Mumbai: The Reserve Bank of India on Thursday released a discussion paper that sets out four options for introducing extra layers of safeguards in digital transactions, which include a lagged credit for authorised push payments above Rs 10,000 in order to check mounting frauds which crossed the Rs 22,930 crore mark in 2025.
The other three options include additional authentication by a trusted person for high-value digital transactions by senior citizens, only accounts with satisfactory additional review to receive large credits, and customer-induced controls.
According to the first option, banks would be required to hold account-to-account transfers above Rs 10,000 for one hour at the payer’s end before executing them. During this period, customers would retain the option to cancel the transaction.
If a transaction appears suspicious, the bank would be required to seek reconfirmation from the payer before proceeding. Merchant payments, e-mandates, NACH transactions, and cheques would be exempt. Customers could also whitelist specific payees to bypass the delay.
The RBI noted that transactions above Rs 10,000 account for approximately 98.5 per cent of total fraud value while making up around 45 per cent of reported fraud cases by volume, which justifies the threshold as a targeted safeguard.
The RBI paper points out that most digital frauds today do not involve a technical breach of systems. Instead, fraudsters use social engineering, impersonation, and coercion to pressure victims into transferring money themselves, a category known as Authorised Push Payment or APP fraud. Once funds move through near-instant channels like UPI or IMPS, recovery becomes extremely difficult.
“Fraudsters typically rely on creating urgency and maintaining continuous psychological pressure on the victim to prevent deliberation. Introducing lag at the payer’s end breaks the fraudster’s psychological control,” the paper observes.
The other proposals would require citizens aged 70 and above and persons with disabilities to nominate a “trusted person” whose authentication would be mandatory for transfers above Rs 50,000. Such cases cover nearly 92 per cent of the fraud value reported to NCRP.
The second proposal would cap annual aggregate credits into individual and small business accounts at Rs 25 lakh. Amounts beyond this threshold would be held as “shadow credit” accessible only after the account holder satisfies the bank about the transaction’s legitimacy. If no justification is provided within 30 days, the funds will be returned to the sender.
The fourth proposal involves a “kill switch” that would allow customers to instantly disable all digital payment channels from their account in one step, a feature already operational in Singapore and being rolled out by some banks in Australia.
The RBI said these options are aimed at the broad objectives of inducing a lag in select categories of digital payments (by way of process-level changes or in terms of additional due diligence thereby buying time for both customers and PSOs to limit fraudulent transactions from being executed or proceeds thereof from being moved quickly, and empowering the customer through the provision of customised controls.
The apex bank also acknowledged the tradeoffs involved, noting that a mandatory lag conflicts with the core design principle of instant payments and could confuse users. It also flagged that fraudsters may simply pressure victims into whitelisting transactions, reducing the mechanism’s effectiveness.
Stakeholders have until May 8 to submit comments through the RBI’s Connect 2 Regulate portal. The central bank said it will consider issuing draft guidelines after reviewing feedback.
(IANS)
