Fraud safety net: RBI's new framework will boost trust in digital payments

The revolution in digital payments in India has transformed the way citizens transact. But it has also exposed users to growing incidents of cyber fraud. Given the seriousness of such concerns, the Reserve Bank of India (RBI) last week issued draft directions to review the framework for limiting customer liability in digital transactions by proposing changes to the existing guidelines on responsible business conduct given by the Department of Regulation. The proposal introduces a compensation mechanism for small-value digital frauds. Customers who lose up to ₹50,000 through fraudulent electronic transactions may receive compensation of up to 85 per cent of the loss or ₹25,000, whichever is lower, if the fraud is promptly reported. This is significant and will boost consumer confidence. The draft directions are expected to come into effect on July 1, 2026, after stakeholder consultation. The directions, among other things, will also clarify what constitutes “negligence” — by a bank or a customer.

 

The framework comes at a time when India’s digital-payment ecosystem is rapidly expanding. Platforms built on the Unified Payments Interface (UPI), mobile wallets, and online banking have seen significant adoption, even in remote areas. However, phishing attacks, one-time-password scams, fake customer-care calls, and malware-based frauds have become increasingly common. The data from the RBI shows that during 2024-25, frauds involving the card and the internet accounted for 66.8 per cent of the total in numerical terms. Nearly 13,500 cases of card and internet frauds, involving ₹520 crore, were reported in 2024-25. The draft also proposes stronger customer-protection mechanisms, including mandatory SMS alerts for transactions above ₹500 and quick complaint-resolution timelines. Banks will be required to respond to customers within defined timeframes, which could reduce delays and procedural hurdles often faced by fraud victims. Partial reimbursement may also be available even where there is customer negligence if the fraud is reported within five days.

 

However, compensation alone cannot address the deeper challenges of digital fraud. Many incidents stem from low levels of digital literacy and a limited awareness of cyber risks. First-time users, elderly customers, and small merchants are particularly vulnerable to scams involving fake payment links or impersonation calls. Furthermore, coordination gaps among banks, telecom providers, and law-enforcement agencies often delay the freezing of fraudulent accounts and recovery of funds. The effectiveness of the proposed framework will, therefore, depend on how quickly banks deploy real-time fraud-detection systems and strengthen their internal cybersecurity infrastructure.

 

A broader ecosystem response is required. Banks need to invest more in tools that instantly flag suspicious transactions. Mandatory real-time alerts, transaction limits for high-risk activities, and stronger authentication systems could reduce the probability of fraud. Campaigns to elevate public awareness, through banks, regulators, and the National Cyber Crime Reporting Portal, are equally essential to educate users about common scam techniques. The aim should be to eliminate the possibility of such frauds. However, until that is achieved, the RBI’s new framework will help enhance customer confidence. Importantly, the framework will require contributions from the RBI, the customer’s bank, and the beneficiary bank to compensate the customer. This indicates that the central bank seriously intends to address the challenge.