Daijiworld Media Network - Mumbai

Mumbai, Mar 8: The Reserve Bank of India (RBI) has issued draft Third Amendment Directions, 2026 under its Responsible Business Conduct framework, proposing stronger safeguards for customers facing fraud in electronic banking transactions.

The draft directions, released on March 6, aim to enhance protection for bank customers involved in digital transactions such as UPI payments, internet banking, mobile banking, debit or credit card transactions, and ATM withdrawals.

According to the proposal, the revised rules will apply to electronic banking transactions carried out on or after July 1, 2026. The directions will cover commercial banks but exclude small finance banks, payments banks, regional rural banks and local area banks.

The draft revises earlier norms on limiting customer liability in cases of unauthorised electronic transactions.

Under the proposed framework, transactions carried out by customers using authentication methods such as OTP, PIN, card details or passwords will be treated as authorised transactions.
However, transactions executed using credentials obtained through fraud, or where customers are tricked or coerced into transferring money to scammers posing as legitimate recipients, will be classified as fraudulent electronic banking transactions.

These digital payments fall under the definition of electronic funds transfer in the Payment and Settlement Systems Act, 2007.

The RBI has also clarified what constitutes negligence by banks and customers.

Bank negligence may include failing to maintain secure systems, not sending transaction alerts, or not providing proper channels for reporting fraud.

Customer negligence could include sharing passwords or OTPs, ignoring bank fraud warnings, or downloading malicious applications that compromise account security.

The draft directions also define “third-party breaches,” where the failure occurs with intermediaries rather than the bank or the customer.

These intermediaries may include third-party application providers, payment aggregators, payment gateways and telecom service providers.

The RBI has advised banks to instruct customers to report fraudulent transactions immediately and lodge complaints through the National Cyber Crime Reporting Portal or the National Cyber Crime Helpline (1930).

Prompt reporting will be essential for customers to qualify for compensation.

The draft also proposes a compensation mechanism for small digital fraud cases.

If an individual customer loses up to ?50,000 in a genuine fraudulent electronic transaction, they may receive compensation of 85 per cent of the net loss or up to ?25,000, whichever is lower, once in their lifetime.

To qualify, the fraud must be reported to the bank and the National Cyber Crime portal or helpline within five days of the incident.

For smaller losses, the majority of the compensation will be borne by the RBI, while the customer’s bank and the beneficiary bank will contribute smaller shares. If the stolen money is later recovered, the compensation amount will be recalculated accordingly.