1. The Quick Rule #
Speed is your best defense. If you lose money to a cyber-fraudster, your liability depends entirely on how fast you report it. Under the 2026 RBI Guidelines, if you report the fraud within 5 days, you are eligible for 85% to 100% compensation, even if the bank was not at fault.
2. The Liability Scale (Who Pays?) #
In 2026, the Reserve Bank of India follows a strict liability structure:
| Reporting Timeline | Customer Liability | Reversal Status |
| Bank Negligence | Zero | Bank must reverse the amount immediately. |
| Reported < 3 Days | Zero | Full refund even if it was a third-party breach. |
| Reported 4–5 Days | 85% Recovery | You get back 85% of the loss (up to ₹50,000). |
| After 5 Days | As per Bank Policy | Depends on the bank’s individual board-approved policy. |
3. Step-by-Step Recovery Action Plan #
If you see an unauthorized transaction alert, follow the “3-Step Shield” immediately:
- [ ] Step 1: Call 1930 (The Cyber-Helpline). This is the national “Citizen Financial Cyber Fraud Reporting” number. Calling within the first 2 hours (The Golden Hour) allows authorities to “freeze” the money in the scammer’s wallet before they withdraw it.
- [ ] Step 2: File at CyberCrime.gov.in. Lodge a formal complaint on the National Cyber Crime Reporting Portal. Save the Acknowledgement Number—you will need this for the bank.
- [ ] Step 3: Notify the Bank. Use the bank’s “Fraud Reporting” button in the app or call their 24/7 helpline. Explicitly ask for the Transaction Block and a Complaint Reference Number.
4. Special Protections: Small-Value Scams (2026 Update) #
By July 2026, the RBI introduced a new Compensation Fund for small-value frauds (up to ₹50,000):
- Automatic Sharing: For genuine scams reported promptly, the loss is shared: 65% by RBI, 10% by your bank, and 10% by the beneficiary (thief’s) bank.
- No Question Period: For losses under ₹500 where the bank failed to send an SMS alert, the bank is 100% liable to refund the money without investigation.
5. What Defines “Customer Negligence”? #
You may lose your right to a refund if the bank proves you were negligent. In 2026, negligence includes:
- Credential Sharing: Intentionally sharing your OTP, PIN, or Password with another person.
- Delayed Reporting: Notifying the bank after you realized the loss but decided to wait.
- Ignoring Warnings: If your banking app gave a specific, clear “Scam Warning” before you clicked a link, and you bypassed it.
- Malicious Apps: Downloading unverified “Screen Sharing” apps (like AnyDesk or TeamViewer) at the request of a stranger.
6. The Official Proof (For Authority) #
“Whoever, by deceiving any person… fraudulently induces the person so deceived to deliver any property… shall be punished with imprisonment up to 3 years.”
RBI Commercial Banks Directions, 2026 (Para 76M):
“A customer shall be entitled to zero liability where the fraudulent electronic banking transaction occurs due to negligence on part of the bank, or where a third-party breach occurs and the customer notifies the bank within three working days.”
Section 318 of the BNS, 2023 (formerly Cheating): “Whoever, by deceiving any person… fraudulently induces the person so deceived to deliver any property… shall be punished with imprisonment up to 3 years.”
