fraudulent electronic banking transactions. Applicable to transactions undertaken on or after 1 January 2027, the Directions replace the existing provisions on customer liability and introduce a more detailed and structured regime covering card-present and card-not-present transactions, internet banking, mobile banking, and other electronic payment channels.

A notable feature of the amendment is its stronger emphasis on customer protection and accountability of banks. Customers will enjoy zero liability in cases where fraud arises due to negligence or deficiencies on the part of the bank, including system failures, security breaches, failure to send transaction alerts, or inadequate fraud-reporting mechanisms. Similarly, customers affected by third-party breaches will be entitled to full reversal of fraudulent transactions if the incident is reported within five calendar days. The burden of proving customer negligence has been expressly placed on banks, marking a significant shift in favour of consumer protection.

The Directions also introduce several operational safeguards. Banks must provide 24×7 channels for reporting fraud, issue instant SMS alerts for transactions exceeding ₹500, send email notifications wherever available, acknowledge complaints immediately, and complete investigation and liability determination within prescribed timelines of 45 days for domestic frauds and 60 days for cross-border cases. Credit card customers are additionally protected through a mandatory “shadow reversal” mechanism, requiring provisional credit within five days of reporting a fraudulent transaction.

Perhaps the most innovative aspect of the amendment is the introduction of a compensation framework for bona fide victims of small-value digital frauds. Individual customers suffering losses of up to ₹50,000 due to fraudulent electronic banking transactions may receive compensation of 85% of the net loss, subject to a maximum of ₹25,000, provided the fraud is reported both to the bank and the National Cyber Crime Reporting Portal or Helpline 1930 within five days. The compensation cost is shared among the RBI, the customer’s bank, and, where applicable, the beneficiary bank, demonstrating a collaborative approach to addressing digital fraud risks.

Overall, the amendment reflects RBI’s proactive response to the rising incidence of digital payment frauds. By combining enhanced customer safeguards, stricter obligations on banks, structured compensation mechanisms, and board-level oversight of fraud-related complaints, the Directions seek to strengthen public confidence in India's rapidly expanding digital banking ecosystem while promoting greater responsibility and resilience across the banking sector.

No comments: