The Reserve Bank of India (RBI) has taken cognisance of the sharp rise in digital payment frauds in a discussion paper proposing additional safeguards for digital payments. It cited data from the National Cyber Crime Reporting Portal (NCRP), which showed that reported cases climbed from 2.6 lakh in 2021 to 28 lakh in 2025, while the value of frauds rose from Rs 551 crore to Rs 22,931 crore.
The RBI noted that fraudsters now use bogus call centres, deepfake impersonation, and mule account networks. It also observed that authorised push payment (APP) frauds leave limited scope for recovery. The paper seeks public views on the proposed safeguards, with comments invited until May 8, 2026.
These are the central bank’s suggestions:
Lagged credit for APP: Adding a short one-hour delay before APPs are executed, so that the payer gets time to reconsider a transfer and the bank gets time to spot suspicious activity. It says this should apply at the payer’s end, where social-engineering tactics work on the victim, and it adds that customers should retain the option to cancel the transaction during the delay window. It further said it could be applied to both the payer and payee.
- The proposal would apply only to APP transactions of Rs 10,000 and above.
- Banks would provisionally debit the payer’s account and provide a one-hour cancellation window.
- Banks may seek reconfirmation if a transaction appears unusual.
- Customers could override the delay for time-sensitive transfers through whitelisting, including transaction-specific or payee-specific options.
- Merchant payments, recurring payments, and cheque payments would remain exempt.
Account ceiling of annual aggregate credits: The paper proposes limiting aggregate annual credits (the total amount of money received in an account) unless the customer provides additional proof of a genuine business need. Banks should flag such accounts and treat them as low credit turnover accounts by default, with the option to switch the flag on or off later based on risk assessment and supporting documents.
- The proposed ceiling stands at Rs 25 lakh in annual aggregate credits, though banks may set a lower limit based on their own risk assessment.
- The measure would cover individuals, joint accounts, sole proprietorships and partnership accounts, including LLPs.
- Corporations, listed companies, and government accounts would remain outside the scope.
- If credits exceed the threshold, banks would allow “shadow credits,” releasing funds only after additional checks. The amount would be reversed after 30 days if the customer fails to satisfy the bank’s requirements.
Customer-induced controls: The RBI suggests extending customer-controlled safeguards beyond cards to other digital payment channels. It proposes account-level digital payment controls that let customers switch payment modes on or off and set transaction limits. Furthermore, a single “kill switch” could disable all digital payment transactions at once. Customers could reactivate payments through digital channels or at a bank branch, subject to authentication.
- Banks may provide controls across one or all digital payment channels through internet banking, mobile banking, phone banking, IVR or other authenticated interfaces.
- Banks may exempt payment mandates and standing instructions from the controls.
Also read
- Explained: RBI’s Draft Amendments for Bank Policies and Customer Protection in Fraudulent Digital Transactions
- RBI mulls bringing e-commerce marketplaces within its regulatory ambit: Payments Vision 2028 report
- SEBI Reaches Out To Social Media Platforms And Search Engines To Combat Digital Financial Fraud
For You
- Read Reasoned by Nikhil Pahwa: How AI is changing our world
- Sign up for MediaNama's Daily Newsletter to receive regular updates
- Sponsor a MediaNama Event






























