The Reserve Bank of India (RBI) has introduced new rules to protect customers from fraudulent electronic banking transactions.
These amendments update the RBI’s 2017 circular on "Limiting Liability of Customers in Unauthorised Electronic Banking Transactions".
The new framework specifically covers scams like "digital arrests" and fraudulent theft of One-Time Passcodes (OTPs).
Customers can claim up to 85% compensation for losses up to ₹50,000, with a maximum of ₹25,000, applicable once in a lifetime.
The rules become effective from January 1, 2027, and require reporting to the cybercrime helpline (1930) within five days for eligibility.
Detailed Insights:
The 2017 circular primarily held banks liable only when transactions were not authorised by customers, such as in successful hacking incidents.
The new definition of "fraudulent electronic banking transactions (EBTs)" includes transactions executed using credentials obtained fraudulently or by the customer under coercion.
It also encompasses EBTs not authorised by a customer due to negligence by a bank or a third-party breach.
The timeline for customers to report a loss in cases of a third-party hack has been extended from three working days to five calendar days.
For eligible compensation, the RBI will pay roughly three-fourths of the amount, with the customer and beneficiary banks covering the remaining half.
Customers who ignore fraud warnings or fail to register their latest contact details with the bank may not be eligible for compensation.
The implementation date was postponed from July 1 to January 1, 2027, and complaint settlement timelines are now set at 45-60 days.
Dvara Research, a financial inclusion think tank, had suggested considering the vulnerability of customers, as sophisticated fraud attempts are frequent.
Key Concepts Involved:
Fraudulent Electronic Banking Transactions (EBTs): Transactions executed by a third-party using fraudulently obtained credentials or by the customer under coercion, or unauthorised EBTs due to bank negligence/third-party breach.
Social Engineering: Psychological manipulation of people into performing actions or divulging confidential information, often used in cyberattacks.
Digital Arrests: A scam where fraudsters impersonate law enforcement or government officials to coerce victims into making payments.
RBI’s 2017 circular: A previous regulatory framework that outlined customer liability limits in unauthorised electronic banking transactions.