Digital Fraud in India and RBI’s compensatory measures 

Syllabus:GS3/Economy; Cyber Security 

In News

• Recently the Reserve Bank of India (RBI) has proposed to compensate for losses arising from small-value fraudulent transactions.

Key Points of RBI’s Intervention 

• The Reserve Bank of India (RBI) has proposed compensating customers up to ₹25,000 for losses from small-value fraudulent transactions, including cases where a one-time password (OTP) was shared.
  • This applies once per customer for unintended losses, with compensation covering either ₹25,000 or 85% of the loss, and in some cases, 70% of the loss paid by RBI and the remainder shared with the bank. 
  • The pay-outs will come from surplus funds in the Deposit Education and Awareness Fund.
• RBI will issue draft guidelines for public consultation on three areas: preventing mis-selling of financial products, ensuring fair loan recovery practices, and limiting customer liability in unauthorized electronic banking transactions. 
• A discussion paper will also explore enhancing digital payment safety, including delayed credit verification and extra authentication for vulnerable users.
  • These steps aim to strengthen trust, safety, and accountability in India’s banking system.

Present status of Digital Fraud

• India has seen a sharp rise in cybersecurity incidents from 10.29 lakh in 2022 to 22.68 lakh in 2024, along with significant financial losses from cyber fraud. 
• While these figures underscore growing digital threats, they also reflect improved detection, reporting, and monitoring systems across the country.
• RBI data shows, India records some of the highest volumes of digital payments in the world, there is one fraudulent transaction for every 1,01,242 transactions and only ₹1.40 lost for every ₹1 lakh moved.

Major Drivers of Digital fraud cases

•  Rapid digitization: Over 86% of Indian households are now internet-connected, boosting access to digital services under the Digital India initiative, but also increasing vulnerability to cyber fraud, making cybersecurity a national priority.
•  Low digital literacy: Many users fall prey to phishing and OTP scams due to lack of awareness.
• Weak personal security practices: Sharing OTPs, using weak passwords, and downloading unverified apps.
  • Fraudsters use fake links and messages to steal banking credentials.
• Organized cybercrime networks: Fraudsters exploit loopholes in telecom and banking systems.
  • Scammers posing as officials, bank employees or government agents to mislead victims.
• Cross-border threats: Increasingly sophisticated attacks originating outside India.

• Investment and Ponzi Scams: False high-return platforms trick users into investing funds
• Technological Exploitation: Use of fake apps, clone websites and social engineering to extract personal information.

Impacts

• Huge Financial Losses: Citizens and businesses have reported losses in the tens of thousands of crores.
• Low Recovery Rates: Only a small fraction of the lost funds is recovered, as complex money trails and mule accounts make tracing difficult.
• Erosion of Trust: Frequent fraud cases can reduce confidence in online payments and digital services.
• National security concerns: Cyber fraud overlaps with data theft and espionage risks.
• Social impact: Vulnerable groups (elderly, rural users) disproportionately affected.
  • Lack of digital literacy, especially in semi-urban and rural areas, increases susceptibility to scams.

Laws and Legislations

• Recognizing the critical importance of a secure digital environment, India’s Cybersecurity framework is underpinned by key legislations, notably:
  • Information Technology Act, 2000:  It forms the foundation of India’s cyber law, addressing offences like identity theft, impersonation, online fraud, and dissemination of harmful content, while empowering authorities to block malicious websites and apps.
  • Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 ensure accountability of social media intermediaries, digital platforms, and online marketplaces. It addresses emerging misuse of technologies, including AI and mandates the removal of unlawful content from platforms.
  • Digital Personal Data Protection Act, 2023 requires that all personal data be handled lawfully and with user consent, making India’s digital landscape safer and more accountable for everyone. The Act places strict obligations on data fiduciaries to ensure security safeguards, thereby reducing the risks of unauthorised access or misuse.
  • The Indian Computer Emergency Response Team (CERT-In) monitors cyber risks, issues advisories, and conducts mock drills to enhance organisational readiness, while the National Critical Information Infrastructure Protection Centre (NCIIPC) safeguards vital sectors like banking, telecom, power, and transportation. 
  • The Indian Cybercrime Coordination Centre (I4C) strengthens law enforcement capabilities through training, technical support, and real-time coordination, having already blocked thousands of accounts linked to cyber frauds. 
  • National exercises, including the Bharat National Cybersecurity Exercise 2025 and STRATEX, test inter-agency coordination and strengthen India’s overall cyber resilience. 

Conclusion and Way Ahead

• India’s rapid digital transformation has increased both opportunities and cyber risks. The government’s multi-layered cyber response system, supported by advanced forensics, big data analytics, and indigenous tools, has helped prevent fraud and disrupt scams. 
• However, safeguarding cyberspace requires joint action from both the government and citizens to effectively combat cyber threats.
• Therefore is a need to strengthen cyber laws with stricter penalties and faster grievance redressal; deploy AI and machine learning for real-time fraud detection; expand public awareness campaigns in regional languages; build capacity by training police and judiciary; enhance international cooperation to combat cross-border cybercrime.

Source:IE