Lost money to scams and wondering about reimbursements? Here’s what RBI is now suggesting for cyber fraud victims in India. Read on.
Some of you might remember my earlier rant about scam reimbursements – where I said: strong banks are great, but what good are they to the customer who just lost his shirt? And that… “India urgently needs a formal policy for scam refunds.”
Well… plot twist.
It seems someone at the RBI may have been listening (or at least tolerating my mildly snarky posts).
Here’s what’s cookin’:
Lost money to an online scam?
You might actually get compensated. No questions. That’s what RBI’s new Draft Policy suggests.
Even if you shared your OTP. Yes, that part made me blink too.
Under the draft framework:
– Compensation up to ₹25,000 or 85% of the loss (whichever is less)
– Small-value frauds (<50K) = ~2 out of 3 case volumes in India
– But they account for only ~10% of total fraud $ value
Translation? A lot of people lose smaller amounts. And until now, if you shared your OTP — it was GAME OVER.
Now, the proposed split (for small losses) looks like this:
– RBI picks up the tab for ~70%
– Bank covers some ~15%
– You take a hit for ~15%
But here’s the kicker. It’s a one-time benefit only. So no, this isn’t a subscription model for bad decisions.
Funding? Potentially, RBI’s Deposit Education and Awareness Fund — which includes unclaimed deposits. The kitty reportedly stands at a very healthy ₹85,000 crore. Not exactly loose change.
And honestly? Big thumbs up from me 👍
Because let’s be real — most fraud “prevention” regulation lately has felt like… over-engineered compliance cardio with slightly underwhelming results.
Remember the migration panic, when banks had to rush to adopt .bank.in domains. And fintech/NBFCs etc. were next to go to .fin?
Or when all banks had to migrate to 160/140 prefixes for transaction and promo calls?
Despite boiling that entire ocean, btw I still received a message from ICICI Bank yesterday with a icici.co link that looked like a URL shortener experiment gone rogue.
Also, what happens when phishing pivots to courier companies? Or e-commerce brands? Are average people like me supposed to carry a mental SQL database of TLDs and call prefixes?
For contrast, Brazil implemented a single unified spam-call prefix. Clean. Elegant. Done.
Sometimes Indian regulation feels like the class teacher making all the good kids do sit-ups to teach one naughty kid a lesson.
But hey, this?
This is different.
This focuses on the right side of the fraud event — post-fraud recovery.
And that’s meaningful.
Now the fine print:
Will it apply to past cases?
What exactly qualifies?
What if the loss spans multiple bank accounts?
Those details aren’t out yet. It’s still a draft.
When the final framework drops, the devil will be in the detail.
Until then — don’t wonder where you heard this first.