Digital Payment Frauds and RBI’s Consumer Protection Framework

Context

The Reserve Bank of India (RBI) has introduced a revised compensation framework under the RBI (Commercial Banks – Responsible Business Conduct) Third Amendment Directions, 2026 to strengthen consumer protection and improve compensation for victims of digital payment frauds. The revised provisions will apply to unauthorised electronic banking transactions from 1^st January 2027.

Growing Digital Fraud Landscape

India’s rapid expansion of UPI, mobile banking, internet banking, and card-based payments has been accompanied by a sharp rise in digital financial frauds.

Common forms of fraud include:

1. Phishing, vishing, and OTP theft.
2. SIM swapping.
3. Fake UPI IDs and QR code scams.
4. AI-enabled deepfake and social engineering attacks.

Elderly citizens, first-time digital users, and rural consumers remain particularly vulnerable.

According to RBI, the banking sector reported over 36,000 fraud cases involving nearly ₹13,930 crore during 2023–24.

RBI’s Regulatory Measures

To strengthen digital payment security and consumer protection, the RBI has introduced multiple safeguards:

1. Limited Liability Framework: Customers bear zero or limited liability if unauthorised transactions are reported within the prescribed timeline.
2. Two-Factor Authentication (2FA): Mandatory authentication for digital payment transactions.
3. Real-Time Fraud Monitoring: Banks are required to deploy real-time transaction monitoring systems and report major frauds to the Central Fraud Registry.
4. Action Against Mule Accounts: Banks must identify and freeze accounts used for routing fraudulently obtained funds.
5. Financial Consumer Protection: Initiatives such as ‘100 Days 100 Pays’ reflect RBI’s broader commitment to strengthening consumer protection and improving financial governance.

Persistent Challenges

Despite regulatory measures, several challenges continue:

1. Low digital awareness among vulnerable users.
2. Poor recovery of fraudulently transferred funds.
3. Difficulty in investigating cross-border frauds.
4. Rapidly evolving mule account networks.
5. Increasing use of AI-driven fraud techniques.

Revised Compensation Framework

Eligibility

A bona fide customer is eligible for compensation if the fraud is reported to the National Cyber Crime Reporting Portal or the Cyber Crime Helpline (1930) and the concerned bank within five calendar days. The benefit is available once during the customer’s lifetime.

Compensation: For losses up to ₹50,000, compensation will be 85% of the net loss or ₹25,000, whichever is lower.

Liability Sharing

1. Domestic fraud: Compensation is shared among the RBI, the customer’s bank, and the beneficiary bank according to the prescribed framework.
2. Cross-border fraud: Liability is shared between the RBI and the customer’s bank.

Additional Provisions

1. Credit card fraud: Banks must provide a shadow reversal within five calendar days of receiving the complaint.
2. Post-recovery adjustment: Compensation must be revised if the defrauded amount is recovered subsequently.

Way Forward

Strengthening the digital payment ecosystem requires:

1. Enhancing digital and financial literacy.
2. Promoting AI-based fraud detection and real-time transaction monitoring.
3. Strengthening cybercrime investigation and inter-agency coordination.
4. Improving grievance redressal and fund recovery mechanisms.
5. Regularly updating cybersecurity regulations to address emerging threats.

Conclusion

As digital payments become central to India’s financial ecosystem, strengthening consumer protection, cybersecurity, institutional coordination, and digital awareness will be essential to sustaining public trust, promoting financial inclusion, and ensuring a secure and resilient digital economy.