RBI plans ₹25,000 compensation for cyberfraud victims
RBI Plans ₹25,000 Compensation for Cyberfraud Victims
1. At a Glance
- The Reserve Bank of India (RBI) proposed a framework (announced February 2026) to compensate victims of small-value online/digital frauds up to ₹25,000 per incident. [S1]
- Compensation covers 85% of the amount lost, or ₹25,000, whichever is lower; both victim and bank bear 15% each of the transaction value. [S2]
- Funding source: Depositor Education and Awareness (DEA) Fund, currently worth ~₹85,000 crore, maintained by the RBI. [S2][S3]
- UPSC relevance: intersects GS-III (cybersecurity, digital economy, banking regulation) and GS-II (consumer protection, regulatory bodies).
2. Why in the News
- At the February 2026 Monetary Policy Committee (MPC) meeting, RBI Governor Sanjay Malhotra announced the proposal, with draft guidelines to be issued "very shortly." [S1][S2]
- Context: 65% of online frauds by number involve amounts below ₹50,000, yet victims get little recourse because banks often cite "customer negligence" (e.g., sharing OTPs). [S2]
- Prior to this, RBI Governor had flagged the rise in digital frauds as a systemic concern (October 2025 speech) and cautioned banks to build proactive fraud-detection systems. [S4]
- Announcement bundled with the 'bank.in' exclusive domain initiative for banks (April 2025 rollout) as part of a larger digital-fraud-prevention package. [S1]
3. Background & Evolution
| Year | Milestone |
|---|---|
| 2014 | DEA Fund Scheme notified under Section 26A of the Banking Regulation Act, 1949; operative from 24 May 2014. Unclaimed deposits (>10 years) transferred to this fund. [S3] |
| 2019–22 | Surge in UPI/digital fraud; RBI began mandating zero-liability and limited-liability frameworks for unauthorised electronic transactions (via RBI Master Directions on Customer Protection, 2017). |
| 2023–24 | National Cyber Crime Reporting Portal (I4C/MHA) reports cyberfraud cases exceeding ₹11,000 crore in losses. |
| Oct 2025 | RBI Governor Malhotra publicly flags digital frauds as "increasingly becoming a problem"; asks banks for robust proactive systems. [S4] |
| Feb 2026 | Formal proposal: ₹25,000 compensation framework using DEA Fund; draft guidelines imminent. [S1][S2] |
4. Core Static Facts
Scheme / Framework: - Name: Compensation Framework for Small-Value Cyberfraud Victims (proposed; draft guidelines pending) - Proposed by: RBI under Governor Sanjay Malhotra - Announced: February 6–7, 2026 (MPC meeting, Mumbai)
Compensation Structure: - Maximum compensation: ₹25,000 per victim per incident - Amount paid: 85% of fraud amount OR ₹25,000, whichever is less - Loss-sharing: Victim bears 15% + Bank bears 15% + RBI (DEA Fund) bears 85% (subject to ceiling) - No-fault clause: No questions asked even if OTP was shared, provided loss is deemed unintended / not mala fide - Applicable to: Small-value fraudulent transactions (threshold: <₹50,000 per transaction) - Coverage by number: Transactions under ₹50,000 = 65% of all online frauds
DEA Fund: - Statutory basis: Section 26A, Banking Regulation Act, 1949 - Operative since: 24 May 2014 [S3] - Current corpus: ~₹85,000 crore - Source of funds: Unclaimed bank deposits (inactive for >10 years), plus accrued interest - Administered by: RBI
Anti-Fraud Parallel Initiative: - 'bank.in' domain: Exclusive domain for Indian banks; rollout from April 2025; aims to distinguish genuine banking sites from phishing sites [S1]
5. Multi-Dimensional Analysis
Economic
- India's digital payment volume surpassed ₹200 lakh crore in FY2024-25; fraud losses directly erode consumer trust and digital adoption.
- The DEA Fund corpus of ₹85,000 crore is large enough to absorb small-value claims without fiscal stress on the exchequer.
- Mandatory bank co-payment (15%) creates a financial incentive for banks to invest in fraud prevention rather than externalising losses to customers.
Social
- 65% of fraud victims by count are small-value losers — predominantly low-income, semi-literate, or elderly digital banking adopters most vulnerable to social engineering.
- No-fault/no-questions-asked clause removes the stigma and procedural burden that deters fraud reporting; important for financial inclusion goals.
- Addresses the power asymmetry between a sophisticated bank and an individual victim who may have been manipulated into sharing credentials. [S2]
Legal / Constitutional
- DEA Fund draws statutory authority from Section 26A, Banking Regulation Act, 1949 (inserted by amendment). [S3]
- Existing RBI Master Directions on Limiting Liability of Customers in Unauthorised Electronic Payment Transactions (2017) established zero-/limited-liability norms; this proposal extends that doctrine to OTP-shared cases.
- Key legal nuance: Current rules deny protection if the customer shared credentials; proposed scheme reverses this for small-value cases, creating a new no-fault liability standard.
- Anti-fraud orders also link to IT Act, 2000 (Sections 43, 66C, 66D) on data theft and identity fraud.
Technological
- The framework implicitly pressures banks to deploy AI-based fraud detection (real-time transaction monitoring, anomaly scoring) to limit their 15% co-payment exposure.
- 'bank.in' domain initiative (complement measure) uses DNS-level trust signals to fight phishing. [S1]
- Discussion paper on lagged credits (delayed settlement for high-risk transactions) and additional authentication for senior citizens signals RBI's layered-security approach.
Ethical / Governance
- The "mala fide" filter — RBI states it will verify the fraud is not intentional by the victim — raises questions about verification mechanisms and potential misuse.
- Placing the financial burden partly on banks is a moral hazard calibration: banks must not trivialise fraud prevention by knowing RBI backstops losses.
- Transparency of DEA Fund utilisation will need to be publicly disclosed; accountability for claims processing is yet to be defined in draft guidelines.
Administrative
- Draft guidelines not yet released (as of February 2026); implementation timeline is unclear.
- Requires building a claims adjudication mechanism (likely via bank ombudsman or a new digital channel).
- Coordination needed between RBI, Ministry of Electronics and IT (MeitY), MHA (I4C), and individual banks.
6. Recent Developments (Last 12–18 Months)
- January 2025: RBI Governor Malhotra cautions lenders against rising digital frauds; calls for proactive fraud detection systems. [S4]
- April 2025: RBI rolls out 'bank.in' exclusive domain for Indian banks to combat phishing. [S1]
- October 2025: Malhotra reiterates that "digital frauds are increasing, becoming a problem" in public address. [S4]
- February 6–7, 2026: MPC meeting — RBI formally proposes ₹25,000 compensation cap for small-value online fraud victims; references DEA Fund (₹85,000 crore corpus); draft guidelines promised imminently. [S1][S2]
- February 2026: RBI also announces separate discussion paper on digital payment safety (lagged credits, extra authentication for vulnerable users). [S1]
7. Prelims Hooks (High-Density Factual Bullets)
- Maximum compensation under proposed RBI framework for cyberfraud victims: ₹25,000 per incident. [S2]
- RBI pays 85% of the fraud amount (subject to ₹25,000 cap); victim and bank each bear 15%. [S2]
- Funding source: Depositor Education and Awareness (DEA) Fund, not consolidated fund of India. [S3]
- DEA Fund statutory basis: Section 26A of the Banking Regulation Act, 1949. [S3]
- DEA Fund operative since: 24 May 2014. [S3]
- DEA Fund corpus as of 2026: approximately ₹85,000 crore. [S2]
- DEA Fund is funded by unclaimed deposits lying with banks for more than 10 years. [S3]
- The framework covers small-value transactions — those below ₹50,000 — which constitute 65% of online frauds by number. [S2]
- Proposal announced by RBI Governor Sanjay Malhotra at the February 2026 MPC meeting. [S1]
- No-fault clause: Compensation is payable even if the victim shared an OTP, as long as loss is unintended. [S2]
- Anti-fraud companion initiative: 'bank.in' domain — exclusive domain for Indian banks, rolled out April 2025. [S1]
- Current RBI framework on unauthorised digital transactions: Master Directions on Limiting Customer Liability, 2017 (existing baseline). [S2]
- The proposal does not cover high-value frauds above ₹50,000 under the no-questions-asked clause. [S2]
8. Mains Relevance
GS Paper Mapping:
| Paper | Syllabus Heading |
|---|---|
| GS-III | Indian Economy — Digital Economy, Cybersecurity, Banking Sector Regulation |
| GS-II | Governance — Regulatory Bodies (RBI), Consumer Protection, Digital India |
| GS-IV | Ethics in Governance — Accountability of institutions; Protecting vulnerable stakeholders |
Plausible Mains Question Stems: 1. "The RBI's proposed ₹25,000 cyberfraud compensation framework represents a shift from 'customer-at-fault' to 'shared-liability' doctrine. Critically evaluate its design, limitations, and implications for India's digital payment ecosystem." (GS-III) 2. "Discuss the role of the Depositor Education and Awareness (DEA) Fund in protecting depositors' interests. How can its corpus be strategically deployed for financial consumer protection?" (GS-III/II) 3. "Rising digital frauds pose a systemic risk to financial inclusion goals. Examine the regulatory and technological interventions available to the RBI to mitigate this threat." (GS-III)
9. Related Topics to Study Next
| Topic | Connection |
|---|---|
| RBI Customer Protection & Limiting Liability Master Directions, 2017 | Direct predecessor framework; the proposed scheme modifies its scope |
| Depositor Education and Awareness (DEA) Fund — full mechanics | Funding source for compensation; statutory basis, governance |
| Digital Payment Security in India (UPI, NPCI safeguards) | Fraud occurs mostly via UPI/digital channels; understanding payment rails is essential |
| IT Act, 2000 — Sections 43, 66C, 66D | Legal provisions under which cyberfraud is prosecuted; links to victim's remedies |
| Banking Regulation Act, 1949 — Key Sections | Section 26A (DEA Fund); broader RBI regulatory powers |
| National Cyber Crime Reporting Portal (I4C/Cybercrime.gov.in) | Parallel administrative mechanism; MHA's role vs. RBI's role in fraud redressal |
| Financial Inclusion & Jan Dhan Yojana | Vulnerable new-to-banking users are primary fraud targets; policy overlap |
| RBI Ombudsman Scheme / Integrated Ombudsman Scheme, 2021 | Existing grievance redressal; how the new framework interfaces with it |
10. Common Errors / Trap Areas
- Wrong fund name: Aspirants often confuse the DEA Fund with DICGC (Deposit Insurance and Credit Guarantee Corporation) cover — DICGC insures deposits up to ₹5 lakh against bank failure, not cyberfraud. These are distinct instruments.
- Wrong liability split: The split is 85% RBI (DEA Fund) + 15% bank + 15% victim — note that 15%+15% = 30%, and RBI pays the remaining 70% of the 85% (i.e., the 85% cap is on what RBI pays after the others absorb their share). Read carefully: each party bears 15% of the transaction value; RBI covers 85% up to ₹25,000.
- Scope confusion: The no-questions-asked clause applies only to small-value transactions (<₹50,000); larger frauds are not covered by this blanket protection.
- DEA Fund operative date: The fund was operational from 24 May 2014, not 2019 or 2020 as some study materials conflate with later digital-payment-era reforms.
- Scheme status: As of February 2026, this is a proposal / draft framework, not yet notified law — aspirants should not cite it as a finalised scheme unless updated guidelines are released.
11. Sources
- [S1] RBI proposes Rs 25,000 compensation for small-value digital frauds — https://www.business-standard.com/finance/news/rbi-proposes-rs-25-000-compensation-for-small-value-digital-frauds-126020600906_1.html — (Tier 4)
- [S2] RBI monetary policy: Small digital fraud victims to get up to ₹25K refund — https://www.business-standard.com/finance/news/digital-fraud-victims-compensation-rbi-upto-25000-126020601584_1.html — (Tier 4; corroborated by article excerpt, Tier 4)
- [S3] Depositor Education and Awareness (DEA) Fund Scheme — FAQs — https://www.rbi.org.in/commonman/English/Scripts/FAQs.aspx?Id=3578 — (Tier 1)
- [S4] Digital frauds increasing, becoming a problem — RBI Governor — https://www.business-standard.com/economy/news/digital-frauds-increasing-becoming-a-problem-says-rbi-governor-125100801380_1.html — (Tier 4)
- [S5] The Hindu BusinessLine article excerpt (7 February 2026) — https://www.thehindu.com/todays-paper/2026-02-07/th_international/articleG62FI5UTJ-13402993.ece — (Tier 4, primary source supplied)