Scammed? RBI will pay you back, but only once in a lifetime

The central bank is proposing a safety net for one of the world’s largest digital payment ecosystems, offering to partially reimburse victims of cyber fraud—even when the victims themselves are at fault.

The Reserve Bank of India (RBI) on Friday proposed that it, along with banks, will compensate victims of fraudulent digital banking transactions of up to ₹50,000. The customer will be paid up to 85% of the loss, or up to ₹25,000, whichever is lower. This will be shared between the central bank, the customer’s bank and the bank where the money was transferred.

The catch is that customers will get this only once in a lifetime. Governor Sanjay Malhotra said last month that this is a way to forgive an initial lapse in judgment while ensuring that users tighten their personal security protocols thereafter.

The proposal marks a significant shift in liability dynamics in India. While banks have traditionally resisted paying for customer errors like OTP sharing, RBI is now stepping in to subsidize those mistakes to keep the nation’s digital momentum from stalling.

Electronic banking transactions include point-of-sale transfers, automated teller machine transactions, direct deposits or withdrawals, telephone-initiated transfers, and internet and card payments.

Eligibility conditions

This compensation will apply to individuals who have lost money due to third-party breaches and to customers who have been negligent. A third-party breach is when the bank’s services or the customer’s actions were not the cause of the loss, but the loss lies elsewhere in the system.

Meanwhile, customer negligence would include actions such as providing a PIN, password, OTP, or other details to another person to carry out transactions; failing to notify the bank immediately upon discovering a fraudulent transaction; and downloading malicious apps, among others.

The compensation would be contingent upon the loss being found legitimate and the victim reporting the fraud on the National Cyber Crime Reporting Portal or the National Cyber Crime Helpline, and to the bank, within five calendar days of its occurrence.

These are proposals floated by the central bank in a draft circular released on Friday. A month ago, RBI had said it would issue a framework for compensation in cases of small-value fraudulent transactions.

The circular also mandates that bank boards or their committees must regularly audit reported digital frauds and the effectiveness of their resolution processes, using these insights to strengthen security protocols and grievance systems.

It also said that a customer shall be entitled to zero liability and a reversal of the transaction if the fraudulent transaction occurs due to the bank’s negligence, regardless of whether the customer reported it.

“The burden of proving customer liability in complaints involving fraudulent electronic banking transactions shall lie on the bank,” it said.