RBI’s 2027 Fraud Compensation Framework: Redefining Customer Liability in Digital Banking

The Reserve Bank of India has issued fresh directions amending its 2017 circular on “Limiting Liability of Customers in Unauthorised Electronic Banking Transactions,” introducing the new concept of “fraudulent Electronic Banking Transactions” (EBTs). Effective January 1, 2027, as a one-year pilot, these rules represent a significant evolution in consumer protection law for digital financial transactions, expanding compensation eligibility beyond purely unauthorised transactions to include certain forms of social-engineering fraud, such as digital arrest scams and OTP theft. For UPSC and SSC aspirants, this is a critical Economy and Governance topic reflecting the growing intersection of financial regulation, cybersecurity, and consumer rights in India’s increasingly digitised economy.

The reform responds to a structural gap: the 2017 framework only protected customers when transactions were technically unauthorised — for instance, in a hacking incident — but offered no protection when customers were coerced or deceived into authorising a transaction themselves, a category covering the overwhelming majority of contemporary financial frauds in India given the country’s massive Unified Payments Interface (UPI) ecosystem processing 250 billion annual transactions worth $3.4 trillion.

💡 Get AI-powered exam prep on your phone!

Download ExamYaari App

This topic is particularly significant given India’s Digital Public Infrastructure (DPI) ambitions, where financial inclusion gains through UPI must be matched with robust fraud-redressal mechanisms to maintain public trust in digital payment systems — a balance directly relevant to India’s economic governance architecture.

Background and Context

Five Important Key Points

  • The RBI’s new rules introduce “fraudulent Electronic Banking Transactions” as transactions executed by third parties using credentials obtained fraudulently or executed by customers under coercion or duress, broadening the scope of customer protection.
  • Customers can claim compensation of up to 85% of losses for amounts up to ₹50,000, capped at a maximum of ₹25,000, claimable only once in a customer’s lifetime, with roughly three-fourths of this borne by the RBI itself.
  • Customers must report fraud to the national cybercrime helpline (1930) within five calendar days to remain eligible for compensation, an increase from the three working days specified in the 2017 framework.
  • The rules will be implemented from January 1, 2027, as a one-year pilot programme, with the effective date pushed back from the originally proposed July 1, 2026 date to give banks more implementation time.
  • Complaint settlement timelines have been extended to 45-60 days, with the longer period applying specifically to international transactions, and banks retain discretionary power to waive customer liability even in cases of negligence.

Legal and Regulatory Framework

The framework operates under the RBI’s powers conferred by the Banking Regulation Act, 1949, and the Payment and Settlement Systems Act, 2007, which authorise the central bank to regulate electronic payment systems and protect consumer interests therein. The earlier 2017 circular drew heavily on principles analogous to the Indian Contract Act, 1872, regarding voidable contracts executed under coercion, duress, or fraudulent misrepresentation — a principle now explicitly extended through the “fraudulent EBT” definition, which the RBI itself contrasts with simple “unauthorised” transactions covered earlier.

Defining Fraudulent EBTs: A Conceptual Shift

The defining innovation of the new framework is the recognition that modern financial fraud predominantly relies on “social engineering” rather than technical breaches of bank security. Since banks’ core cybersecurity infrastructure is heavily regulated and audited, genuine “zero-click” hacks remain rare; instead, fraudsters manipulate customers directly — through fake police “digital arrest” calls, phishing for OTPs, or fraudulent investment schemes. By recognising transactions executed “under coercion or duress” as a distinct category eligible for compensation, the RBI is effectively acknowledging that customer “authorisation” obtained through deception or psychological pressure cannot be treated identically to free and informed consent.

Economic Implications and Compensation Architecture

The tiered compensation structure — 85% compensation capped at ₹25,000 for losses up to ₹50,000 — reflects a calibrated risk-sharing model between the RBI, banks, and customers. The RBI bears the largest share (roughly three-fourths) of the ₹25,000 cap, while customer and beneficiary banks share the remaining half between them. However, critics, including the financial inclusion think tank Dvara Research, have pointed out a significant gap: scams above ₹50,000 do not appear to be covered under this framework at all, leaving high-value fraud victims — often the most devastating cases — without structured recourse.

Governance Concerns: Negligence and the Digital Divide

A notable governance concern is the framework’s treatment of “negligence.” Customers who ignore on-screen fraud warnings or fail to update their registered mobile number or email address with the bank are deemed negligent and ineligible for compensation, though banks retain discretionary power to waive this. This places a significant onus on digital literacy, which remains uneven across India’s population — a concern Dvara Research raised by noting that Indians “encounter fraud attempts multiple times a week” with increasing sophistication, making repeated victimisation a statistical likelihood rather than mere carelessness.

Comparative and International Dimension

Globally, jurisdictions like the United Kingdom have implemented mandatory reimbursement schemes for Authorised Push Payment (APP) fraud through the Payment Systems Regulator, requiring banks to reimburse victims of scam-induced authorised transfers in nearly all circumstances. India’s framework, by contrast, remains more conservative — capped, time-bound, and pilot-based — reflecting a cautious regulatory approach balancing consumer protection against concerns of moral hazard and excessive compliance burden on banks during the initial implementation phase.

Way Forward

The RBI should consider periodically reviewing the ₹50,000 cap in light of inflation and digital transaction volumes, given that several recent scams—including “digital arrest” frauds—often involve sums far exceeding this threshold. A graduated compensation tier for larger losses, perhaps with lower percentage reimbursement, would extend protection without creating excessive moral hazard. Enhanced bank-level fraud detection systems using AI-based transaction anomaly monitoring, coupled with mandatory financial literacy campaigns targeting vulnerable demographics, would complement the compensation framework by reducing fraud incidence itself.

Relevance for UPSC and SSC Examinations

This topic is relevant for UPSC GS Paper III (Indian Economy — banking sector reforms, digital payments, financial inclusion) and GS Paper II (Governance — consumer protection mechanisms). It also connects to Essay topics on “Digital India and Consumer Trust.” For SSC, key terms include: Reserve Bank of India, Payment and Settlement Systems Act 2007, Unified Payments Interface (UPI), Electronic Banking Transactions (EBT), cybercrime helpline 1930, and the Banking Regulation Act, 1949.

Leave a Comment