Differences
This shows you the differences between two versions of the page.
| — | rbi-digital-fraud-compensation-25000-2026 [2026/07/10 21:17] (current) – created - external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | {{htmlmetatags> | ||
| + | ====== RBI Bank Fraud Compensation 2026: New Rs 25,000 Payout Rule ====== | ||
| + | |||
| + | From 1 January 2027, even if a fraud happened because you shared your OTP or password, you can claim a one-time refund of 85 per cent of your net loss or Rs 25,000, whichever is lower, on a fraudulent electronic banking transaction with a gross loss up to Rs 50,000. This is a brand new cushion, and it does not touch the older zero-liability protections that still apply when the bank was at fault or when you reported a third-party fraud in time. | ||
| + | |||
| + | <WRAP info> | ||
| + | **Quick answer.** The new payout is in the RBI Responsible Business Conduct Third Amendment Directions, 2026 (RBI/ | ||
| + | </ | ||
| + | |||
| + | **Short on time?** Jump to the [[#how to claim the new compensation|how-to-report steps]] and file with your bank the same day you spot the fraud. | ||
| + | |||
| + | ===== Three situations, three very different outcomes ===== | ||
| + | |||
| + | The biggest mistake people make is assuming the new Rs 25,000 cap is all you can ever get back. It is not. Whether you get a full refund or only the capped amount depends entirely on **why** the fraud happened and **how fast** you reported it. | ||
| + | |||
| + | The new rule does not replace the existing protections. It adds a floor for the one case that had none. Read the table left to right and find your row. | ||
| + | |||
| + | ^ Your situation ^ Who was at fault ^ What you get back ^ When it applies ^ | ||
| + | | Bank negligence or bank fraud | The bank or its system | **Zero liability.** Full money back, no matter when you report | Already in force today | | ||
| + | | Third-party breach, you reported within 5 calendar days | A fraudster, not you, not the bank | **Zero liability.** Full money back if reported in 5 days | Already in force today | | ||
| + | | You shared your OTP, PIN or password | You were negligent | **New cushion:** 85 per cent of net loss or Rs 25,000, whichever is **less**, for gross loss up to Rs 50,000, once in your lifetime | New, from **1 January 2027** | | ||
| + | |||
| + | Note: rows one and two are unchanged. If the bank was careless or a stranger drained your account and you reported within 5 days, you still get every rupee back. The new rule in row three is for the situation where you previously bore the **full** loss because you handed over your secret credentials yourself. | ||
| + | |||
| + | ===== Why this rule exists ===== | ||
| + | |||
| + | Until now, the line was harsh. If a fraudster tricked you into reading out your OTP, the loss was treated as yours alone. Banks would often refuse any refund because you, not they, shared the secret. | ||
| + | |||
| + | The RBI Third Amendment Directions, 2026 soften that line for small losses. They accept that ordinary, honest people get manipulated by clever scams. So for a bona fide individual victim, including a sole proprietor, the bank must now pay a capped amount even in a self-negligence case. | ||
| + | |||
| + | It is deliberately a small, once-in-a-lifetime cushion, not a blank cheque. It rewards honesty and reporting, while still expecting you to guard your credentials. | ||
| + | |||
| + | ===== A worked example with the rupee maths ===== | ||
| + | |||
| + | Say a scammer convinces an unnamed citizen to share an OTP on 5 January 2027. Rs 40,000 leaves the account in one fraudulent transfer. | ||
| + | |||
| + | - **Gross loss:** Rs 40,000. This is under the Rs 50,000 ceiling, so the new rule applies. | ||
| + | - **Recoveries: | ||
| + | - **85 per cent of net loss:** 0.85 x 40,000 = Rs 34,000. | ||
| + | - **The fixed cap:** Rs 25,000. | ||
| + | - **Whichever is less:** Rs 25,000 is lower than Rs 34,000, so the bank pays **Rs 25,000**. | ||
| + | |||
| + | The citizen bears the remaining Rs 15,000, because the rule is a partial cushion for a negligence case, not a full refund. Had the same fraud been a third-party breach reported within 5 days, the full Rs 40,000 would have come back under the older zero-liability rule. | ||
| + | |||
| + | ===== How to claim the new compensation ===== | ||
| + | |||
| + | Speed matters even for the new cushion. Reporting fast also keeps your **zero-liability** options open if it turns out the fraud was not your fault after all. | ||
| + | |||
| + | ==== Step 1: Report to your bank immediately ==== | ||
| + | |||
| + | Call the bank fraud helpline and freeze the account or card the moment you notice the fraud. Follow up in writing, by email or the netbanking grievance form, so you have a dated record. Keep the complaint reference number. | ||
| + | |||
| + | ==== Step 2: File a cyber-crime complaint ==== | ||
| + | |||
| + | Dial the national cyber-crime helpline **1930** and lodge a complaint at [[https:// | ||
| + | |||
| + | ==== Step 3: Give the bank time to respond, then escalate ==== | ||
| + | |||
| + | The bank should investigate and credit any compensation due. If it refuses, delays, or pays the wrong amount, escalate to the **RBI Ombudsman** under the Reserve Bank Integrated Ombudsman Scheme. See [[https:// | ||
| + | |||
| + | ==== Step 4: Use RTI and records to build pressure ==== | ||
| + | |||
| + | If the bank stonewalls, ask it in writing for the fraud investigation report and the reason for any refusal. You can draft a clean, citation-ready request with the [[https:// | ||
| + | |||
| + | ===== Frequently asked questions ===== | ||
| + | |||
| + | ==== Does the Rs 25,000 cap reduce a full refund I would otherwise get? ==== | ||
| + | |||
| + | No. The cap applies only to the negligence case where you shared your credentials. If the bank was at fault, or a third party defrauded you and you reported within 5 calendar days, you still get a full zero-liability refund. The new rule adds a floor where there was none. It never shrinks an existing full refund. | ||
| + | |||
| + | ==== When does this new compensation start? ==== | ||
| + | |||
| + | It applies to electronic banking transactions on or after **1 January 2027**. It is an upcoming rule announced in the RBI Responsible Business Conduct Third Amendment Directions, 2026, dated 24 June 2026. A fraud before that date is not covered by this new cushion. | ||
| + | |||
| + | ==== How many times can I use this? ==== | ||
| + | |||
| + | Once. The 85 per cent or Rs 25,000 capped compensation is available a single time during the customer' | ||
| + | |||
| + | ==== Who qualifies for the new payout? ==== | ||
| + | |||
| + | A bona fide individual victim, including a sole proprietor, whose gross loss on a single fraudulent electronic banking transaction is up to Rs 50,000, in a situation where the customer was negligent, for example by sharing an OTP, PIN or password. Larger losses and non-individual accounts are outside this specific provision. | ||
| + | |||
| + | ==== What if I reported the third-party fraud within 5 days? ==== | ||
| + | |||
| + | Then you are likely in the **zero-liability** category, not the capped one. Reporting a third-party breach within 5 calendar days means the bank should refund the full amount. Always report fast, because the speed of your complaint can decide whether you get everything back or only the capped amount. | ||
| + | |||
| + | ==== Where is this rule written? ==== | ||
| + | |||
| + | In the RBI Responsible Business Conduct Third Amendment Directions, 2026, reference RBI/ | ||
| + | |||
| + | ===== What to do in the next 30 minutes ===== | ||
| + | |||
| + | * If a fraud just happened, call your bank fraud helpline and freeze the account now. | ||
| + | * Dial **1930** and file at cybercrime.gov.in to try to trace the money. | ||
| + | * Email your bank a written complaint and save the reference number. | ||
| + | * Note the exact date. If it is on or after 1 January 2027 and you were negligent, flag the new compensation provision. | ||
| + | * If the bank has already refused a refund, read [[https:// | ||
| + | |||
| + | For the full citizen toolkit on filing, appealing and escalating, see [[https:// | ||
| + | |||
| + | ===== Sources ===== | ||
| + | |||
| + | * RBI Responsible Business Conduct Third Amendment Directions, 2026, RBI/ | ||
| + | * National cyber-crime reporting: [[https:// | ||
| + | |||
| + | ===== Related on RTI Wiki ===== | ||
| + | |||
| + | * [[https:// | ||
| + | * [[https:// | ||
| + | * [[https:// | ||
| + | * [[https:// | ||
| + | ===== RBI digital fraud compensation Rs 25,000: How to claim under the zero liability policy? ===== | ||
| + | |||
| + | RBI's zero liability and limited liability framework protects victims of digital fraud. Here is the complete guide: | ||
| + | |||
| + | - **Step 1: What is the RBI zero liability policy?** (a) under RBI's " | ||
| + | - **Step 2: What counts as digital fraud?** (a) UPI fraud (unauthorized transactions), | ||
| + | - **Step 3: How to report.** (a) immediately call your bank's 24x7 fraud helpline, (b) report on the bank's app or website (block card, freeze account), (c) file a complaint on the National Cyber Crime Reporting Portal (cybercrime.gov.in) or call 1930, (d) email the bank's grievance officer with transaction details (date, amount, merchant), (e) file an FIR at the local police station (cyber crime cell), (f) report to RBI's Banking Ombudsman if the bank does not respond. | ||
| + | - **Step 4: Bank's obligations.** (a) the bank must acknowledge your complaint immediately, | ||
| + | - **Step 5: Common reasons for rejection.** (a) you shared your OTP/ | ||
| + | - **Step 6: How to escalate.** (a) if the bank rejects: file with the Banking Ombudsman (cms.rbi.org.in), | ||
| + | - **Step 7: File RTI.** File RTI with RBI asking for: (a) the total digital fraud compensation paid by banks, (b) the average resolution time, (c) the number of zero liability claims honored, (d) the banks with the highest fraud rates. | ||
| + | |||
| + | See [[https:// | ||
| + | |||
| + | {{tag> | ||