Download the amendment directions here.

The Reserve Bank of India (RBI) has overhauled its rules on customer protection in fraudulent electronic banking transactions, introducing revised directions that redefine liability, expand banks’ obligations and create a compensation mechanism for certain victims of digital payment fraud. 

Among the changes, customers will receive zero liability in specified cases involving bank negligence or third-party breaches, while banks will have to establish customer liability in fraud complaints. The revised directions also require banks to strengthen fraud reporting systems, send transaction alerts, and compensate eligible customers in certain small-value fraud cases. The directions apply to electronic banking transactions undertaken by customers of commercial banks on or after January 1, 2027.

Important definitions: 

  • Electronic banking transaction (EBT): Electronic funds transfers under the Payment and Settlement Systems Act, 2007, including both card-present and card-not-present transactions.
  • Fraudulent EBT: An EBT carried out by a third party using credentials obtained fraudulently, carried out by a customer under coercion or duress, or an unauthorised EBT.
  • Unauthorised EBT: An EBT not authorised by the customer, including transactions resulting from bank negligence or a third-party breach.
  • Shadow reversal: A temporary or provisional credit provided by a bank after a customer reports a fraudulent EBT. Customers cannot use the amount, but they will not incur interest or additional charges.

Who is negligent, and what is a third-party breach?

  • Bank negligence includes:
    • Failing to implement mandated systems and procedures to secure EBTs.
    • Not sending mandatory transaction alerts.
    • Failure to provide 24×7 channels to report fraudulent transactions or lost cards.
    • Not acting diligently after a customer reports fraud or card loss.
    • System failures, security breaches or internal fraud leading to unauthorised EBTs.
  • Customer negligence includes:
    • Sharing or failing to protect credentials such as PINs, passwords or OTPs.
    • Delaying reporting of fraudulent transactions or lost cards.
    • Ignoring specific and clear scam warnings issued by the bank.
    • Downloading malicious applications.
    • Not updating registered mobile numbers or email addresses.
  • Third-party breach refers to deficiencies outside the bank and customer, including failures by entities such as Third-Party Application Providers (TPAPs), Payment Aggregators (PAs), Payment Gateways (PGs) and Telecom Service Providers (TSPs).

Policy, alerts, and reporting requirements: Banks must adopt a customer protection policy that covers reporting channels, customer rights and obligations, complaint resolution timelines, and awareness measures. The policy must be published on the bank’s website.

Additionally, banks must:

  • Verify customers’ mobile numbers and email addresses during onboarding and…

Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at [email protected]

 

 

Categorized in:

Blog,

Last Update: June 25, 2026