By Puneeth Raj| March 11, 2026
Imagine losing ₹18,000 to a fake UPI seller promising quick discounts—only to realize it’s gone forever. In 2025 alone, Indians lost over ₹14,000 crore to cyber frauds, with UPI scams leading the pack. Now, the RBI is fighting back with a draft framework that could put up to ₹25,000 back in victims’ pockets. But is it enough?
On March 6, 2026, RBI released draft guidelines under the Reserve Bank of India (Commercial Banks — Responsible Business Conduct) Third Amendment Directions, 2026. This proposes a compensation scheme offering up to 85% relief (capped at ₹25,000) for genuine small-value digital fraud losses up to ₹50,000—funded partly by RBI itself. Effective as a one-year pilot from July 1, 2026 (for transactions on or after that date), it could transform victim support. But stricter deadlines and limits spark debate: Is it a true game-changer or just a temporary band-aid?
The New Framework: A Compassionate Safety Net for Digital India
The draft expands protection beyond simple hacks to include “authorised push payment” (APP) frauds—where victims are tricked into approving transfers via UPI, net banking, cards, or mobile apps. Key features include:
- Compensation for Small Losses: Up to 85% of net loss (after recoveries) or ₹25,000 (whichever lower), one-time lifetime benefit per individual.
- Shared Burden Model: RBI covers ~65%, payer’s bank ~10%, and beneficiary bank ~10%. This strategic move by the RBI—using the DEA Fund—is designed to prevent a collapse in digital trust, which would cost the economy far more than individual payouts.
- Strict Eligibility: Report within 5 calendar days to both your bank and National Cyber Crime Helpline (1930)/Portal; loss must be verified as bona fide.
- Zero Liability Boost: Full reversal (no cap) for bank negligence (any reporting time) or third-party breaches reported within 5 days.
- Bank Duties: Instant SMS/email alerts for transactions > ₹500, AI fraud detection, and faster resolutions (target 30 days).
Side-by-Side: How It Evolves from the 2017 Rules:
The 2017 guidelines focused strictly on unauthorised debits. The 2026 draft shifts to a “shared-responsibility” compensation model.
| Aspect | 2017 Guidelines | 2026 Draft Framework (Pilot July 1) |
| Scope | Unauthorised transactions only (e.g., account hacks, stolen credentials). | Unauthorised + Authorised-but-fraudulent (e.g., tricked into approving UPI/scams). |
| Relief Type | Reversal + liability capped by account type (₹5,000–₹25,000) based on delay. | 85% of net loss (Capped at ₹25k) for losses ≤ ₹50k; One-time lifetime benefit. |
| Funding / Burden | Primarily borne by the involved bank(s). | Shared Pool: RBI ≈65%, Payer Bank ≈10%, Beneficiary Bank ≈10%. |
| Reporting Deadline | 3 working days for zero liability; limited caps for 4–7 working days. | 5 calendar days; Mandatory dual reporting (Bank + National Helpline 1930). |
| Zero Liability | Bank fault (any time); 3rd-party breach reported within 3 working days. | Bank fault (anytime); 3rd-party breach reported within 5 calendar days. |
| Customer Negligence | Often full liability if OTP/PIN was shared. | Partial relief possible if reported promptly; banks must prove gross negligence. |
| Resolution Target | Up to 90 days. | Aimed at faster processing (Target: 30 days). |
| Alerts & Safeguards | Standard transaction alerts (SMS/Email). | Instant alerts > ₹500 + Enhanced AI-based fraud detection. |
Merits: Real Empowerment for Everyday Users
- Inclusivity for Tricked Victims: Covers common UPI scams (e.g., fake sellers in Mysuru), offering partial aid even with some negligence—providing “immediate solace.”
- Shared Burden Eases Delays: RBI’s major contribution reduces bank resistance, speeding payouts and cutting inter-bank fights.
- Speed & Vigilance: Shorter timelines + mandatory alerts/AI could shrink fraud windows and boost digital confidence.
- Equity Focus: Burden of proving negligence shifts to banks; zero liability for their faults remains strong.
Challenges: Practical Hurdles Remain
- Tight 5-Day Window: The shift from “working days” to “calendar days” is a major hurdle. If a fraud occurs on a Friday before a long weekend, rural victims with low connectivity may find it nearly impossible to hit the dual-reporting deadline.
- Capped & One-Off: ₹25,000 max leaves near-₹50k losses under-covered; lifetime limit hurts repeat victims (e.g., elderly).
- Bank Strain: Extra verification and administrative costs could lead to fee hikes or uneven rollout.
- Moral Hazard Risk: Easing negligence liability might reduce caution, though caps help.
- Pilot Uncertainty: One-year trial + potential RBI funding cuts create flux; privacy concerns with Aadhaar-linked claims.
Final Verdict: A Step Forward – But Feedback Will Make It Stronger
This draft evolves the 2017 foundation into a more empathetic, shared-responsibility system, vital for India’s digital economy. It empowers victims with tangible aid while demanding vigilance. Success depends on addressing rollout gaps.
If you’ve faced a scam or see missing pieces (e.g., higher caps, easier reporting), submit feedback to RBI by April 6, 2026 via their official portal or email. Report frauds immediately via 1930—early action is still your best defense.