The exponential rise in digital transactions, principally UPI in volume terms, has been accompanied by a spike in scams. Unsuspecting, fearful or preoccupied individuals may lose thousands or lakhs of rupees in minutes, or crores over days of “digital arrest”. Those who are just curious or looking to make a quick buck can be trapped by clicking on ‘phishing’ links, apps, videos or messages, which cannibalise their phones or laptops. They could end up funnelling money into ‘mule accounts’ used for dubious activity and get criminally implicated.
According to a recent discussion paper by the Reserve Bank of India on digital frauds, the number of such events rose from 2.6 lakh in 2021 to 28 lakh in 2025 and amounts involved from ₹551 crore to ₹22,931 crore. This rise in digital heists calls for action at various levels: software protection; a governance system in banks that tackles such fraud with a sense of accountability; heightened public awareness; and a law and order machinery that keeps up with cyber crime methods. The RBI has been engaged with the first two aspects. A master circular issued two years back spells out the systems that must be in place in banks.
The RBI discussion paper contemplates changes in the user software to enhance protection. It suggests a short delay in the execution of the debit — an hour’s gap — to give the payer a chance to reconsider the transaction, and reflect on whether he has been defrauded. The paper suggests applying this check on transactions exceeding ₹10,000. According to the National Cyber Crime Reporting Portal, transactions above ₹10,000 account for about 45 per cent of reported fraud cases by volume, which makes it a good cut-off point. The suggestion is useful, but can apply to P2P transactions, and not P2M ones, where speed is of the essence. It is reasonable to focus on UPI to curb fraud, as it transfers funds instantaneously. UPI also accounts over 80 per cent of all transactions.
Another noteworthy suggestion pertains to third party verification to prevent senior citizens from losing their money. A trusted person identified by a vulnerable customer can act as another layer of authentication for transactions above ₹50,000. The paper suggests that P2Ms, which includes routine debits, can be exempted from this requirement — which holds true for the proposed one-hour norm as well. As for identifying mule accounts, the RBI has suggested an annual credit limit of ₹25 lakh annually for low turnover credit accounts, beyond which banks should sit up and take notice. But investigations can turn messy, as accounts of innocent consumers are frozen. An investigation protocol needs to evolve for cyber fraud. While the police is developing its capacities, it is behind the curve. The RBI should periodically review IT governance in banks, and their interface with the police. Finally, consumer awareness campaigns matter the most. Cyber crime works as much on manipulating the mind, as it does on software.
Published on April 14, 2026