MUMBAI: Reserve Bank of India has proposed a ceiling of Rs 50,000 for digital frauds to be eligible for compensation of up to Rs 25,000. According to the draft, customers who lose more than Rs 50,000 in a cyber fraud incident will not qualify for this compensation mechanism.Banks must credit the compensation to the victim within five calendar days after receiving a completed claim application. They will subsequently seek reimbursement from RBI on a quarterly basis. The draft directions also bar banks from charging customers for mandatory regulatory SMS alerts or for promotional and marketing messages sent to them.The proposal, which will be applicable for transactions after July 1, 2026 sets out how the financial burden will be shared between RBI, the customer’s bank, and the bank that received the fraudulent funds. According to the framework, compensation will follow a three-way split that varies with the size of the loss.
For losses below Rs 29,412, the victim will receive 85% of the lost amount (Rs 25,000). RBI will bear 65% of the total loss, while the customer’s bank and the beneficiary bank will each bear 10%. For losses between Rs 29,412 and Rs 50,000, compensation will reach the maximum cap of Rs 25,000. In such cases, RBI will contribute Rs 19,118, while the customer’s bank and the beneficiary bank will each pay Rs 2,941.While RBI did not explain the additional ceiling on the gross loss despite the absolute cap of Rs 25,000, bankers said the limit could be intended to restrict compensation to small depositors or to ensure that customers with higher balances exercise greater caution. RBI announced the compensation framework in its Feb 2026 monetary policy. The provision extends coverage even to customers who have shared credentials such as OTPs. Existing rules generally do not protect customers if they lose money after sharing credentials and before informing the bank. The new norms include losses where the customer is tricked into sending money through an authorised electronic banking transaction carried out through deception, coercion, or misuse of credentials. Such transactions may use valid authentication methods such as OTP, PIN, CVV, or passwords but are still treated as fraud because the approval was obtained through manipulation rather than genuine intent.The central bank has also imposed strict eligibility conditions to ensure the scheme functions as a limited safety net rather than a recurring insurance cover. Individuals will be allowed to claim the compensation only once in their lifetime. In joint accounts, only one account holder may file a claim. Once a claim is made, that individual’s lifetime eligibility will be exhausted, including for any personal accounts held later.Victims must report the fraud to the National Cyber Crime Reporting Portal or the 1930 helpline and inform their bank within five calendar days of the incident to qualify. The standard application form for compensation will also require applicants to submit their Aadhaar number.If law enforcement agencies or banks later recover the stolen funds, the settlement will be recalculated based on net loss. Recovered amounts will first be used to make up any remaining gap between the compensation paid and the customer’s actual loss. Any surplus will be returned to the RBI and the banks.
