📱Test our Android app — free beta!Join Beta GroupYou'll receive the install link by email after joining.

Differences

This shows you the differences between two versions of the page.


rbi-digital-fraud-compensation-25000-2026 [2026/07/10 21:17] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +{{htmlmetatags>metatag-title=(RBI Bank Fraud Compensation Rs 25000 2026)&metatag-description=(From 1 January 2027 a new RBI rule pays a one-time capped refund of 85 percent of net loss or Rs 25,000 whichever is less even when you shared your OTP.)&metatag-keywords=(RBI fraud compensation 2027, Rs 25000 fraud refund, customer negligence OTP fraud, zero liability bank fraud)&metatag-robots=(index,follow)&metatag-og:title=(RBI Bank Fraud Compensation 2026: New Rs 25,000 Payout Rule)&metatag-og:description=(From 1 January 2027 a new RBI rule pays a one-time capped refund of 85 percent of net loss or Rs 25,000 whichever is less even when you shared your OTP.)&metatag-og:type=(article)}}
  
 +====== RBI Bank Fraud Compensation 2026: New Rs 25,000 Payout Rule ======
 +
 +From 1 January 2027, even if a fraud happened because you shared your OTP or password, you can claim a one-time refund of 85 per cent of your net loss or Rs 25,000, whichever is lower, on a fraudulent electronic banking transaction with a gross loss up to Rs 50,000. This is a brand new cushion, and it does not touch the older zero-liability protections that still apply when the bank was at fault or when you reported a third-party fraud in time.
 +
 +<WRAP info>
 +**Quick answer.** The new payout is in the RBI Responsible Business Conduct Third Amendment Directions, 2026 (RBI/2026-27/167, dated 24 June 2026). It applies only to transactions on or after **1 January 2027**. It helps the one situation you were never covered for before: when you were careless and shared credentials. You can use it **once in your lifetime**.
 +</WRAP>
 +
 +**Short on time?** Jump to the [[#how to claim the new compensation|how-to-report steps]] and file with your bank the same day you spot the fraud.
 +
 +===== Three situations, three very different outcomes =====
 +
 +The biggest mistake people make is assuming the new Rs 25,000 cap is all you can ever get back. It is not. Whether you get a full refund or only the capped amount depends entirely on **why** the fraud happened and **how fast** you reported it.
 +
 +The new rule does not replace the existing protections. It adds a floor for the one case that had none. Read the table left to right and find your row.
 +
 +^ Your situation ^ Who was at fault ^ What you get back ^ When it applies ^
 +| Bank negligence or bank fraud | The bank or its system | **Zero liability.** Full money back, no matter when you report | Already in force today |
 +| Third-party breach, you reported within 5 calendar days | A fraudster, not you, not the bank | **Zero liability.** Full money back if reported in 5 days | Already in force today |
 +| You shared your OTP, PIN or password | You were negligent | **New cushion:** 85 per cent of net loss or Rs 25,000, whichever is **less**, for gross loss up to Rs 50,000, once in your lifetime | New, from **1 January 2027** |
 +
 +Note: rows one and two are unchanged. If the bank was careless or a stranger drained your account and you reported within 5 days, you still get every rupee back. The new rule in row three is for the situation where you previously bore the **full** loss because you handed over your secret credentials yourself.
 +
 +===== Why this rule exists =====
 +
 +Until now, the line was harsh. If a fraudster tricked you into reading out your OTP, the loss was treated as yours alone. Banks would often refuse any refund because you, not they, shared the secret.
 +
 +The RBI Third Amendment Directions, 2026 soften that line for small losses. They accept that ordinary, honest people get manipulated by clever scams. So for a bona fide individual victim, including a sole proprietor, the bank must now pay a capped amount even in a self-negligence case.
 +
 +It is deliberately a small, once-in-a-lifetime cushion, not a blank cheque. It rewards honesty and reporting, while still expecting you to guard your credentials.
 +
 +===== A worked example with the rupee maths =====
 +
 +Say a scammer convinces an unnamed citizen to share an OTP on 5 January 2027. Rs 40,000 leaves the account in one fraudulent transfer.
 +
 +  - **Gross loss:** Rs 40,000. This is under the Rs 50,000 ceiling, so the new rule applies.
 +  - **Recoveries:** the bank claws back nothing, so the **net loss** stays Rs 40,000.
 +  - **85 per cent of net loss:** 0.85 x 40,000 = Rs 34,000.
 +  - **The fixed cap:** Rs 25,000.
 +  - **Whichever is less:** Rs 25,000 is lower than Rs 34,000, so the bank pays **Rs 25,000**.
 +
 +The citizen bears the remaining Rs 15,000, because the rule is a partial cushion for a negligence case, not a full refund. Had the same fraud been a third-party breach reported within 5 days, the full Rs 40,000 would have come back under the older zero-liability rule.
 +
 +===== How to claim the new compensation =====
 +
 +Speed matters even for the new cushion. Reporting fast also keeps your **zero-liability** options open if it turns out the fraud was not your fault after all.
 +
 +==== Step 1: Report to your bank immediately ====
 +
 +Call the bank fraud helpline and freeze the account or card the moment you notice the fraud. Follow up in writing, by email or the netbanking grievance form, so you have a dated record. Keep the complaint reference number.
 +
 +==== Step 2: File a cyber-crime complaint ====
 +
 +Dial the national cyber-crime helpline **1930** and lodge a complaint at [[https://cybercrime.gov.in|cybercrime.gov.in]]. A fast report can help the bank trace and freeze the fraudster's account before the money moves on.
 +
 +==== Step 3: Give the bank time to respond, then escalate ====
 +
 +The bank should investigate and credit any compensation due. If it refuses, delays, or pays the wrong amount, escalate to the **RBI Ombudsman** under the Reserve Bank Integrated Ombudsman Scheme. See [[https://righttoinformation.wiki/rbi-ombudsman-complaint-closed-rejected-next-steps-india|what to do when the RBI Ombudsman closes or rejects your complaint]].
 +
 +==== Step 4: Use RTI and records to build pressure ====
 +
 +If the bank stonewalls, ask it in writing for the fraud investigation report and the reason for any refusal. You can draft a clean, citation-ready request with the [[https://righttoinformation.wiki/tools/ai-rti-draft-app.html|AI RTI draft tool]] and read the deeper playbook in [[https://righttoinformation.wiki/golden-hour-zero-liability-cyber-fraud-rbi-india|the golden-hour zero-liability guide]].
 +
 +===== Frequently asked questions =====
 +
 +==== Does the Rs 25,000 cap reduce a full refund I would otherwise get? ====
 +
 +No. The cap applies only to the negligence case where you shared your credentials. If the bank was at fault, or a third party defrauded you and you reported within 5 calendar days, you still get a full zero-liability refund. The new rule adds a floor where there was none. It never shrinks an existing full refund.
 +
 +==== When does this new compensation start? ====
 +
 +It applies to electronic banking transactions on or after **1 January 2027**. It is an upcoming rule announced in the RBI Responsible Business Conduct Third Amendment Directions, 2026, dated 24 June 2026. A fraud before that date is not covered by this new cushion.
 +
 +==== How many times can I use this? ====
 +
 +Once. The 85 per cent or Rs 25,000 capped compensation is available a single time during the customer's lifetime. After you have claimed it once, you cannot claim it again for another negligence-based fraud.
 +
 +==== Who qualifies for the new payout? ====
 +
 +A bona fide individual victim, including a sole proprietor, whose gross loss on a single fraudulent electronic banking transaction is up to Rs 50,000, in a situation where the customer was negligent, for example by sharing an OTP, PIN or password. Larger losses and non-individual accounts are outside this specific provision.
 +
 +==== What if I reported the third-party fraud within 5 days? ====
 +
 +Then you are likely in the **zero-liability** category, not the capped one. Reporting a third-party breach within 5 calendar days means the bank should refund the full amount. Always report fast, because the speed of your complaint can decide whether you get everything back or only the capped amount.
 +
 +==== Where is this rule written? ====
 +
 +In the RBI Responsible Business Conduct Third Amendment Directions, 2026, reference RBI/2026-27/167, DOR.MCS.REC.No.130/01-01-032/2026-27, dated 24 June 2026. The compensation provision sits in the para 76T area of the Directions and is a final, binding Direction, not a draft.
 +
 +===== What to do in the next 30 minutes =====
 +
 +  * If a fraud just happened, call your bank fraud helpline and freeze the account now.
 +  * Dial **1930** and file at cybercrime.gov.in to try to trace the money.
 +  * Email your bank a written complaint and save the reference number.
 +  * Note the exact date. If it is on or after 1 January 2027 and you were negligent, flag the new compensation provision.
 +  * If the bank has already refused a refund, read [[https://righttoinformation.wiki/bank-refused-cyber-fraud-refund-zero-liability-india|what to do when the bank refuses a cyber-fraud refund]] and prepare your escalation.
 +
 +For the full citizen toolkit on filing, appealing and escalating, see [[https://righttoinformation.wiki/book|The RTI Playbook]].
 +
 +===== Sources =====
 +
 +  * RBI Responsible Business Conduct Third Amendment Directions, 2026, RBI/2026-27/167, DOR.MCS.REC.No.130/01-01-032/2026-27, dated 24 June 2026: [[https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=13543&Mode=0|RBI notification 13543]]
 +  * National cyber-crime reporting: [[https://cybercrime.gov.in|cybercrime.gov.in]] and helpline 1930
 +
 +===== Related on RTI Wiki =====
 +
 +  * [[https://righttoinformation.wiki/golden-hour-zero-liability-cyber-fraud-rbi-india|Golden hour: zero-liability cyber-fraud refund under RBI rules]]
 +  * [[https://righttoinformation.wiki/bank-refused-cyber-fraud-refund-zero-liability-india|Bank refused your cyber-fraud refund? Zero-liability rights]]
 +  * [[https://righttoinformation.wiki/rbi-ombudsman-complaint-closed-rejected-next-steps-india|RBI Ombudsman complaint closed or rejected: next steps]]
 +  * [[https://righttoinformation.wiki/tools/ai-rti-draft-app.html|AI RTI draft tool]]
 +===== RBI digital fraud compensation Rs 25,000: How to claim under the zero liability policy? =====
 +
 +RBI's zero liability and limited liability framework protects victims of digital fraud. Here is the complete guide:
 +
 +  - **Step 1: What is the RBI zero liability policy?** (a) under RBI's "Limited Liability of Customers in Unauthorized Electronic Banking Transactions" circular (2017, updated 2024), (b) if you report fraud within 3 days: ZERO liability (full refund), (c) if reported within 4-7 days: limited liability (max Rs 5,000 for basic accounts, Rs 10,000 for savings, Rs 25,000 for current), (d) if reported after 7 days: bank decides based on the case, (e) the Rs 25,000 cap applies to current account holders reporting within 4-7 days.
 +  - **Step 2: What counts as digital fraud?** (a) UPI fraud (unauthorized transactions), (b) debit/credit card fraud (skimming, phishing), (c) net banking fraud (account takeover), (d) OTP fraud (social engineering), (e) SIM swap fraud, (f) QR code scanning fraud, (g) remote access scam (AnyDesk/TeamViewer).
 +  - **Step 3: How to report.** (a) immediately call your bank's 24x7 fraud helpline, (b) report on the bank's app or website (block card, freeze account), (c) file a complaint on the National Cyber Crime Reporting Portal (cybercrime.gov.in) or call 1930, (d) email the bank's grievance officer with transaction details (date, amount, merchant), (e) file an FIR at the local police station (cyber crime cell), (f) report to RBI's Banking Ombudsman if the bank does not respond.
 +  - **Step 4: Bank's obligations.** (a) the bank must acknowledge your complaint immediately, (b) the bank must resolve the complaint within 90 days (or 120 days for complex cases), (c) the bank must credit the disputed amount (if zero/limited liability) within 10 working days, (d) if the bank delays: it must pay interest at the savings account rate, (e) the bank cannot hold you liable for the fraud while the investigation is pending.
 +  - **Step 5: Common reasons for rejection.** (a) you shared your OTP/PIN/card details (negligence), (b) you did not report within 3 days (limited liability applies), (c) the bank claims you authorized the transaction, (d) the transaction was on a third-party platform (bank says it's not responsible), (e) you did not file an FIR.
 +  - **Step 6: How to escalate.** (a) if the bank rejects: file with the Banking Ombudsman (cms.rbi.org.in), (b) the Ombudsman can order the bank to refund, (c) file a consumer complaint under the Consumer Protection Act 2019, (d) file a cyber crime complaint with the police (1930 or cybercrime.gov.in), (e) the Ombudsman can award up to Rs 20 lakh plus Rs 1 lakh for harassment.
 +  - **Step 7: File RTI.** File RTI with RBI asking for: (a) the total digital fraud compensation paid by banks, (b) the average resolution time, (c) the number of zero liability claims honored, (d) the banks with the highest fraud rates.
 +
 +See [[https://righttoinformation.wiki/cyber/fake-website|Fake Website]] and [[https://righttoinformation.wiki/practical-guides/crypto-withdrawal-stuck-indian-exchange-kyc-tax-lien|Crypto Withdrawal Stuck]].
 +
 +{{tag>rbi digital fraud compensation 25000 zero liability limited liability cyber crime 1930 upi fraud 2026}}