Compensation: What Digital Fraud Victims Must Know

Customers will qualify for compensation even if they mistakenly share the OTP.

The Reserve Bank of India has issued draft directions to partly compensate victims of small-value digital payment frauds.

Experts say the framework could strengthen trust in India's digital payment system, especially among senior citizens and first-time users.

At the same time, they caution that the proposal has limits and does not reduce the need for customers to exercise safeguards.

• QUESTIONS ABOUT MONEY? ASK rediffGURUS!

RBI digital fraud compensation plan

Key positives

Under the draft, an eligible victim will receive 85 per cent of the net loss amount, or Rs 25,000, whichever is lower.

The compensation will apply only where the gross loss is up to Rs 50,000.

"The framework addresses the segment in which most incidents occur," says S Anand, founder and CEO, PaySprint.

"It also marks a shift from a liability-sharing framework to a protection-oriented framework," says Jyoti Prakash Gadia, managing director, Resurgent India.

OTP sharing now covered

Customers will qualify for compensation even if they mistakenly share the one-time password (OTP).

"Earlier mechanisms were more focused on assessing customer negligence before providing compensation," says Shams Tabrej, cofounder and CEO, Ezeepay.

Banks must provide time-bound relief to victims.

They will need to process and credit compensation within five days of receiving a valid complaint.

Bank accountability increases

The framework also places greater responsibility on banks during dispute resolution.

Banks will have to justify their decisions with supporting data before rejecting claims.

"They would now need to provide OTP logs, SMS records, and transaction authentication details if they reject a complaint," says Anand.

This requirement is expected to improve transparency in investigations.

"It will reduce arbitrary rejection of complaints and strengthen consumer rights in digital banking disputes," says Rahul Sheth, vice president, BusinessNext.

The framework also introduces a more structured compensation mechanism.

Earlier, compensation could vary across institutions.

One-time benefit limit

This benefit is available only once in an individual's lifetime.

"This can prevent misuse of the structure and keep it financially viable," says Tabrej.

Gadia adds that it will discourage moral hazard and encourage vigilance among users in protecting their digital credentials.

Under the existing system, liability is zero if a customer reports an unauthorised transaction within three working days (if they were not negligent).

It is capped according to the type of account if the transaction is reported within four to seven days.

Under the new framework, compensation will be uniform, irrespective of account category, provided it is reported within five days.

Digital fraud cap concerns

A few limitations

The compensation is capped at Rs 25,000, so it will not fully protect people who lose more.

"As digital transactions grow, fraud values may increase, which could make the cap restrictive," says Anand.

The relief is also a one-time benefit.

"This means limited support for people who are victimised multiple times," says Tabrej.

Gadia says customers will not receive full cover even when fraudsters execute multiple small transactions within a short period.

Customers could be deprived of compensation if they don't detect the fraud in good time.

"The five-day reporting requirement may be challenging for such victims," says Sheth.

What customers need to do

The final guidelines are awaited. They are likely to come into effect from July 1.

Given the limited, one-time compensation, users must exercise all possible precautions while conducting digital transactions.

Always double-check the receiver's name and details before confirming a payment.

"For new payees, first send a small amount on UPI to verify the recipient before sending larger sums," says Akshay Garkel, partner and leader - cyber, Grant Thornton Bharat.

Use only the 'Pay' option in UPI and do not approve unexpected 'Collect' requests.

"Beneficiary-change requests received on WhatsApp should be verified by calling the vendor on the listed number," says Dip Mehta, partner, EY Forensic and Integrity Services.

Do not reveal OTPs and UPI PINs.

"Customers should hang up and call the bank helpline if asked for them during a call," adds Mehta.

Be on guard against phishing attempts.

"Avoid clicking on links sent through SMS, WhatsApp or email asking for KYC updates, deliveries or refunds," says Garkel.

Don't drop your guard

• Pause and verify before you pay, especially if request is urgent.
• Short cooling period or call-back verification can disrupt scams that rely on urgency and isolation.
• Review periodically the app permissions you have given and revoke those that are unnecessary.
• Secure your device and apps with a lock, use current software, and install official apps.

• QUESTIONS ABOUT MONEY? ASK rediffGURUS!

Disclaimer: This article is meant for information purposes only. This article and information do not constitute a distribution, an endorsement, an investment advice, an offer to buy or sell or the solicitation of an offer to buy or sell any securities/schemes or any other financial products/investment products mentioned in this article to influence the opinion or behaviour of the investors/recipients.

Any use of the information/any investment and investment related decisions of the investors/recipients are at their sole discretion and risk. Any advice herein is made on a general basis and does not take into account the specific investment objectives of the specific person or group of persons. Opinions expressed herein are subject to change without notice.

• MONEY TIPS

Feature Presentation: Ashish Narsale/Rediff