RBI's digital fraud compensation scheme: How customers can recover up to ₹25,000 | Explainer
Indian bank customers have received stronger protection against digital fraud. The Reserve Bank of India (RBI) has overhauled rules to ensure customers do not always lose their savings to sophisticated scammers.
Starting January 1, 2027, the burden of proving that a customer was "careless" will shift entirely to banks. The move provides long-awaited relief for millions of account holders who often felt helpless against sophisticated electronic fraud.
When you pay zero for digital theft
The new rules clearly set out who bears the cost of a scam. Customers will have zero liability — meaning they lose nothing — if the fraud occurred because of a mistake or deficiency within the bank itself.
It does not matter if the fraud was not reported immediately; the bank must return the money.
Customers are also protected if the breach occurred elsewhere in the system, such as at a payment gateway or mobile service provider. In these third-party cases, as long as the fraud is reported to the bank within five days, the money will be protected.
The ₹50,000 compensation rule
For the first time, even if a customer makes a mistake — such as sharing an OTP or clicking on a malicious link — there is a safety net for smaller losses.
If a customer loses up to ₹50,000 due to their own negligence, the RBI now allows special compensation. They can recover 85% of the net loss, or up to ₹25,000, whichever is lower.
This is a one-time benefit. It offers support to customers who may not be technologically savvy but are increasingly dependent on digital services. To qualify, the fraud must be reported to both the bank and the National Cyber Crime portal within five days.
Securing your digital access
To benefit from these protections, customers must follow a few basic steps. First, ensure the bank has the current mobile number and email address on record.
Banks will periodically verify these details. Customers will receive mandatory instant SMS alerts for any transaction exceeding ₹500.
Banks are prohibited from charging customers for these security alerts. If an alert is received for an unauthorised transaction, prompt action is essential to retain protection.
Reporting the crime and filing a claim
If targeted by a scam, customers must act quickly. Banks are now required to provide 24/7 reporting channels, including toll-free helplines, SMS services and direct links on their websites.
Immediate notification: Call the National Cyber Crime Helpline at 1930 or report the fraud through the official portal immediately.
Bank alert: Use the reply number provided in the transaction SMS to report the unauthorised transaction.
The paperwork: For lower-value fraud cases where 85% compensation is sought, the bank will provide a specific application form.
The timeline: Once a formal complaint is filed, the bank must acknowledge it with a complaint number and timestamp. Banks have up to 45 days to resolve domestic fraud cases and 60 days for cross-border cases.
If the bank is at fault, or if a third-party breach caused the fraud, the transaction must be reversed so that the customer does not lose any money, including applicable interest.