Miss this 5-day deadline and you could lose RBI fraud compensation, warns CA Kanan Bahl
Missing a simple five-day reporting deadline could cost victims their RBI-backed compensation for online banking fraud, chartered accountant Kanan Bahl has warned. Under the new framework, eligible customers must report fraud to both their bank and the National Cyber Crime Helpline within five days to claim compensation from January 1, 2027.
- Jun 28, 2026,
- Updated Jun 28, 2026 7:15 AM IST
Victims of phishing scams, fake KYC fraud, UPI fraud and other digital banking scams could soon get financial relief under the Reserve Bank of India's (RBI) new compensation framework. However, chartered accountant Kanan Bahl says many people could miss out on the benefit simply because they fail to act within a crucial five-day reporting window.
The RBI's new compensation framework comes into effect on January 1, 2027, as a one-year pilot and aims to strengthen consumer protection while making banks more accountable for digital fraud. It applies to eligible fraudulent electronic banking transactions involving individual customers and sole proprietors.
"People are focusing on the compensation amount, but the most important part is the reporting timeline," Bahl said. "You have only five calendar days from the fraud to report it. Miss that window and you get nothing."
Two complaints are mandatory
According to Bahl, reporting the fraud to the bank alone will not be sufficient.
Victims must notify both their bank and the National Cyber Crime Helpline (1930) within five calendar days of discovering the fraudulent transaction. Failure to report the incident to either authority within the stipulated period could make the customer ineligible for compensation under the RBI framework.
The strict reporting timeline is intended to improve the chances of freezing fraudulent transactions and recovering stolen funds before they are moved through multiple accounts.
Who can claim compensation?
The RBI framework covers fraudulent electronic transactions such as UPI fraud, internet banking fraud, phishing scams, fake KYC requests and other digital payment frauds, provided the loss does not exceed ₹50,000.
Eligible customers can receive 85% of their net loss, after adjusting any recovered amount, or ₹25,000, whichever is lower. The compensation can be claimed only once during a customer's lifetime.
For example, a customer who loses ₹20,000 without any recovery would receive ₹17,000. If the net loss is ₹50,000, the maximum compensation payable would be ₹25,000.
Banks must prove negligence
Bahl said another significant change is that the burden of proof has shifted from customers to banks.
"Until now, banks could often deny claims by saying the customer was negligent. From January 2027, the bank has to prove negligence. If it cannot, the customer becomes eligible for compensation under the framework," he explained.
In cases where fraud occurs because of a bank's own failure—such as internal security lapses, employee involvement or failure to send transaction alerts—the customer's liability will be zero, and the bank will reimburse the entire loss without any upper limit.
How the compensation is funded
While customers will receive compensation directly from their bank, the payout will be shared among multiple stakeholders.
According to Bahl, the RBI will bear 65% of the compensation, while the customer's bank and the bank that received the fraudulent funds will each contribute 10%. The customer will bear the remaining 15% of the loss.
With Indians estimated to lose over ₹60 crore every day to online fraud, Bahl said the new framework marks a major step towards protecting digital banking users. But he stressed that the compensation is not automatic.
"The biggest takeaway isn't just that compensation is available—it's that people must report fraud immediately. Those five days could determine whether you recover your money or lose the benefit altogether," he said.
Victims of phishing scams, fake KYC fraud, UPI fraud and other digital banking scams could soon get financial relief under the Reserve Bank of India's (RBI) new compensation framework. However, chartered accountant Kanan Bahl says many people could miss out on the benefit simply because they fail to act within a crucial five-day reporting window.
The RBI's new compensation framework comes into effect on January 1, 2027, as a one-year pilot and aims to strengthen consumer protection while making banks more accountable for digital fraud. It applies to eligible fraudulent electronic banking transactions involving individual customers and sole proprietors.
"People are focusing on the compensation amount, but the most important part is the reporting timeline," Bahl said. "You have only five calendar days from the fraud to report it. Miss that window and you get nothing."
Two complaints are mandatory
According to Bahl, reporting the fraud to the bank alone will not be sufficient.
Victims must notify both their bank and the National Cyber Crime Helpline (1930) within five calendar days of discovering the fraudulent transaction. Failure to report the incident to either authority within the stipulated period could make the customer ineligible for compensation under the RBI framework.
The strict reporting timeline is intended to improve the chances of freezing fraudulent transactions and recovering stolen funds before they are moved through multiple accounts.
Who can claim compensation?
The RBI framework covers fraudulent electronic transactions such as UPI fraud, internet banking fraud, phishing scams, fake KYC requests and other digital payment frauds, provided the loss does not exceed ₹50,000.
Eligible customers can receive 85% of their net loss, after adjusting any recovered amount, or ₹25,000, whichever is lower. The compensation can be claimed only once during a customer's lifetime.
For example, a customer who loses ₹20,000 without any recovery would receive ₹17,000. If the net loss is ₹50,000, the maximum compensation payable would be ₹25,000.
Banks must prove negligence
Bahl said another significant change is that the burden of proof has shifted from customers to banks.
"Until now, banks could often deny claims by saying the customer was negligent. From January 2027, the bank has to prove negligence. If it cannot, the customer becomes eligible for compensation under the framework," he explained.
In cases where fraud occurs because of a bank's own failure—such as internal security lapses, employee involvement or failure to send transaction alerts—the customer's liability will be zero, and the bank will reimburse the entire loss without any upper limit.
How the compensation is funded
While customers will receive compensation directly from their bank, the payout will be shared among multiple stakeholders.
According to Bahl, the RBI will bear 65% of the compensation, while the customer's bank and the bank that received the fraudulent funds will each contribute 10%. The customer will bear the remaining 15% of the loss.
With Indians estimated to lose over ₹60 crore every day to online fraud, Bahl said the new framework marks a major step towards protecting digital banking users. But he stressed that the compensation is not automatic.
"The biggest takeaway isn't just that compensation is available—it's that people must report fraud immediately. Those five days could determine whether you recover your money or lose the benefit altogether," he said.