Got scammed online? RBI proposes one-time refund up to ₹25,000
What's the story
The Reserve Bank of India (RBI) has proposed a new scheme to partially refund victims of cyber fraud in digital banking transactions. The scheme, announced on Friday, will see the central bank and banks share the cost of compensation for losses up to ₹50,000. Under this proposal, customers would be compensated with up to 85% of their loss or a maximum of ₹25,000, whichever is lower. If implemented, this will apply to transactions carried out from July 1.
Cost sharing
Customers can avail this compensation only once in their lifetime
The compensation cost will be shared among the RBI, the customer's bank, and the bank where the money was transferred. However, there's a catch: customers can avail this compensation only once in their lifetime. RBI Governor Sanjay Malhotra had said last month that this initiative is meant to forgive an initial lapse in judgment while encouraging users to strengthen their personal security protocols thereafter.
Liability shift
Major shift in liability dynamics of India
The RBI's proposal marks a major shift in the liability dynamics of India. Traditionally, banks have been reluctant to pay for customer errors such as OTP sharing. However, now the central bank is willing to subsidize those mistakes to keep India's digital momentum from stalling. Electronic banking transactions include point-of-sale transfers, ATM transactions, direct deposits or withdrawals, phone-to-phone transfers and online and card payments.
Coverage details
Scheme to cover losses due to 3rd-party breaches
The compensation scheme will cover losses due to third-party breaches as well as customer negligence. A third-party breach is when the bank's services or the customer's actions were not the cause of loss, but it lies elsewhere in the system. Customer negligence includes sharing a PIN, password, OTP or other details with someone else for transactions; not reporting a fraudulent transaction immediately after discovering it; and downloading malicious apps among others.
Reporting requirements
Compensation contingent on loss being found legitimate
The compensation would be contingent on the loss being found legitimate and the victim reporting the fraud on the National Cyber Crime Reporting Portal or Helpline, and to their bank within five calendar days of its occurrence. These proposals were floated by RBI in a draft circular released on Friday. A month ago, RBI had said it would issue a framework for compensation in cases of small-value fraudulent transactions.
Audit requirements
Other proposals floated by RBI
The circular also mandates bank boards or their committees to regularly audit reported digital frauds and the effectiveness of their resolution processes. They must use these insights to strengthen security protocols and grievance systems. It also said that a customer shall be entitled to zero liability and a reversal of the transaction if the fraudulent transaction occurs due to bank's negligence, regardless of whether they reported it.