The Reserve Bank of India (RBI) has released draft Third Amendment Directions, 2026 under its Responsible Business Conduct framework, introducing stronger safeguards for customers affected by fraud in electronic banking transactions. The proposed rules are aimed at enhancing consumer protection as the use of digital banking services continues to grow rapidly across India.
Focus on Digital Payment Channels
The draft framework primarily addresses fraud occurring through digital banking platforms such as UPI payments, internet banking, mobile banking, debit and credit cards, and ATM withdrawals.
According to the central bank, the proposed regulations will apply to transactions conducted on or after July 1, 2026. The guidelines will cover commercial banks, while small finance banks, payments banks, regional rural banks, and local area banks will not fall under the scope of these rules.
Revised Guidelines on Customer Liability
The amendment seeks to update the existing rules governing customer liability in cases of unauthorised electronic banking transactions.
As outlined in the draft released on March 6, 2026, electronic banking transactions include payments conducted through internet banking, mobile banking, card-based transactions, or other digital methods that qualify as electronic fund transfers under the Payment and Settlement Systems Act, 2007.
Clear Distinction Between Authorised and Fraudulent Transactions
To reduce ambiguity, the RBI has proposed clearer definitions of authorised transactions.
Transactions completed using customer authentication methods—such as OTP, PIN, passwords, or card details—will typically be treated as authorised. This also applies to payments executed by previously authorised third parties through standing instructions or mandates registered with the bank.
Situations Considered Fraudulent
The draft directions identify several scenarios that would still qualify as fraudulent electronic transactions, including:
- When a third party carries out a transaction using credentials obtained from a customer through fraudulent means.
- When a customer approves a transaction under coercion or pressure from fraudsters.
- When a customer is misled into transferring money to a scammer impersonating a legitimate recipient.
Clarifying Negligence by Banks and Customers
The RBI has also outlined potential circumstances that may constitute negligence by either banks or customers.
Bank negligence may include:
- Failure to maintain secure digital systems
- Delay in sending transaction alerts
- Lack of adequate channels for customers to report fraud
Customer negligence may involve:
- Sharing confidential information such as OTPs or passwords
- Ignoring fraud alerts issued by banks
- Downloading malicious applications that compromise account security
Third-Party System Failures
The draft framework also addresses cases involving failures within the broader digital payment ecosystem.
A third-party breach refers to situations where the issue arises due to lapses by intermediaries such as third-party app providers, payment gateways, payment aggregators, or telecom service providers, rather than the bank or the customer.
Reporting Fraud Through the National Portal
The RBI has advised banks to encourage customers to report fraudulent transactions immediately.
Customers should inform their bank and also file a complaint through the National Cyber Crime Reporting Portal or contact the National Cyber Crime Helpline (1930) as soon as possible.
Compensation for Small Digital Fraud Losses
The draft directions also introduce a compensation framework for small-value digital fraud cases.
Under the proposal, if an individual customer suffers a genuine fraudulent loss of up to ₹50,000, they may be eligible to receive 85% of the net loss or up to ₹25,000, whichever is lower, once in their lifetime.
To qualify, the fraud must be reported to both the bank and the cyber crime portal or helpline within five days of the incident.
For smaller fraud cases, the RBI indicated that most of the compensation would be funded by the central bank, with smaller contributions from the customer’s bank and the beneficiary bank. If the stolen funds are recovered later, the compensation amount will be recalculated accordingly.
Summary:
The Reserve Bank of India has proposed new draft rules to strengthen safeguards against digital banking fraud, covering transactions made through UPI, cards, mobile banking, internet banking, and ATMs. The rules, expected to apply from July 1, 2026, revise guidelines on customer liability, define authorised and fraudulent transactions, clarify negligence by banks and customers, and address third-party breaches. The draft also introduces a compensation mechanism for small fraud losses of up to ₹50,000, allowing eligible customers to receive up to ₹25,000, provided the incident is reported promptly.
This article is intended solely for educational and informational purposes. The securities or companies mentioned are provided as examples and should not be considered as recommendations. Nothing contained herein constitutes personal financial advice or investment recommendations. Readers are advised to conduct their own research and consult a qualified financial advisor before making any investment decisions.
Investments in securities markets are subject to market risks. Please read all related documents carefully before investing.
