The regulator has additionally positioned the burden of proving buyer legal responsibility on banks in such instances. The instructions will apply to digital banking transactions undertaken by clients on or after July 1, 2026.
“The burden of proving buyer legal responsibility in complaints involving fraudulent digital banking transactions shall lie on the financial institution,” the RBI stated within the draft rules.
In response to the RBI, practically 65 per cent of fraud instances contain quantities beneath Rs 50,000.
Clients may have zero legal responsibility and be entitled to reversal of the transaction if the fraud happens because of negligence by the financial institution or due to a third-party breach.
Compensation shall be offered if the loss is established as real beneath the financial institution’s inside coverage and the sufferer studies the incident each to the financial institution and the Nationwide Cyber Crime Helpline (1930) inside 5 days of the fraud.
Banks should look at complaints, decide legal responsibility and reply to clients inside 30 days of receiving the criticism.The proposed compensation mechanism will stay in power for one 12 months from the efficient date, after which it is going to be reviewed. The RBI stated the goal is to regularly enhance the share borne by banks and cut back or remove the central financial institution’s contribution. The regulator has invited feedback from stakeholders on the draft instructions till April 6, 2026.
The draft framework additionally units out a compensation-sharing mechanism. For losses beneath Rs 29,412, the place compensation of 85 per cent is paid, 65 per cent shall be borne by the RBI, whereas the client’s financial institution and the beneficiary financial institution will contribute 10 per cent every. For losses between Rs 29,412 and Rs 50,000, the RBI will contribute Rs 19,118, whereas the client’s financial institution and the beneficiary financial institution will contribute Rs 2,941 every.
The RBI has additionally revised definitions associated to authorised digital banking transactions and negligence by banks and clients. Authorised transactions embrace these carried out by clients or authorised third events utilizing passwords, OTPs or card particulars, in addition to instances the place clients are tricked or coerced into transferring cash to scammers.
Negligence by a financial institution contains failure to place in place required safety methods, ship transaction alerts, present channels to report fraud or act promptly on buyer complaints. Buyer negligence contains sharing credentials corresponding to PINs, passwords or OTPs, delaying the reporting of fraud, ignoring rip-off warnings from banks, or downloading malicious functions.
