Think of an airport baggage carousel. When the belt is moving fast, you often hesitate — was that your bag or someone else’s? It’s easy to miss it in the rush. But when the belt slows down, the same bag is much easier to recognise. Details stand out, and you have a moment to be sure before picking it up. Fraud works in a similar way. When money moves instantly, there’s no time to pause or question. Slow things down even briefly, and it becomes easier to spot when something isn’t right.

India spent the last decade building among the world’s fastest retail payments systems. UPI, IMPS and instant bank transfers made moving money almost effortless. But that same speed has also become a scamster’s weapon. In many frauds today, the victim is not hacked but manipulated — through fake arrest calls, parcel scams or threats of account freezes — into transferring money voluntarily. These are authorised push payment frauds (APP frauds). The Reserve Bank of India’s latest discussion paper (https://tinyurl.com/rbidigifraud) argues that stronger safeguards are now needed, even if that means adding a little friction. The concern is clear. Fraud cases have risen more than tenfold since 2021, while the money at stake has exploded to nearly ₹23,000 crore.

Slowing payments

One of the key proposals in the RBI paper is simple: account-to-account transfers above ₹10,000 to individuals, sole proprietorships or partnership firms could be delayed by one hour. The lag would apply primarily at the payer’s end, with customers retaining the option to cancel the transaction during this window.

The logic is straightforward. Fraudsters rely on urgency and psychological pressure. A one-hour pause can disrupt that, giving the payer time to reconsider.

The RBI notes that while such transactions account for about 45 per cent of fraud cases by number, they make up 98.5 per cent of the value lost — making the threshold significant.

However, the trade-off is clear. Delays may inconvenience time-sensitive payments and conflict with the expectation of instant transfers. The paper therefore also explores whether such lags should be applied more selectively, for instance, to first-time payees or unusual transactions.

Customers may also be allowed to override the delay by whitelisting payees or specific transactions. But this creates another risk. Fraudsters could simply persuade victims to bypass the safeguard.

The RBI is considering giving customers far greater control over digital payments. Similar to how cards can be switched on or off today, customers may be able to enable or disable UPI, internet banking and other payment channels at the account level.

This would be helpful because fraud situations require speed, and one control can quickly stop all digital payment access. It also lets customers match payment access to their actual usage, instead of leaving every channel open by default.

More importantly, there could be a single “kill switch” to disable all digital payments at once. This control could be made available through apps, internet banking, call centres, branches and other authenticated channels. Once activated, it would override all other settings.

Reactivating payments may require stricter authentication, and in some cases even a branch visit. Certain transactions such as standing instructions or mandates may continue to be exempt.

A broader policy question remains. Should digital payment access be enabled by default, or should new accounts start with these features switched off in the interest of security? The answer will determine how this balance between safety and convenience evolves.

Protecting the elderly

The paper proposes that for app transfers above ₹50,000, customers aged 70 and above and persons with disabilities may require an additional authentication from a designated “trusted person”. The idea is to add a second layer of verification for high-value transactions, where fraud risk tends to be higher.

However, the proposal raises practical questions. What happens if the trusted person is unavailable? Could this delay urgent transactions? And how workable is this for customers who operate independently?

The framework also proposes a 24-hour cooling period for changing the trusted person or opting out. This is meant to prevent hasty or pressured decisions.

However, it brings up a broader issue. The real challenge is balancing protection with autonomy. Safeguards should help vulnerable customers without making routine banking cumbersome.

Mind it

One RBI proposal is that all bank accounts may, by default, be flagged as low-credit-turnover accounts unless the bank turns off the flag after taking additional documents. Such accounts may face an annual aggregate credit limit fixed by the bank, subject to an RBI ceiling of ₹25 lakh.

If money comes in above this limit, the excess may be kept as “shadow credit” and released only after the bank is satisfied that the transaction is genuine. If the customer cannot satisfy the bank within 30 calendar days, the amount may be sent back.

The idea is aimed at making bank accounts harder to misuse. But it may also inconvenience genuine customers with irregular large inflows, such as freelancers, small traders, retirees or families receiving large transfers. The challenge is to curb mule accounts without creating avoidable friction for ordinary customers.

Published on May 2, 2026