RBI’s proposed digital payments fraud safeguards face pushback: Industry presents alternatives to blanket transaction limits

Instead of blanket delays on transactions of above Rs 10,000 and rigid credit caps, stakeholders are urging dynamic controls triggered by user behaviour, beneficiary familiarity and transaction patterns. The RBI has invited feedback on the paper until May 9.

The discussion paper proposes a one-hour cooling-off period for peer-to-peer (P2P) transactions of above Rs 10,000, during which users would have the option to cancel the transfer. The central bank has cited data showing that high-value transactions account for a disproportionately large share of financial frauds.

While some participants acknowledge that a cooling-off window could help prevent impulsive transfers in cases of social engineering, others caution that delaying settlement could dilute one of UPI’s core strengths — instant fund transfer. 

What do industry participants say?

A leading payments player noted that “lagged transactions might lead to evasion of trust within common people who are using UPI but do not understand it well yet,” adding that instant settlement has been central to building user confidence and could be “detrimental for overall volumes and values of UPI.” 

Manish Agrawal, senior executive vice president – credit intelligence & control at HDFC Bank, said while the cooling-off period is well intentioned, from an operational and customer experience perspective, the threshold of Rs 10,000 may be a “matter of experimentation to start with”.

Mihir Gandhi, partner, leader – payments transformation and fintech at PwC, said a cooling-off period for authorised push payments above Rs 10,000 is reasonable, given the rise in frauds. “It’s not for all transactions, only person-to-person transfers initiated by the user.

That’s understandable,” he said, adding that even a shorter window of 15 to 30 minutes could serve the purpose if implemented effectively. “Giving customers an ‘unsend’ option during that window could be meaningful.”

Industry on impact of suggested guidelines beyond user behavior

Beyond user behavior, industry executives said implementing such safeguards would require significant technology changes for UPI participants, at a time when monetisation avenues remain limited and cost pressures are rising.

“The proposals certainly require enhancements in transaction monitoring frameworks, customer profiling, payment processing architecture, digital channel controls, exception handling, grievance management, and customer communication mechanisms,” Agrawal said. 

He added that banks may also need to invest further in fraud risk analytics, AI/ML-based behavioural monitoring, customer education, real-time alert frameworks, and review processes for flagged transactions or shadow credits. The paper also proposes an annual credit threshold of `25 lakh, beyond which enhanced due diligence could be triggered.

Industry participants say this could affect freelancers, gig workers and small businesses with uneven cash flows, potentially pushing some activity towards cash if compliance processes become cumbersome. Merchant payments have been exempted from the proposed delay, limiting the immediate impact on small businesses. 

Since most UPI transactions, particularly among small merchants, are low-value, typically under 11,000, the near-term effect on volumes may be limited. However, stakeholders note that small merchants operating through personal accounts could face friction, potentially accelerating their migration to formal merchant onboarding channels.

Instead of fixed thresholds, several players have suggested that safeguards be triggered through behavioural intelligence models. Cooling-off periods, they argue, could be applied selectively to first-time beneficiaries or transactions that deviate sharply from a user’s historical pattern, rather than automatically to all transfers above a specified amount.

Abhay Johorey, managing director of consulting firm Protiviti, argues that the impact may be more behavioural than structural, with users becoming more cautious or splitting high-value payments, thereby reducing impulsive transactions that fraudsters often exploit. 

Raj P Narayanam, founder and executive chairman of Zaggle, stressed the need for continued user awareness efforts, noting that a significant share of fraud cases stem from social engineering rather than system vulnerabilities. Faster dispute resolution and stronger coordination between banks, fintech firms and regulators would further strengthen trust in the ecosystem, he added.

Other participants are urging greater emphasis on upstream fraud prevention. Abhinav Parashar, co-founder and CEO of Digio, suggested introducing clearer visual identifiers within UPI interfaces to help users distinguish legitimate accounts from potential mule accounts.

He also recommended exploring out-of-band authentication mechanisms, such as face liveness checks or voice-based OTP verification, to prevent remote device takeovers.

“Since social engineering frauds are largely remote, the industry is suggesting that offline payments be treated differently. By leveraging GPS location captures or NFC to verify physical proximity, the ecosystem can intelligently bypass friction for genuine, in-person transactions,” Parashar said.

Overall, industry stakeholders say a combination of targeted technological safeguards, user education and ecosystem-level coordination would help strengthen fraud prevention while preserving the speed and convenience that have underpinned India’s digital payments growth.