Digital banking: Framework of transactions and consumer liability in India

Read Article

Digital banking has rapidly expanded in India with the use of technologies such as internet banking, mobile banking and the Unified Payments Interface (UPI), making financial transactions faster and more convenient.

However, the growth of digital banking has also led to increased risks, including cyber fraud, phishing attacks, identity theft and unauthorised electronic transactions. To address these challenges, the Reserve Bank of India (RBI) has issued regulatory guidelines to regulate digital banking transactions and protect consumers.

RBI rules on digital banking fraud

Sana Khan
Sana Khan
Associate Partner
SNG & Partners

Digital banking transactions in India are regulated by the Banking Regulation Act, 1949, the Payment and Settlement Structures Act, 2007, and the Information Technology (IT) Act, 2000, in addition to the penal laws of the country. On 6 July 2017, the RBI issued the circular titled Consumer Protection – Limiting Liability of Consumers in Unauthorised Electronic Banking Transactions. This establishes the following norms, effective since 1 July 2026.

(1) Zero liability of consumer. Financial institution consumers have zero liability when the unauthorised transaction occurs because of negligence of the bank; or there is a device breach within the bank’s infrastructure.

Additionally, the purchaser has to report the unauthorised transaction within three working days.

(2) Limited liability. If the fraud happens because of a third-party breach and the consumer reports it within four to seven days, the consumer might bear constrained liability concern to the transaction amount and financial institution policy.

(3) Consumer negligence. Where the loss occurs due to consumers’ negligence, such as: sharing passwords with unauthorised persons; disclosing OTPs to unauthorised persons; or disclosing banking credentials.

The consumer becomes exposed to grave losses until the financial institution is knowledgeable of the fraud. It is as if the consumer is handing the keys of his safe to an unknown individual who intends to steal from the consumer.

RBI proposes stronger digital fraud protection

Bijal Parikh
Bijal Parikh
Associate
SNG & Partners

Recently, the RBI has proposed additional measures to strengthen consumer protection in digital banking.

(a) Partial repayment for victims of digital fraud in small-value transactions mainly through the UPI, debit cards and mobile wallets;
(b) Mandatory evidence from banks before rejecting fraud claims; and
(c) Increased obligation of banks while managing fraud court cases, including OTP authentication logs, IP address and device statistics, SMS alerts and communication records, login records from net banking structures, transaction authorisation logs.

India unauthorised banking fraud case law

  • In Suresh Chandra Singh Negi v Bank of Baroda, Allahabad High Court held that the burden of proving negligence lies on the bank when a consumer disputes an unauthorised transaction. However, where technical records show that the consumer authorised the transaction, the bank cannot be held liable.
  • In Hare Ram Singh v Reserve Bank of India and Ors, the court emphasised that banks must exercise reasonable care and act promptly after cyber fraud is reported. Where a customer reports fraud immediately and there is no gross negligence on their part, the principle of zero consumer liability applies, requiring banks to reimburse the loss.
  • In Paul Onyeji Atuh v State NCT of Delhi, Delhi High Court denied bail to an accused involved in an organised cyber-fraud network using fake online identities. The court highlighted the seriousness and transnational nature of cybercrime.

Bombay HC cyber fraud case

In March 2026, a sitting judge of Bombay High Court was reportedly defrauded of about INR600,000 (USD6,500) through credit card cyber fraud. A first information report was registered under provisions of the Information Technology Act, 2000 (Sections 66, 66C and 66D) and relevant offences under the Bharatiya Nyaya Sanhita, 2023, which is the successor statute of the Indian Penal Code, 1860.

Report cyber fraud via portal/helpline

Citizens can report cyber offences through the National Cyber Crime Reporting Portal or by calling the national cybercrime helpline 1930 for digital fraud, identity theft, phishing and unauthorised banking transactions.

Virtual banking has made monetary transactions comfortable and efficient for millions of consumers. However, the rise of cyber fraud and unauthorised digital transactions has created complicated legal problems regarding consumer liability.

Sana Khan is an Associate Partner and Bijal Parikh is an Associate at SNG & Partners

Latest Articles

SNG & Partners advises ICICI Prudential on ₹520 crore Pune IT Park acquisition

SNG & Partners opens office in GIFT City

SNG & Partners Advised Josts Engineering Company Limited And Its Promoters On Sale Of 100% Stake In JECL Engineering Limited To Rahul Dhoot

Internship & Articleship

Error: Contact form not found.

Disclaimer

By proceeding further and clicking on the “I ACCEPT” button below, you acknowledge that you of your own accord wish to know more about SNG & Partners (“The Firm”) for your own information and use. You further acknowledge that there has been no solicitation, invitation or inducement of any sort whatsoever from SNG & Partners or any of its employees, partners, associates or members to create an attorney-client relationship through this website. You further acknowledge having read and understood this Disclaimer.

This website is a resource for informational purposes only and is intended, but not promised or guaranteed, to be correct, complete, and up-to-date. While SNG & Partners has taken utmost care to ensure accuracy and completeness of the information contained on this website, the Firm does not warrant that the information contained on this website is accurate or complete, and hereby disclaims any and all liability for any loss or damage caused or alleged to have been caused to any person by relying on any information contained on this website. The contents of this website should not be construed as an opinion, legal or otherwise, on any issue or subject. 

SNG & Partners further assumes no liability for the interpretation and/or use of the information contained in this website, nor does it offer a warranty of any kind, either expressed or implied. The owner of this website does not intend links from this site to other Internet websites to be referrals to, endorsements of, or affiliations with the linked entities. The Firm is not responsible for, and makes no representations or warranties about the contents of websites to which links may be provided from this website.

Furthermore, the owner of this website does not wish to represent anyone desiring representation based solely upon viewing this website or in a Country/State where this website fails to comply with local laws and ethical rules of that state. You may note that the use of the internet or email for conveying confidential or sensitive information is susceptible to risks of disclosure associated with sending email over the internet.

The Firm advises against the use of the communication platform provided on this website for exchange of any confidential, business or politically sensitive information. User is expected to use his or her judgment and such information shared will be solely at the user’s risk.

Communication through this website in any form shall be for the purpose of enquiries only and shall not hold good for service of any kind of court proceedings, summons, advance notice, pleadings etc. For service of any such document and/or notice to the Firm and/or to any of its partners under the act or rules including under CPC, Cr. PC and/or any other law shall be served at our concerned office or to the concerned advocate dealing with the matter.

I Accept