Express Computer

Home  »  Guest Blogs  »  RBI’s ₹25,000 Digital Fraud Compensation Proposal and Its Impact on Banks and Fintechs

RBI’s ₹25,000 Digital Fraud Compensation Proposal and Its Impact on Banks and Fintechs

Guest BlogsArtificial Intelligence AI
By Express Computer
0 67

By – Debiprasad Sarangi, CEO & Co-Founder of iServeU

India’s digital payments infrastructure has scaled at a pace few predicted. UPI alone processes over 16 billion transactions a month, and tens of crores of Indians now manage their finances entirely through digital channels. For many of them, traditional banking is no longer a fallback – it is simply unfamiliar. Trust in digital banking grew as fast as adoption did.

Fraud grew alongside it. Cybercrime reports filed on the National Cyber Crime Reporting Portal have climbed steeply year after year. The scams targeting ordinary people are sophisticated: fake customer care calls, SIM swap attacks, phishing links disguised as bank messages, QR code manipulation. While some fraud exploits user error, the majority of cases involve deliberate deception through social engineering sophisticated enough to fool even cautious, informed users.

It is this surge in sophisticated fraud that has brought RBI’s 2017 compensation framework under scrutiny, when UPI was barely a year old, it was not designed to cope up with the threats that exist today. So the Digital Fraud Compensation Proposal was designed to address that.

The draft proposal cover three areas: a compensation framework for small-value fraud, an expanded definition of what constitutes fraud, and stricter requirements for how banks handle complaints.

On compensation: A customer who is a genuine victim of a fraudulent electronic banking transaction involving a loss of up to ₹50,000 may apply for compensation once in their lifetime. They will receive 85% of the net loss amount, subject to a cap of ₹25,000. To be eligible, the fraud must be reported to the bank and on the National Cyber Crime Reporting Portal within five calendar days of occurrence. The five-day window exists for a practical reason: the faster fraud is reported, the higher the likelihood of recovering funds before they are withdrawn or layered.

On who bears the cost: RBI will carry the larger share of the liability. For losses below ₹29,412, RBI contributes 65% of the compensation, the sending bank and beneficiary bank each contribute 10%, and the remaining 15% is borne by the customer. For losses between ₹29,412 and ₹50,000 where compensation is capped at ₹25,000, RBI contributes ₹19,118 and each bank contributes ₹2,941.

On the definition of fraud: This is where the proposal carries the most consequential shift. The draft expands the definition to include transactions where a customer was tricked into willingly sending money to a scammer posing as a legitimate recipient. Consider a common pattern: a scammer poses as a bank employee, creates urgency by warning that the customer’s account will be frozen, and convinces them to transfer funds to a “safe account” that is, in reality, controlled by the fraudster. The customer authorized the transaction, but only because they were manipulated into doing so. This is authorized push payment fraud, and it is precisely the category that has been hardest for victims to seek recourse on.

On complaint handling: Banks must resolve complaints within 30 days, send SMS alerts for all transactions above ₹500, and maintain 24-hour fraud reporting channels. Crucially, the burden of proving customer negligence now lies with the bank, not the customer.

For banks, this proposal is simultaneously an accountability measure and an operational challenge. Though RBI bears the majority of the compensation cost, banks on both sides of the transaction — the sender’s bank and the beneficiary bank — each contribute 10% per payout. Weak fraud controls will simply result in more frequent payouts.

The operational bar is also higher. Compensation must be credited within five calendar days of application, before an investigation is necessarily complete. That demands robust complaint infrastructure across the payment ecosystem. Historically, the burden of proving negligence lay with the customer. These rules invert that, Banks must now demonstrate that the customer was at fault — which changes how institutions think about authentication, onboarding, and real-time monitoring, because every gap in those processes now has a measurable cost.

This is not a step India is taking alone. The UK introduced mandatory authorised push payment fraud reimbursement in October 2024, with liability split equally between the sending and receiving bank. The EU under PSD2 requires full reimbursement for unauthorised transactions. Singapore’s MAS has established shared responsibility guidelines that distribute liability across banks and platforms based on where controls failed. The direction globally is consistent: the burden of fraud cannot sit entirely with the customer. RBI’s proposal brings India into alignment with that principle, while calibrating the cost-sharing model to the realities of the domestic market.

Technology Service Providers(TSPs) that act as intermediaries in banking transactions will need to review their fraud detection and reporting infrastructure. The requirement for 24-hour reporting channels and transaction-level SMS alerts is not simply a compliance checkbox — it is a capability standard. Fintechs and TSPs that have invested in real-time detection, frictionless fraud reporting, and rapid resolution workflows will be well-positioned. Those that have not will find the compliance burden difficult to meet at pace.

For TSP building UPI and banking APIs, the proposal also opens a genuine product opportunity: fraud prevention as a differentiator, not just a regulatory obligation.

The framework will run as a pilot for one year from the date the directions take effect. It will then be reviewed with the stated goal of increasing the banks’ share and reducing or eliminating RBI’s contribution over time. That trajectory should be read clearly: the current cost structure is designed to absorb the transition. Institutions that treat this year as a preparation window, rather than a grace period will carry a significantly lower burden when the review comes.

RBI has opened the proposal for Public comments until April 6, 2026. They have explicitly invited feedback from banks, fintechs, industry bodies, and individual customers. 

The proposal will not eliminate digital fraud completely. But it does something the existing framework couldn’t, it acknowledges that people who are deceived deserve protection. That recognition alone, if acted on sincerely, can go a long way in rebuilding trust in digital payments.

Express Computer

Express Computer is one of India's most respected IT media brands and has been in publication for 24 years running. We cover enterprise technology in all its flavours, including processors, storage, networking, wireless, business applications, cloud computing, analytics, green initiatives and anything that can help companies make the most of their ICT investments. Additionally, we also report on the fast emerging realm of eGovernance in India.

You might also like More from author
Leave A Reply

Your email address will not be published.