The Reserve Bank of India (RBI) has issued the Reserve Bank of India (Commercial Banks – Responsible Business Conduct) Third Amendment Directions, 2026, introducing a comprehensive overhaul of the customer protection framework for fraudulent electronic banking transactions (EBTs). The revised directions, which will apply to electronic banking transactions undertaken on or after January 1, 2027, replace the existing provisions on limiting customer liability and establish a more robust mechanism for preventing fraud, protecting customers, and ensuring timely grievance redressal.
The amendment introduces several new definitions, including Electronic Banking Transaction (EBT), Fraudulent EBT, Unauthorised EBT, Third-party breach, Negligence by a bank, Negligence by a customer, and Shadow Reversal. These definitions provide greater clarity regarding the responsibilities of banks and customers in handling electronic payment fraud.
Banks are now required to formulate a customer protection policy covering customer rights and obligations, reporting channels, complaint resolution timelines, and awareness initiatives. The policy must be displayed on the bank’s website. Banks must also strengthen fraud detection systems, implement robust security controls, continuously assess fraud risks, and regularly educate customers about emerging cyber threats and safe digital banking practices.
The revised framework mandates banks to:
- Send instant SMS alerts for all electronic banking transactions exceeding ₹500
- Send email alerts wherever customers have provided an email address
- Provide multiple 24×7 reporting channels for fraudulent transactions and card loss
- Immediately acknowledge complaints with a reference number
- Promptly block further unauthorised transactions after receiving a complaint
The amendment also significantly strengthens customer liability provisions. Customers will enjoy zero liability where fraud results from negligence or deficiencies on the part of the bank or where a third-party breach is reported within five calendar days. Banks must establish customer liability within prescribed timelines of 45 days for domestic and 60 days for cross-border fraudulent transactions.
In eligible cases, transaction reversals must be value-dated to the original transaction date to ensure customers do not suffer any loss of interest or additional charges. Credit card complaints must receive a shadow reversal within five calendar days.
A notable feature of the amendment is the introduction of a compensation mechanism for bona fide individual victims of small-value fraudulent transactions. Eligible customers reporting losses of up to ₹50,000 may receive compensation of 85% of the net loss, subject to a maximum of ₹25,000, with the compensation shared among the RBI, the customer’s bank, and, where applicable, the beneficiary bank.
The revised directions also prohibit banks from charging customers for regulatory SMS alerts and require periodic reporting of fraudulent electronic banking transaction cases to the Board or its designated committee.
Overall, the amendment significantly enhances customer protection, strengthens banks’ accountability, and reinforces trust in India’s rapidly growing digital payments ecosystem.
