惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

P
Palo Alto Networks Blog
大猫的无限游戏
大猫的无限游戏
Martin Fowler
Martin Fowler
GbyAI
GbyAI
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
量子位
T
The Blog of Author Tim Ferriss
Y
Y Combinator Blog
Microsoft Azure Blog
Microsoft Azure Blog
C
CERT Recently Published Vulnerability Notes
Recent Announcements
Recent Announcements
A
About on SuperTechFans
aimingoo的专栏
aimingoo的专栏
P
Privacy International News Feed
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - 叶小钗
L
Lohrmann on Cybersecurity
G
GRAHAM CLULEY
T
The Exploit Database - CXSecurity.com
Hugging Face - Blog
Hugging Face - Blog
P
Proofpoint News Feed
NISL@THU
NISL@THU
博客园 - Franky
C
Cybersecurity and Infrastructure Security Agency CISA
The Register - Security
The Register - Security
M
MIT News - Artificial intelligence
Know Your Adversary
Know Your Adversary
A
Arctic Wolf
F
Full Disclosure
T
Threat Research - Cisco Blogs
P
Privacy & Cybersecurity Law Blog
The Hacker News
The Hacker News
博客园 - 【当耐特】
D
Docker
T
Tailwind CSS Blog
S
SegmentFault 最新的问题
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Jina AI
Jina AI
Help Net Security
Help Net Security
V
Visual Studio Blog
小众软件
小众软件
B
Blog
Vercel News
Vercel News
云风的 BLOG
云风的 BLOG
N
News and Events Feed by Topic
Forbes - Security
Forbes - Security
N
Netflix TechBlog - Medium
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
C
Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic

Latest BL Explainers | The HinduBusinessLine

Explained: How the India-UK CETA could boost pharma, medtech exports Deep dive into IFSCA’s Proposed Direct Listing Framework Explained | Can Vimag’s ‘virtual magnet’ replace rare-earth magnets in EV motors? Why has India cut broken grain share in PDS rice under Rice Milling Transformation scheme? What the NMC case means to Bank of Baroda investors SEBI third-party payment proposal for mutual funds explained for investors How Ebola is turning into a public health emergency, needing international efforts How coal gasification promises to be a gamechanger in energy security, cutting imports UAE’s OPEC exit could be advantage India in the long-term All you want to know about the women’s reservation and delimitation bills fiasco Hungary’s historic elections and its implications How West-Asia war could reshape the AI race What is US-Iran peace deal & what it means for India Can SEBI’s reset revive social stock exchanges? Explained Decoding RBI’s move to curtail rupee speculation BL Explainer: How excise duty cuts support OMCs, leave consumers high and dry PNG vs LPG: Why the govt wants you to shift to piped gas All you want to know about India’s crude oil and gas reserves and why we are lagging on this count Anatomy of the India LPG crisis and how to tackle it -- explained What is Essential Commodities Act, why has it been invoked for LPG supply? How IDFC First Bank got de-defrauded of ₹590 crore Will RBI’s new rules on bank lending to brokers impact stock market trading? What the merger of PFC and REC means for investors Biopharma Shakti explained: What the Budget’s ₹10,000-crore bio bet means Explained: What Anthropic’s latest launch means for Indian IT Explainer: MGNREGA or VB-G RAM G, which is better? How do Stablecoins differ from other cryptos such as bitcoin? Why is RBI opposed to them? Explained Chaos on the floor: Why it is a bad season for air travellers Explained: Why Sanchar Saathi sparked a backlash — and what the rollback means All you want to know about DoT’s SIM-binding decision Why the Delhi-Mumbai airport user fee battle matters for passengers What are fractional shares? What has been the experience in Canada, US and Japan, explained Explained: All you need to know about TCS-DXC case Digital Personal Data Protection (DPDP) Rules, 2025: All you need to know Explained: How does digital gold work? What are the key concerns flagged by SEBI? India’s AI Governance Guidelines Explained: A middle path between innovation and regulation Explainer: What do new MF regulations on TER and brokerage costs mean to you? How is SIR 2.0 different from Bihar SIR? All you want to know about the work of Mokyr, Aghion and Howitt, the Nobel winners for economics in 2025 Draft Electricity (Amendment) Bill, 2025, proposes to align reforms with industry requirements Pace of adoption and integration of digital receivers will be key for growth of digital radio services in India How India plans to wean itself off Chinese ships with Centre’s shipbuilding plan Cough syrup deaths in MP & Rajasthan: All you need to know What happens during US government shutdown? How does it impact the US, India? What is Arattai? Does it have the muscle to take on WhatsApp? E20 petrol issue explained: What is all the fuss about? Why Leh’s Gen Z took to the streets: Ladakh’s unrest explained Data focus: Zubeen Garg’s funeral, the final measure of his accomplishment Gold’s breathless rally: How are jewellery buyers, central banks and investors responding? Understanding Waqf (Amendment) Act, 2025, and Supreme Court’s interim order Nepal protests explained: The Gen Z uprising in Nepal and what lies ahead HIRE Act: What It means for outsourcing, US jobs, and Indian IT companies BL Explainer: Will E20 fuel vroom ahead with removal of restriction on ethanol production? GDP deflator explained: How it will play havoc with GDP numbers for 2025-26 A tug-of-war over cashless health insurance that could threaten policy holders BL Explainer: Decoding the new income tax law Online money games explained: Why the Centre is banning them Decoding ICICI Bank’s move to sharply raise minimum account balance for new customers BL Explainer: 50% tariff on US exports: What will be the impact? Mobile number validation – boon or bane? Why Nayara Energy is caught in the crosshair of EU sanctions against Russia BL Explainer: How CERC’s market coupling decision impacts IEX What is the strategic significance of Airtel-Perplexity partnership BL Explainer: What Shubhanshu Shukla’s space odyssey means to Gaganyan mission and ISRO What is the status of Trump’s reciprocal tariffs and their shifting deadlines BL Explainer: Will Dreamfolks-Adani fracas affect your airport lounge access? BL Explainer: Are CAFE norms punishing small-car makers? SEBI cracks down on Jane Street over ₹36,671 cr Bank Nifty manipulation More than just a ‘skinny jab’: Semaglutide and its class of diabetes & weight loss drugs BL Explainer: What do the new expiry days on BSE and NSE mean to you? Strait of Hormuz: West-Asia tensions raise concerns over oil markets as Iran-Israel clashes Why are South, North India divided on delimitation? What drives changes to constituency boundaries?
Electronic banking frauds: What frauds are covered? How much will be compensated? How to claim your refund?
By BL Research BureauKumar Shankar Roy · 2026-03-10 · via Latest BL Explainers | The HinduBusinessLine

As digital payments evolve and fraud risks change, RBI wants customer protection rules to keep pace. On March 6, 2026, the RBI issued draft directions reviewing its 2017 framework on limiting customer liability in unauthorised electronic banking transactions.

The proposed changes widen the framework beyond unauthorised transactions, seek faster complaint handling by banks, and introduce a one-year compensation mechanism for small-value fraudulent electronic banking transactions.  Here is a lowdown.

What is the extent to which customers can be compensated for small-value fraudulent electronic banking transactions?

Under the draft framework, a bonafide individual victim can get compensation for fraudulent electronic banking transactions involving a gross loss of up to ₹50,000. The compensation is capped at 85 per cent of the net loss, or ₹25,000, whichever is lower. Net loss means the loss after reducing any recovery already made, whether before or after compensation is paid. This compensation can be claimed only once in a lifetime. In a joint account, only one account holder can claim it, and that person cannot later claim it again in an individual capacity.

But this is not an automatic payout in every fraud case. The bank must first be satisfied that the claim is bona fide under its internal policy. The customer must also report the transaction on the National Cyber Crime Reporting Portal or Helpline 1930, and to the bank, within five calendar days of the transaction.

Which are the electronic banking transactions covered by the rules?

The draft directions widen the scope of the framework beyond unauthorised transactions. They now cover “fraudulent electronic banking transactions”, which include both certain authorised transactions tainted by fraud and unauthorised transactions. In other words, the rules are no longer confined only to unauthorised electronic banking transactions.

An authorised electronic banking transaction includes one done by the customer, or by a previously authorised third party, using a standing instruction, mandate, OTP, password, card details or another bank-provided electronic authentication method. But the draft also says some fraud-hit authorised transactions will still fall within the protection framework. These include cases where a third party uses credentials obtained from the customer through fraud, where the customer approves a transaction under coercion or duress, and where the customer is tricked into sending money to a scammer posing as a legitimate recipient.

The draft also links “electronic banking transaction” to the Payment and Settlement Systems Act definition of electronic funds transfer, and specifically includes both card-not-present and card-present transactions.  

It also envisages reporting and review across categories such as card present, card not present, internet banking, mobile banking and ATM transactions.

What facilities should banks provide for reporting of fraudulent electronic banking transactions?

The draft is quite specific on this point. Banks must provide customers with 24x7 access through multiple reporting channels. These can include phone banking, SMS, email, IVR, a dedicated toll-free helpline and reporting through the home branch. These facilities are meant both for reporting fraudulent electronic banking transactions and for reporting loss or theft of a payment instrument such as a card.

The bank must also build an alert system. The transaction alert SMS must carry a number to which the customer can immediately send an objection SMS. The bank must also place a direct reporting link on its website home page.

The draft also requires a clear audit trail. The communication system used for alerts and customer responses must record the date and time when the alert was delivered and when the customer’s response was received.

When is a customer entitled to zero liability and reversal of transaction? What are the timelines prescribed?

The draft gives a customer zero liability in two broad situations.

First, if the fraudulent electronic banking transaction happened because of negligence or deficiency on part of the bank, the customer gets zero liability and reversal, regardless of whether it was reported by the customer.

Second, in cases of third-party breach, the customer gets zero liability and reversal if the unauthorised fraudulent electronic banking transaction is reported to the bank within five calendar days of the transaction.

Where reversal is required, the bank must reverse the transaction with value dating from the original transaction date. That means the customer should not lose interest or bear any extra interest or charges because of the delay in reversal.

The bank must examine the complaint, establish liability and issue its response within the timeline in its policy, but in any case not later than 30 calendar days from receipt of the complaint. If the case qualifies for zero liability, the response must include details of reversal. Also, once the customer has reported the fraudulent transaction, any further unauthorised transaction after that point must be borne by the bank.

What is third party breach under these rules?

The draft defines third-party breach as a situation where the deficiency lies neither with the bank nor with the customer, but elsewhere in the system.

The directions also spell out who this “elsewhere in the system” could be. This includes intermediaries such as a Third-Party Application Provider, Payment Aggregator, Payment Gateway and Telecom Service Provider. So, if the failure arose at one of these layers rather than within the bank or because of customer negligence, the case may fall within the third-party breach category.

Why does this matter in practice? Because if a third-party breach leads to an unauthorised fraudulent electronic banking transaction and the customer reports it within five calendar days, the customer gets zero liability and reversal. If it is reported after five calendar days, the customer may still get compensation in eligible cases under the small-value compensation mechanism, subject to the stated conditions.

How is the compensation shared between the RBI, customer’s bank and beneficiary bank?

The draft lays down a fixed sharing formula for the proposed small-value compensation mechanism, with the exact contributions specified separately for the two loss bands.

For losses below ₹29,412, where compensation at 85 per cent is paid, the draft says 65 per cent shall be borne by RBI, 10 per cent by the customer’s bank and 10 per cent by the beneficiary bank.

Where the loss amount is ₹29,412 or more but not more than ₹50,000, the compensation is capped at ₹25,000. In that case, the contribution is fixed at ₹19,118 from RBI, ₹2,941 from the customer’s bank and ₹2,941 from the beneficiary bank.

The bank must pay the customer within five calendar days of receiving the compensation application and then seek reimbursement from RBI on a quarterly basis. RBI’s March 6 press release adds that this arrangement is proposed only for one year initially and may later be reviewed with the aim of increasing banks’ share and reducing or eliminating RBI’s share.

How does lost amount recovery affect compensation?

The draft makes it clear that compensation is based on net loss, not just the amount first reported as lost. So, if some money is recovered before compensation is paid, the customer’s loss comes down and compensation is calculated on that reduced amount. If money is recovered after compensation has already been paid, the customer’s bank must recalculate compensation based on the revised net loss and apportion the recovered amount accordingly.

For example, if a customer reports a fraudulent loss of ₹40,000 and ₹15,000 is recovered before compensation is paid, the net loss becomes ₹25,000. Compensation then works out to 85 per cent of net loss, or ₹21,250. RBI’s illustration says the Reserve Bank would bear ₹16,250, while the customer’s bank and the beneficiary bank would bear ₹2,500 each.

If compensation of ₹25,000 has already been paid on a ₹40,000 loss and recovery happens later, the bank must recalculate the payout on the revised net loss and redistribute the recovered amount among the customer, RBI, the customer’s bank and the beneficiary bank in the manner set out in the draft illustrations.

What are the banking transactions for which banks have to send alerts to customers?

The draft says banks must require customers using electronic banking transaction facilities, other than ATM cash withdrawals, to provide a mobile number and, where available, an email address. Once that is in place, banks must send instant SMS alerts for all electronic banking transactions above ₹500. For electronic banking transactions of up to ₹500, the bank may decide on instant SMS alerts based on its internal policy.

Banks must also send email alerts for all electronic banking transactions where the customer has provided an email address. These SMS and email alerts are not a substitute for other alert mechanisms. The draft says these are in addition to any other forms of alert, such as in-app alerts or push notifications, that the bank may choose to send.

In practice, the mandatory alert requirement is linked to electronic banking transactions generally, not just suspected fraud cases. Since the definition of electronic banking transaction includes both card-not-present and card-present transactions, the alert obligation extends across a wide range of covered digital payment modes.

Published on March 10, 2026