The RBI's new directions, effective 2027, introduce zero customer liability for digital fraud stemming from bank negligence. This fundamentally shifts the burden of proof and protection from the customer to the financial institution. Fintechs building on UPI will see a ripple effect across their fraud detection and customer service models.
How We Got Here
Prior to this, customers often bore the brunt of proving their innocence in fraud cases, leading to prolonged disputes. The new framework updates the earlier 2017 guidelines for customer protection.
The Numbers
- Banks must now offer "shadow reversals"—provisional credits without interest—for reported fraud cases.
- All electronic banking transactions above ₹500 will require instant SMS alerts from banks.
- Bank negligence now explicitly includes system failures, internal fraud, or not offering 24x7 reporting channels.
- Customers are still liable for fraud resulting from sharing OTPs, downloading malicious apps, or not updating contact details.
- Failures by entities like TPAPs, PAs, PGs, or TSPs are now defined as "third-party breaches" where bank liability applies.
What Happens Next
🇮🇳 Why This Matters for India
For fintech founders in Pune and Hyderabad building payment gateways or lending platforms, this mandates a complete re-evaluation of their security frameworks and compliance costs.
The Take
The true winners here are the consumers, but the hidden cost will be felt by banks and, indirectly, their fintech partners through increased compliance spend. Expect smaller fintechs to struggle with the 2027 deadline.
Source:
MediaNama ↗