惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
量子位
M
MIT News - Artificial intelligence
Y
Y Combinator Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Google DeepMind News
Google DeepMind News
Hugging Face - Blog
Hugging Face - Blog
博客园_首页
雷峰网
雷峰网
I
InfoQ
罗磊的独立博客
博客园 - 聂微东
酷 壳 – CoolShell
酷 壳 – CoolShell
大猫的无限游戏
大猫的无限游戏
D
Docker
H
Hackread – Cybersecurity News, Data Breaches, AI and More
腾讯CDC
博客园 - 三生石上(FineUI控件)
The GitHub Blog
The GitHub Blog
K
Kaspersky official blog
P
Privacy & Cybersecurity Law Blog
S
SegmentFault 最新的问题
T
Threat Research - Cisco Blogs
H
Help Net Security
小众软件
小众软件
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
C
CERT Recently Published Vulnerability Notes
WordPress大学
WordPress大学
T
Tenable Blog
T
The Blog of Author Tim Ferriss
C
Cisco Blogs
Simon Willison's Weblog
Simon Willison's Weblog
博客园 - Franky
A
Arctic Wolf
T
Threatpost
Scott Helme
Scott Helme
C
Cybersecurity and Infrastructure Security Agency CISA
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
The Exploit Database - CXSecurity.com
G
GRAHAM CLULEY
Security Latest
Security Latest
Spread Privacy
Spread Privacy
L
LINUX DO - 热门话题
V
Vulnerabilities – Threatpost
P
Privacy International News Feed
S
Schneier on Security
Latest news
Latest news
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
Cyber Attacks, Cyber Crime and Cyber Security
C
CXSECURITY Database RSS Feed - CXSecurity.com

MEDIANAMA

India in talks with US, Anthropic for Mythos access; no Indian firms in Project Glasswing yet Eternal Q4FY26: All Users Pay Higher Platform Fee, Only Some Get Discounts Amazon, Meta to challenge PhonePe-Google Pay dominance as UPI cap delayed since 2020 Meta failed to protect the safety of under-13s: European Commission If markets and regulators are ready for network slicing, we are ready: JIO Why defining ‘news’ won’t fix the free speech problems of draft IT Rules? #NAMA Eternal Q4FY26: Goyal Dismisses AI Disruption Risk as Zomato Quietly Builds Agentic Commerce Infrastructure Karnataka files appeal challenging the bike taxi ban lift in the Supreme Court How did WhatsApp turn 17 govt. flags into 9,400 digital arrest scam bans? Google Wallet integrates Aadhaar as digital ID, expands India’s mobile identity ecosystem Kerala HC issues notice on MediaOne’s Facebook page block in India MeitY warns VPN providers against enabling access to blocked betting platforms Shreya Singhal targeted private censorship. Today’s threat is the State #NAMA Amazon scales its quick delivery service ‘Amazon Now’ in 100 cities Can MeitY issue binding rules via advisories? Experts raise alarm over draft IT Rules #NAMA How 2019 election code of ethics became India’s three-hour content takedown mandate #NAMA Australia proposes new levy on big tech to fund news, opens draft law for consultation ‘judge, jury, executioner’: experts warn of Inter-Departmental Committee (IDC) overreach under New draft IT Rules Lowdown: TRAI flags low deployment under PM-WANI in public Wi-Fi consultation paper Why the NBFC licence matters for MobiKwik China blocks Meta-Manus deal, asserts origin-country jurisdiction: what this means for India ‘No transparency’: experts warn of expanding powers to block online speech in India #NAMA X launches standalone iOS messaging app XChat with encryption in India How India’s content takedown framework was built and where It has gone wrong #NAMA Claude Mythos puts India on alert: CERT-In, telcos, banks assess unprecedented cyber risks Explained: why did the RBI cancel Paytm’s banking licence? Meta now instantly blocks content in India Govt. asks ZEE5 to halt ‘Lawrence of Punjab’ web series release Online Gaming Rules notified, to be in effect from May 1, what are the major changes? RBI mandates additional factor authentication for e-mandates No notice, no explanation, no recourse: how content creators experience censorship in India #NAMA Telangana Police invokes UAPA to demand TeluguScribe’s user data from X Lowdown: RBI releases draft PPI rules covering capital requirements, wallet limits & escrow norms MeitY tightens AI label rules, mandates continuous disclosure Watch Live: IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Govt. defends 4 PM YouTube ban, cites foreign influence and ‘digital lobbying’ in Delhi HC Anthropic’s Mythos AI accessed without approval via third-party vendor route: Report YouTube expands AI likeness detection tool to celebrities amid deepfake surge ECI orders 3-hour takedown rule for AI and fake content in elections Final Call: IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Announcing Speakers: Victims of Censorship | IT Rules and the Future of Online Speech in India, Delhi April 23, #NAMA Apple withholds financial data as India App Store antitrust case heads to final hearing Sony rolls out age checks in Playstation in the UK, users to prove age to access chat Vercel confirms hack via third-party AI tool, says sensitive data safe Karnataka High Court stays blocking orders against Proton Mail J&K DMs impose sweeping 60-day social media curbs; IFF calls them “illegal, overbroad” Flipkart plans ticketing entry, food delivery pilot in May ahead of IPO ANI v OpenAI: Not Everything an LLM Does is Copyright Infringement EU’s “safe by design” age-verification app cracked in minutes, raising data security fears Molitics’ Instagram suspended days after Facebook ban Speaker Announcement: IT Rules and the Future of Online Speech in India, April 23, 2026, Delhi X has only responded to 13 out of 94 takedown notices since 2024: Centre tells Gujarat HC Jio Financial Services Q4FY26 profit declines 14% to Rs 272 crore Bombay HC cracks down on fake ‘NSE’ social media handles amid rising impersonation fraud Government drops proposal to mandate Aadhaar app on smartphones Ola’s Krutrim quietly shuts down its agentic AI assistant ‘Kruti’ Anthropic taps Peter Thiel-backed Persona for Claude ID checks, raising DPDP concerns YouTube rolls out option to turn off Shorts, expands time controls Amnesty calls for ‘immediate withdrawal’ of India’s 2026 IT Amendment Rules, cites threat to free speech and privacy Lowdown: Insurers have to comply with DPDP as IRDAI updates Cyber Security Guidelines European Commission proposes Google have to share search data with rivals under the DMA AIGEG: MeitY’s new AI governance body excludes regulators recommended by its own AI guidelines Amazon acquires Globalstar for $11.57 Billion: What it means for India European Commission rolls out privacy-focused age verification app for child safety Reading List: IT Rules and the future of online speech in India, April 23, Delhi #NAMA Digital rule, colonial echo – India’s IT Rules 2021 amendments Agenda: IT Rules and the future of online speech in India, Delhi, April 23 #NAMA Motorola gets court order to block YouTube videos critical of its phones in India Apple and Google promote ‘nudify’ apps despite policy bans, report finds National security could be used to mandate registration of online games HBO Max enters India via JioHotstar partnership Andhra Pradesh police detain stand-up comedian Anudeep Katikala over YouTube video jokes Aptoide sues Google for app store monopoly, alleges ‘anticompetitive chokehold’ HBO Pushes X to Unmask User Behind Euphoria Season 3 Spoilers Delhi HC directs DoT, MeitY to take action against Tucows for failing to take down infringing URLs in Premier League case Claude users say accounts suspended after being incorrectly flagged as minors MeitY may let users, intermediaries join content-blocking hearings Sucheta Dalal challenges Delhi Court order using ‘Right to Be Forgotten’ in Sterling Biotech case Govt launches Rs 10,000 Cr Startup India Fund of Funds 2.0 to bridge early-stage funding gap in deep tech Advisories as Law? Panelists Debate Legal Sanctity Under Draft IT Rules Amendments Independent journalists in Punjab allege censorship by ruling AAP using copyright strikes, IT act Supreme Court Issues Notice on PIL Seeking Biometric Verification of Voters Fact-check: MP Nishikant Dubey’s claim on X community notes & Australian tax is false “No scientific evidence”: 438 scientists call for pause on age-based controls until benefits and risks understood Developer partially bypasses Google’s AI watermark, undermining detection India’s deepfake rules rely on Event Announcement: IT Rules and the Future of Online Speech in India, April 23, #NAMA UK plans jail risk for tech executives over failure to remove intimate images Press bodies demand ‘unconditional withdrawal’ of draft amendment to IT Rules, warns of free speech threat Zoho revenue crosses Rs 12,000 crore in FY25, but profit slips 3% YouTube’s AI avatar tool for Shorts raises questions around India’s deepfake rules, personality rights Instagram expands safety settings on teen accounts with 13+ content ratings Digi Yatra is eyeing international travel roll-out with passport-based enrolment Meta’s new AI model Muse Spark is coming to WhatsApp. Here is what that means for Indian users Andhra Pradesh explores DigiLocker age tokens for social media curbs on children aged 13-16 Kunal Kamra tells Bombay HC police sent “thousands” of takedown notices via Sahyog portal Extra safeguard for the elderly: RBI suggests trusted person approval for high-value digital payments Delhi court orders Google to remove Sterling Biotech case links, cites ‘right to be forgotten’ RBI Proposes 1-hour delay, customer controls for digital payments as frauds surge Should only MIB-authorised apps be allowed to stream free TV on Smart TVs? TRAI Seeks Inputs OpenAI releases child safety policy framework recommendations to combat AI-enabled CSAM
RBI caps customer liability in digital fraud From 2027
Prabhanu Kumar Das · 2026-06-25 · via MEDIANAMA

Download the amendment directions here.

The Reserve Bank of India (RBI) has overhauled its rules on customer protection in fraudulent electronic banking transactions, introducing revised directions that redefine liability, expand banks’ obligations and create a compensation mechanism for certain victims of digital payment fraud. 

Among the changes, customers will receive zero liability in specified cases involving bank negligence or third-party breaches, while banks will have to establish customer liability in fraud complaints. The revised directions also require banks to strengthen fraud reporting systems, send transaction alerts, and compensate eligible customers in certain small-value fraud cases. The directions apply to electronic banking transactions undertaken by customers of commercial banks on or after January 1, 2027.

Important definitions: 

  • Electronic banking transaction (EBT): Electronic funds transfers under the Payment and Settlement Systems Act, 2007, including both card-present and card-not-present transactions.
  • Fraudulent EBT: An EBT carried out by a third party using credentials obtained fraudulently, carried out by a customer under coercion or duress, or an unauthorised EBT.
  • Unauthorised EBT: An EBT not authorised by the customer, including transactions resulting from bank negligence or a third-party breach.
  • Shadow reversal: A temporary or provisional credit provided by a bank after a customer reports a fraudulent EBT. Customers cannot use the amount, but they will not incur interest or additional charges.

Who is negligent, and what is a third-party breach?

  • Bank negligence includes:
    • Failing to implement mandated systems and procedures to secure EBTs.
    • Not sending mandatory transaction alerts.
    • Failure to provide 24×7 channels to report fraudulent transactions or lost cards.
    • Not acting diligently after a customer reports fraud or card loss.
    • System failures, security breaches or internal fraud leading to unauthorised EBTs.
  • Customer negligence includes:
    • Sharing or failing to protect credentials such as PINs, passwords or OTPs.
    • Delaying reporting of fraudulent transactions or lost cards.
    • Ignoring specific and clear scam warnings issued by the bank.
    • Downloading malicious applications.
    • Not updating registered mobile numbers or email addresses.
  • Third-party breach refers to deficiencies outside the bank and customer, including failures by entities such as Third-Party Application Providers (TPAPs), Payment Aggregators (PAs), Payment Gateways (PGs) and Telecom Service Providers (TSPs).

Policy, alerts, and reporting requirements: Banks must adopt a customer protection policy that covers reporting channels, customer rights and obligations, complaint resolution timelines, and awareness measures. The policy must be published on the bank’s website.

Additionally, banks must:

  • Verify customers’ mobile numbers and email addresses during onboarding and periodically thereafter.
  • Send instant SMS alerts for all EBTs above Rs 500. SMS alerts for transactions of Rs 500 or less remain optional and incur no charges.
  • Send email alerts for all EBTs where an email address is available.
  • Include transaction details such as amount, time, transaction channel and beneficiary in alerts.
  • Provide 24/7 reporting channels, including phone banking, SMS, email, IVR, toll-free helplines and website or app reporting.
  • Acknowledge complaints immediately with a complaint number and timestamp.
  • Advise customers to report fraudulent transactions via the National Cyber Crime Reporting Portal or by calling 1930.

Liability and complaint resolution: 

  • Customers will have zero liability for fraud resulting from bank negligence, regardless of when it is reported.
  • Customers will also have zero liability for third-party breaches if they report the fraudulent transaction within five calendar days of its occurrence.
  • Where customer negligence caused the fraud, the customer bears losses until the transaction is reported. The bank must bear any unauthorised transaction after reporting.
  • Banks must establish customer liability in fraudulent EBT complaints.
  • Banks must resolve complaints within 45 calendar days for domestic cases and 60 calendar days for cross-border cases.
  • Banks must value-date reversals to the original transaction date. For fraudulent credit card transactions, banks must provide a shadow reversal within five calendar days of notification.

Compensation for small-value fraudulent EBTs:

The RBI has introduced a one-time compensation mechanism for eligible individuals, including sole proprietors.

  • It applies to bona fide victims who suffer losses of up to Rs 50,000 due to fraudulent EBTs involving customer negligence.
  • Customers must report the fraud to both the bank and the National Cyber Crime Reporting Portal or 1930 within five calendar days.
  • Eligible customers will receive 85% of the net loss or Rs 25,000, whichever is lower, once in their lifetime.
  • Banks must pay compensation within five calendar days of receiving a completed application from an eligible customer.
  • The compensation mechanism will apply to fraudulent EBTs occurring for one year from the date the directions come into effect.

Why does this matter? India lost an estimated Rs 22,495 crore to cyber fraud in 2025. Yet, the RBI’s new compensation mechanism covers losses only up to Rs 50,000,  leaving victims of larger scams with no recourse under these directions. Even within that ceiling, customers must report fraud within five calendar days to qualify. Meanwhile, the burden-of-proof shift, banks must now establish customer liability, not the other way around, marks a genuine structural change. But with 2.81 million fraud complaints filed last year, the framework’s protections remain far smaller than the problem they are designed to solve.

Also read:

Post navigation

Days after Sarvam closed its Series B round of funding, raising $234 million and becoming an AI unicorn, it has been revealed that the Indian govt. could become its 1-2% stakeholder via IndiaAI.