RBI Draft Directions 2026: Customer Liability in Fraudulent Electronic Banking Transactions

 07 Mar, 2026

Regulatory Reference

Document: Draft Reserve Bank of India (Commercial Banks – Responsible Business Conduct) Third Amendment Directions, 2026
Subject: Limiting Liability of Customers in Unauthorised Electronic Banking Transactions

Public Comment Deadline: April 6, 2026

Submission Email: mcsdorfeedback@rbi.org.in
or via the RBI Connect 2 Regulate Platform

The Reserve Bank of India has invited public comments on the draft “Reserve Bank of India (Commercial Banks – Responsible Business Conduct) Third Amendment Directions, 2026.” The draft revises instructions relating to limiting liability of customers in unauthorised electronic banking transactions and forms part of the broader Responsible Business Conduct framework for commercial banks.

As digital payments become an everyday utility—from UPI transfers to card-not-present transactions—the question of who bears financial liability when fraud occurs has become increasingly important. RBI’s latest consultation reflects the continuing evolution of India’s digital payments ecosystem, where customer protection, system accountability, and fraud mitigation must operate together.

A Broader Definition of Electronic Banking Transactions

One of the notable elements of the draft is the clarification of what constitutes an electronic banking transaction. The definition aligns such transactions with the concept of electronic funds transfer under the Payment and Settlement Systems Act, 2007 and explicitly includes both card-present and card-not-present transactions [Para 4(10D)].

The draft also expands the concept of “authorised electronic banking transactions.” These may include transactions performed by the customer directly or those executed through a previously authorised third party using authentication mechanisms such as OTPs, passwords, PINs, or card credentials [Para 4(3A)].

Importantly, the framework recognises that some transactions may technically appear authorised but may still involve fraud or coercion—such as when a customer is tricked into sending money to a scammer posing as a legitimate recipient [Para 4(3A) (ii)].

This acknowledgement reflects the growing role of social engineering scams, where fraud occurs not through system breaches but through manipulation of customer behaviour.

Clarifying Negligence: Bank vs Customer

Another important feature of the draft is the attempt to clearly define bank negligence and customer negligence.

Bank negligence may include situations such as failure to implement mandated security systems, not sending transaction alerts, not providing channels for fraud reporting, or failing to act diligently upon customer notification [Para 4(20A)].

Customer negligence may include actions such as sharing OTPs or passwords, ignoring specific fraud warnings issued by the bank, failing to promptly notify the bank after detecting fraud, or downloading malicious applications [Para 4(20B)].

These definitions are intended to provide greater clarity when determining liability in disputes arising from fraudulent transactions.

Strengthening Alerts and Reporting Mechanisms

The draft also proposes stronger transaction alert requirements.

Banks must send instant SMS alerts for electronic banking transactions exceeding ₹500 [Para 76D] and email alerts for all such transactions where the customer has registered an email address with the bank [Para 76E].

Customers must also be provided 24×7 reporting channels for fraudulent transactions through multiple mechanisms such as phone banking, SMS, email, IVR systems, toll-free helplines, or reporting to the home branch [Para 76G].

Banks are further required to ensure that once a complaint is received, it is automatically registered and acknowledged with a complaint number and timestamp [Para 76I].

These measures aim to minimise delays in fraud reporting and ensure that banks can respond quickly to prevent further losses.

Zero Liability and Compensation Framework

The draft reiterates that customers may have zero liability when fraudulent transactions occur due to negligence on the part of the bank or due to certain third-party breaches, provided the fraud is reported within five calendar days [Para 76L].

For small-value fraud cases involving losses up to ₹50,000, the draft introduces a structured compensation mechanism. Eligible customers may receive 85% of the net loss amount or ₹25,000, whichever is lower [Para 76T].

However, the compensation framework is subject to two important conditions [Para 76T (1)]:

• the loss must be established as bona fide according to the bank’s internal processes, and

the victim must report the fraudulent transaction both to the bank and to the National Cyber Crime Reporting Portal or the Cyber Crime Helpline (1930) within five calendar days of the occurrence.

Interestingly, the compensation structure distributes responsibility across the Reserve Bank, the customer’s bank, and the beneficiary bank, reflecting a system-level approach to fraud risk.

Strengthening Trust in Digital Payments

Beyond the technical provisions, the draft directions highlight RBI’s broader objective: strengthening trust in electronic banking systems.

India’s digital payments ecosystem has expanded rapidly over the past decade. With this scale comes the need for frameworks that balance customer protection, bank accountability, and systemic resilience against fraud.

In a rapidly expanding digital payments ecosystem, clarity around customer liability and fraud response mechanisms plays an important role in maintaining public confidence. Frameworks such as these contribute to the broader goal of ensuring that electronic payments remain both convenient and safe for everyday users.

RBI has invited comments from stakeholders and the public, with submissions accepted until April 6, 2026.

In a subsequent post, I plan to examine the illustrations included in the draft directions, which explain how compensation calculations work in practice under different fraud scenarios.

---

The Joy of Digital Transactions

Nayakanti Prashant
Citizen Advocate — Digital Transaction Day (April 11)

👉 https://movethebarrier.blogspot.com/April11

 

 

 

RBI Announces Financial Literacy Week 2026 | Trust Begins with Awareness in Banking

 RBI Financial Literacy Week 2026: Safe Banking, Fraud Prevention, and Depositor Awareness

 

The Reserve Bank of India has announced Financial Literacy Week 2026.
In its official press release (PRID 62189), the Reserve Bank of India reaffirmed a simple but powerful principle — financial stability is strongest when citizens understand the system they participate in.

 

Financial Literacy Week is not a ceremonial observance.
It is a behavioural intervention.

Every year, RBI uses this platform to nudge individuals — depositors, borrowers, digital users, small businesses — toward informed decision-making. The themes typically revolve around safe banking habits, digital awareness, grievance redressal, and fraud prevention.

Why does this matter?

Because modern banking is no longer branch-bound.
It is mobile. Instant. Invisible.

And when finance becomes invisible, risk also becomes invisible.

Financial literacy therefore becomes the first line of defence.

RBI’s continued emphasis on awareness campaigns signals something deeper: regulation alone cannot secure the system. Citizens must participate consciously.

A well-informed depositor:

• Verifies before clicking
• Understands deposit insurance limits
• Avoids sharing OTPs
• Knows how to approach grievance channels

That behaviour reduces friction across the system.

Financial Literacy Week is structured outreach — through banks, regional rural institutions, and digital platforms — to push these behavioural reminders into everyday life. It turns policy language into practical guidance.

---

About Financial Literacy Week

Financial Literacy Week is an annual initiative led by the Reserve Bank of India to promote financial awareness across the country. It involves participation from banks, financial institutions, and grassroots banking channels to spread key messages on safe and responsible financial practices.

The campaign typically includes educational materials, social media outreach, customer engagement activities, and community-level awareness programs — ensuring that financial knowledge reaches both urban and rural populations.

The objective is simple yet systemic:
empower individuals to make informed financial decisions.

---

The larger insight?

Banking resilience is not built only through capital buffers and compliance audits. It is also built through informed citizens.

When individuals understand how deposit insurance works, how digital payments function, or how fraudsters operate, panic reduces. Reaction time improves. Losses decline.

In that sense, Financial Literacy Week is preventive architecture.

In banking, trust is sustained not only by rules —
but by informed participation.

And informed participation begins with literacy.

 

The Joy of Safe ePayments
Nayakanti Prashant
Citizen Advocate — Safe ePay Day

“Let’s make April 11 a global symbol of care — in payments, in protection, in progress.”

👉 movethebarrier.blogspot.com/April11

Disclaimer: The only Joy is Safe ePayments. 

How BBPS and UPI Can Make RBI’s Phone Lock Proposal Fair for Borrowers

The Citizen Advocate Summary: Declaring April 11 as Safe ePay Day

Nayakanti Prashant – Citizen Advocate for Safe ePay Day ✍️

Proposing April 11 as Safe ePay Day to mark UPI’s pilot launch on April 11, 2016, by NPCI with 21 banks, initiated by Dr. Raghuram G. Rajan in Mumbai. This initiative celebrates UPI’s seamless integration of banking and merchant payments.

April 11 – Declare ‘Safe ePay Day’,

Yes, April 11 is vacant in the UN Observance Day calendar

UPI 10^th Birthday -April 11 2026

Small-Ticket Loans in India: From Defaults to 60-Minute Unlocks via PLPL

A) Could your phone be collateral? A look at PLPL, RBI’s phone lock idea, and how BBPS/UPI and a 60-min SLA can protect borrowers in India.

B) India has a chance to make phone-lock lending borrower-friendly with PLPL — transparent branding, BBPS repayments, and fair unlock SLAs.

 ----------------------------------------------------------------------------

When Mobile Phones Become Collateral — An Indian Perspective

 

Introduction

A recent Reuters report suggested that the Reserve Bank of India (RBI) is exploring the idea of allowing lenders to remotely lock financed mobile phones if borrowers default on their loans.

The news has triggered debate: is this a step towards responsible recovery, or a coercive measure that could harm consumers?

My view: India has a unique opportunity to design a customer-friendly Phone-Lock Personal Loan (PLPL) product that balances lender recovery with borrower protection. Done right, this can become a blueprint for the world.

---

Why Small-Ticket Loans Are Different in India

Small-ticket loans in India are primarily consumption-driven — financing smartphones, appliances, and other durables. Unlike car or home loans, these don’t create a tangible asset that can be repossessed and resold. Recovery challenges are compounded because many borrowers are either new-to-credit or have low credit scores.

Table 1: Asset-Backed vs Consumption Loans

Feature	Asset-Backed Loan (e.g., Car, Home)	Consumption Loan (e.g., Phone, Appliance)
Collateral value	High, resalable	Low or negligible
Recovery mechanism	Repossession, resale	Limited options
Borrower profile	Established credit history	Often new-to-credit
Default risk	Moderate	Higher

 “In India, a phone is more than a gadget — it’s a gateway to work, payments, education, and identity.”

---

The Phone-Lock Personal Loan (PLPL) Concept

If a device-lock feature is embedded in lending, it must be branded upfront. Borrowers should never be caught by surprise.

• Transparency: Product explicitly called Phone-Lock Personal Loan (PLPL).
• Consent: Separate signed/OTP consent for lock/unlock rights.
• Key Facts Statement (KFS): One-page summary with exact lock conditions.

 “If it locks, say it upfront.”

---

Disbursement Transparency

Loan disbursement should leave a clear audit trail.

• Bank narration: NBFC | PLPL | Loan No: XXXXX | Phone: 9XXXXXXXXX
• Account Aggregator advantage: Helps spot stacking, avoid over-exposure.
• ₹2 token entry: Proof of lock/unlock, visible in borrower’s statement.

 

 

 

Table 2: Sample Narration Entries

Transaction Type	Sample Narration String	Purpose
Disbursement	NBFC	PLPL
EMI Debit	Loan No: 12345	EMI Debit
Lock Invoked	Loan No: 12345	PHONE LOCKED
Partial Payment	Loan No: 12345	Partial
Unlock (Full)	Loan No: 12345	PHONE UNLOCKED (Full)
Closure	Loan No: 12345	PLPL Loan Closed
Restructure	Loan No: 12345	EMI Rescheduled

---

Repayment & Unlock Design

The most critical aspect is speed and fairness.

• Payment rails: BBPS (integrated with UPI, netbanking, cash).
• 60-minute SLA: Unlock within 60 min of repayment. Essentials restored within 5 min on partial pay.
• Partial vs full: ≥30% dues = partial unlock; full repayment = complete unlock.

 “No borrower should wait longer than their next cup of chai for their phone to unlock.”

 

 Table 3: SLA Commitments for PLPL

Payment Type	Repayment Status	Unlock Window	Notes
UPI (BBPS)	Partial ≥30%	Essentials ≤5 min	Instant callback: SMS, UPI, emergency restored
UPI (BBPS)	Full repayment	Full unlock ≤60 min	Automated unlock post-BBPS confirmation
BBPS Cash	Partial ≥30%	Essentials ≤30 min	Dependent on agent reporting, near real-time
BBPS Cash	Full repayment	Full unlock ≤60–90m	Buffer for settlement confirmation
Netbanking/Card	Partial ≥30%	Essentials ≤15 min	Callback slower than UPI but faster than NEFT
Netbanking/Card	Full repayment	Full unlock ≤60 min	Once BBPS confirms, unlock triggered
NEFT/RTGS	Full repayment	Unlock 2–4 hrs	Settlement cycle delay, disclose upfront
Cheque	Full repayment	Unlock next day	Legacy mode; manual clearance, borrower must be informed

---

Operational Controls & Governance

A Phone Lock Portal must be mandatory.

• Maker-checker: Collections agent initiates, supervisor approves.
• Phone Lock History: Immutable record of lock/unlock events.
• Customer access: IVR/web portal to check status.
• Audit trail: Available for RBI inspection.

---

Responsible Lending Guardrails

• 30% cap: No more than 30% of PLPL portfolio locked.
• SLA compliance: Unlock timelines tracked & disclosed.
• Complaint redress: Disputes resolved within 48 hours.
• Independent audit: Annual certification of lock software.

Hook: “Locking a phone should never mean locking away a livelihood.”

Table 4: Responsible Lending Indicators

Indicator	Target	Purpose
% portfolio under lock	≤30%	Prevents overuse, signals quality
Median unlock time	≤30 min	Faster than SLA cap
Unlocks completed ≤60 min	≥98%	SLA compliance
Essentials restored ≤5 min	≥95%	Protects basic use
Complaint ratio	≤5 per 1,000 loans	Tracks borrower friction
Resolution time	≤48 hours	Quick dispute redress
Disbursement narration compliance	100%	Clear records, no ambiguity
Audit of device software	Annual	Ensures trust & security

---

Why This Could Be a Game-Changer

• Credit inclusion: Millions of new-to-credit get formal histories.
• Lower risk: Lenders recover better, NPAs reduce.
• Borrower trust: Fair SLAs make it acceptable.
• Global model: India can export this framework.
• Safe ePay vision: Fits perfectly into secure digital finance narrative.

---

Conclusion

India stands at a crossroads.

The technology to lock financed phones already exists, but the question is how to use it responsibly.

By creating a distinct PLPL product, embedding transparency in disbursement, mandating BBPS/UPI for repayments, and guaranteeing a 60-minute unlock SLA, India can balance innovation with fairness.

I look forward to RBI releasing a draft guideline so that stakeholders can refine this further.

— Nayakanti prashant, Citizen Advocate for Safe ePay Day

References:

Hindu Business Line @ https://www.thehindubusinessline.com/money-and-banking/rbi-plans-to-give-lenders-key-power-to-recover-small-loans-sources-say/article70037274.ece

 

MSN @ https://www.msn.com/en-in/money/news/rbi-to-allow-lenders-to-lock-mobile-phones-of-loan-defaulters-details-here/ar-AA1MkIk5

 

---

 

• Appeal for Safe ePay Day 🌟

## Call to Action 

I urge governments, financial institutions, businesses, and communities worldwide to join hands in declaring April 11 as **Safe ePay Day**.

Let’s celebrate UPI’s milestone by making **Safe ePay Day** a global movement for secure, innovative fintech.

Together, we can build a future where financial access is universal, and every e-payment is safe—starting with **Safe ePay Day** in 2026.

 

No Vada Pav, not even one bite,
Till SafeePay Day takes off in flight.
Quirky vow with a Mumbai flair—
Announce the date, and I’ll be there!

 

Disclaimer: - The only Joy is Safe ePayments. Nothing More – Nothing Less.

April 11 – Declare ‘Safe ePay Day’.

Appeal to Declare April 11 as Safe ePay Day

Driven by belief in UPI’s transformative power, this initiative—free of personal gain—aims to celebrate India’s fintech legacy and spark a global movement for secure, inclusive e‑payments.