The Reserve Bank of India has put forward a series of measures designed to protect digital payment users from the rapidly growing threat of online fraud. Released in a discussion paper, the proposals introduce targeted friction into high-risk transactions while aiming to leave low-value, everyday payments largely undisturbed. The central bank has invited feedback from stakeholders until May 8, after which it will consider moving toward formal draft guidelines.

 

A One-Hour Cooling Window for Larger Transfers

The centrepiece of the RBI's proposals is a mandatory time delay on certain digital transactions. For authorised push payments where a user actively initiates a fund transfer — exceeding 10,000, the RBI has suggested introducing a hold of up to one hour at the sender's end before the money actually moves. During this window, the sender would have the option to cancel the transaction entirely.
 

The logic behind this measure is to disrupt a common tactic used by fraudsters, the creation of urgency and psychological pressure that pushes victims into transferring money before they have time to reconsider. A structured cooling-off period would give both the customer and the payment system a critical opportunity to identify and intercept suspicious activity before the funds are gone.

 

Extra Layer of Protection for Vulnerable Users

For senior citizens and persons with disabilities groups that are disproportionately targeted by impersonation and coercion-based scams, the RBI has proposed an additional layer of authentication for high-value transfers. Under this framework, transactions above 50,000 initiated by such users would require prior approval from a nominated trusted individual before the payment can proceed. The measure acknowledges that these groups face a heightened risk of being manipulated into authorising large transfers and seeks to place a human check in the path of such transactions.

 

Caps on Bank Account Credits to Fight Mule Accounts

The RBI has also turned its attention to the growing misuse of mule accounts — bank accounts used by fraudsters to receive and rapidly move stolen funds. To tackle this, the central bank has proposed capping annual inflows into accounts at approximately 25 lakh for accounts that have not undergone enhanced due diligence. Credits beyond this threshold would not be outright rejected but instead held as shadow credits — accessible only after the bank verifies their legitimacy. If the bank is not satisfied with the source of the funds within a specified period, the excess amount could be reversed. The measure is aimed at making it significantly harder for fraud networks to use ordinary bank accounts as conduits for laundering stolen money.

 

A Universal Kill Switch Across All Payment Channels

Rounding out the proposals is a push to expand user-controlled security settings across every digital payment channel including UPI, credit and debit cards, and internet banking. The RBI wants customers to have the ability to switch individual payment modes on or off, set their own transaction limits, and most significantly  activate a kill switch that would instantly disable all digital payment access on their account if they suspect fraud or a security breach. Putting these controls directly in the hands of users addresses a common frustration in fraud cases, where victims often have no quick mechanism to halt further damage once they realise something is wrong.
 

The Backdrop: Surging Online Fraud

The proposals come in direct response to a steep rise in digital payment fraud across India, particularly in the category of authorised push payment scams, where victims are deceived or pressured into approving transfers themselves. Data from the National Cyber Crime Reporting Portal reflects a sharp upward trend in such cases, underscoring the urgency of stronger preventive frameworks.

 

The RBI has been explicit that the measures are not intended to slow down India's digital payments ecosystem, which has grown at a remarkable pace in recent years. Rather, the central bank frames these safeguards as a necessary evolution — a recognition that as digital payments become more deeply embedded in everyday life, the increasing sophistication of the fraud techniques targeting them demands a more layered and proactive approach to protection.