Starting January 1, 2027, a new Reserve Bank of India (RBI) framework will introduce a compensation mechanism for victims of electronic banking fraud. While this move aims to bolster consumer protection against scams like UPI fraud, phishing, and fake KYC requests, a critical five-day reporting deadline could determine whether victims receive financial relief.
Strict 5-Day Reporting Window
Chartered accountant Kanan Bahl emphasizes that the most crucial aspect of the new framework is the reporting timeline. Victims of fraud will have only five calendar days from the discovery of the fraudulent transaction to report it. Missing this strict window will render them ineligible for any compensation under the RBI scheme.
Mandatory Dual Reporting
To successfully claim compensation, reporting the fraud solely to the bank will not suffice. Bahl clarifies that victims must notify both their bank and the National Cyber Crime Helpline (dial 1930) within the five-day period. Failure to inform either authority within this stipulated time will disqualify the customer from compensation.
This stringent timeline is designed to enhance the chances of freezing fraudulent transactions and recovering stolen funds before they are moved through multiple accounts, thus improving the overall effectiveness of fraud prevention and recovery.
Who Can Claim Compensation and How Much?
The RBI framework covers various fraudulent electronic transactions, including internet banking fraud, UPI fraud, phishing scams, and fake KYC requests. It applies to individual customers and sole proprietors, provided the total loss does not exceed ₹50,000.
Eligible customers can receive compensation up to 85% of their net loss (after adjusting any recovered amount) or ₹25,000, whichever is lower. This compensation can be claimed only once per customer lifetime. For instance, a customer losing ₹20,000 with no recovery would receive ₹17,000. If the net loss is ₹50,000, the maximum payout would be ₹25,000.
Shifting Burden of Proof to Banks
A significant change introduced by the new framework is the shift in the burden of proof. Previously, banks could often deny claims by asserting customer negligence. From January 2027, banks will be required to prove customer negligence. If a bank cannot demonstrate this, the customer automatically becomes eligible for compensation under the framework.
Furthermore, in cases where the fraud directly results from a bank's own failures—such as internal security breaches, employee involvement, or failure to send transaction alerts—the customer's liability will be zero, and the bank will reimburse the entire loss without any upper limit.
How Compensation is Funded
While customers will receive compensation directly from their bank, the payout is shared among multiple stakeholders. The RBI will bear 65% of the compensation amount. The customer's bank and the bank that received the fraudulent funds will each contribute 10%. The remaining 15% of the loss will be borne by the customer.
With estimates suggesting Indians lose over ₹60 crore daily to online fraud, this framework represents a substantial step towards protecting digital banking users. However, Bahl reiterates the critical message: compensation is not automatic. Immediate reporting within the five-day window is paramount for victims to recover their funds.