RBI Proposes Pilot Compensation Scheme with Up To ₹25,000 Relief for Digital Fraud Victims

The Reserve Bank of India (RBI) has unveiled draft amendment directions to its 2017 framework on limiting customer liability for unauthorised electronic banking transactions, proposing a landmark pilot scheme that would compensate genuine victims of small‑value digital frauds with up to ₹25,000 (85% of the loss or the cap, whichever is lower) once in a lifetime. The scheme, set to launch on a one‑year pilot from July 1, 2026, targets losses up to ₹50,000 across UPI, internet banking, card payments, mobile banking and ATMs, provided the customer reports the fraud within five days to both the bank and the National Cyber Crime helpline (1930) or portal, and an assessment confirms no gross negligence on their part. 

Funding the scheme would require the RBI to contribute 65% of eligible payouts from its own resources, banks to cover 20%, and the customer to bear the remaining loss (up to 15%), with the contribution ratios subject to review after the pilot based on claims data and recovery rates. , The proposal builds on the current tiered liability model, which has no liability for cases with no fault, ₹5,000–₹25,000 for delays in reporting, and full liability for negligence. It also adds proactive reimbursement to restore trust in digital payments, which have been hit hard by cyber fraud that has stolen over ₹52,000 crore since 2021. 

The draft also strengthens banks’ responsibilities: it mandates faster complaint acknowledgement (within three days), resolution timelines (10 days for small claims), and a standardised fraud dispute process with clear escalation paths to the RBI Ombudsman. Banks must classify fraud as “bank/TPAP negligence", “customer negligence", or “third‑party fraud” and pursue recoveries aggressively, while RBI plans to monitor systemic patterns and issue advisories to address recurring vulnerabilities like OTP bypasses and social engineering. 

This shows that India's businesses and consumers are in a more mature ecosystem where regulators are finding a balance between innovation and accountability. The scheme encourages banks to invest in AI-driven fraud detection (as the Supreme Court recently ordered) and real-time transaction monitoring, while also giving victims real relief without letting them off the hook for their own actions. Critics, however, question the one‑time cap’s adequacy for repeat victims, the feasibility of quick assessments in high‑volume fraud scenarios, and whether banks will pass compliance costs to customers via higher fee issues likely to shape stakeholder feedback due by March 31. If it goes ahead, the pilot could set a new standard for shared-risk models in digital finance. This would make India's system more like what is done around the world while keeping UPI safe from fraud.. 

📰 MINI HEADLINES 

• Supreme Court tells banks to use AI against cyber fraud, calls it a form of “digital robbery” 

In a landmark observation, the Supreme Court has directed banks to deploy artificial intelligence and advanced analytics tools to identify and block suspicious or unauthorised financial transactions in real time. The Court emphasised that the growing tide of cyber fraud must be treated with the same seriousness as physical robbery, underscoring banks’ responsibility to safeguard customer assets in the digital era. It further noted that proactive AI-driven monitoring systems can significantly reduce fraud-related losses and reinforce public trust in financial security. 

Read More → https://www.bankingfinance.in/legal-news-for-march-2026.html 

• Iran-Linked Hacktivists Strike Stryker: Healthcare Supply Chains Exposed 

In a calculated escalation of state-aligned cyber operations, the Iran-linked Handala hacking collective has claimed responsibility for a sophisticated cyber intrusion into Stryker Corporation, a global medtech powerhouse, resulting in widespread network disruptions across its Microsoft-based infrastructure. The attack, said to be in response to U.S.-Israeli military actions, including a deadly strike on an Iranian school that killed over 170 people, reportedly allowed hackers to steal 50 terabytes of sensitive data and erase information from tens of thousands of employee devices using Microsoft Intune, severely disrupting internal communications, manufacturing, and supply logistics. This incident not only underscores the fragility of healthcare supply chains to geopolitical cyber threats but also highlights the strategic pivot toward destructive "wiper" tactics, reminiscent of prior Iran-attributed operations like the 2012 Saudi Aramco breach, posing profound risks to hospital operations reliant on Stryker's orthopaedic implants, surgical tools, and life-critical devices. 

Read More → https://www.aljazeera.com/news/2026/3/11/iran-linked-hackers-hit-medical-giant-stryker-in-retaliatory-cyberattack 

• Shorter, Faster Cyberattacks Surge: India Blocks 9 billion Attempts in 2025 as AI-Assisted Hacking Evolves 

India's cybersecurity systems blocked more than 9 billion harmful requests in 2025, which is a 27% increase from the previous year, as cyberattacks became quicker, using AI to quickly exploit APIs, disrupt workflows, and scan for weaknesses Financial services bore the heaviest load, with smaller institutions particularly at risk from sophisticated DDoS campaigns and authentication flaws that enabled high-volume, automated strikes. Industry experts at Indusface stress the urgent need for AI-driven countermeasures to deliver real-time protection against these fleeting yet potent threats reshaping the cybersecurity landscape.

Read More → https://economictimes.indiatimes.com/news/india/shorter-faster-cyberattacks-india-blocked-9-billion-attempts-in-2025-as-ai-assisted-hacking-grows/articleshow/129464140.cms