New Delhi: The Reserve Bank of India (RBI) has taken a decisive step to fight the explosion of digital payment frauds that have cost Indians thousands of crores. On April 10, 2026, the central bank released a detailed Discussion Paper titled “Exploring Safeguards in Digital Payments to Curb Frauds.” The paper outlines fresh protective measures that could slightly slow down instant transfers but are designed to give users critical breathing room and block fraudsters at multiple levels.
Digital payments in India have grown explosively over the past decade. Transaction volumes have jumped 38-fold while values have more than tripled, powered by systems like UPI, IMPS and NEFT. Yet this rapid expansion has created new vulnerabilities. Fraudsters no longer need to hack systems technically. Instead, they rely on social engineering, coercion, impersonation, bogus call centres, deepfake videos and sophisticated mule account networks. Victims are tricked into willingly initiating and authenticating transactions themselves — a category known as Authorised Push Payment (APP) frauds. Once the money leaves the account, recovery becomes almost impossible because of the instant nature of digital payments.
Explosive Rise in Cyber Frauds: The Shocking Numbers
Data from the National Cyber Crime Reporting Portal paints a grim picture. Cyber fraud cases have skyrocketed from 2.6 lakh in 2021 (worth ₹551 crore) to 6.9 lakh in 2022 (₹2,290 crore), 13.1 lakh in 2023 (₹7,465 crore), 24 lakh in 2024 (₹22,848 crore) and a staggering 28 lakh cases in 2025 worth ₹22,931 crore. Transactions above ₹10,000 make up only 45 per cent of reported fraud cases by volume but a massive 98.5 per cent by value. Almost every section of society has been hit, but vulnerable groups — especially senior citizens — have suffered disproportionately.
What RBI Has Already Done: Existing Anti-Fraud Tools
Before proposing new rules, the RBI highlighted its current armoury. Two-factor authentication (2FA) is already mandatory for all digital payment transactions. Card security has been strengthened through device tokenisation, card-on-file tokenisation and customer-controlled features. To dismantle mule account networks, the Reserve Bank Innovation Hub developed Mulehunter.AI, an advanced tool for quick detection of suspicious bank accounts. The central bank is also building a Digital Payment Intelligence Platform (DPIP) prototype that uses AI and machine learning to spot and mitigate fraud risks in real time.
The New Safeguards: What RBI Wants to Introduce
The discussion paper suggests several layered protections that go beyond current measures. Here is a complete breakdown of every proposal:
1. One-Hour Cooling Period for Transactions Above ₹10,000
Any APP transaction exceeding ₹10,000 will face a mandatory one-hour delay at the payer’s end. During this window, the payer’s bank will provisionally debit the account but the customer can cancel the payment for any reason. This “golden hour” is deliberately timed to break the psychological grip fraudsters exert during social-engineering calls. If the bank flags the transaction as suspicious, it can seek reconfirmation from the customer while sharing clear cautionary information. The delay applies only to higher-value transfers to keep small, everyday payments seamless.
2. Whitelisting Mechanism to Bypass the Delay
To avoid inconvenience for genuine urgent transfers, the RBI has proposed a whitelisting option. Customers can pre-approve specific payees or explicitly authorise individual transactions to skip the one-hour lag entirely. Payments to whitelisted payees will flow instantly.
3. Extra Layer of Protection for Senior Citizens and Divyang Persons
Vulnerable customers — senior citizens and persons with disabilities — will get additional authentication for high-value payments. For transactions exceeding ₹50,000, approval from a “trusted individual” designated by the customer will be required before funds can move. Any change in the trusted person will trigger a mandatory 24-hour cooling-off period to ensure the decision is deliberate and not made under pressure. This measure directly targets impersonation and coercion frauds that have hit older adults hardest.
4. Expanded Customer-Driven Controls Across All Channels
Users will gain powerful self-protection tools on UPI, cards, net banking and every digital payment mode. These include the ability to switch payment modes on or off instantly, set custom transaction limits and activate a full “kill switch” that blocks all digital transactions in one stroke if a scam is suspected. Reactivating the kill switch will require either strong digital authentication or a physical visit to the bank branch, adding a deliberate safety barrier.
5. Crackdown on Mule Accounts
To choke the final destination of stolen funds, the RBI proposes strict controls on bank accounts used as mules. Large credits will be allowed only after enhanced due diligence and additional scrutiny. For accounts that have not undergone enhanced due diligence, annual credits will be capped at around ₹25 lakh. Any amount above this threshold will be parked as “shadow credits” and released only after the bank verifies legitimacy through extra documents or information from the beneficiary. If concerns remain unresolved within 30 calendar days, the funds will be reversed back to the original source.
What These Changes Mean for Senior Citizens and Everyday Users
Senior citizens and persons with disabilities stand to gain the most. The trusted-person approval and 24-hour cooling period for high-value transfers create a safety net against deepfake calls and pressure tactics that have led to devastating losses. Families can now designate a reliable relative or advisor whose nod is required for big moves, reducing the risk of coercion.
For ordinary users, the one-hour delay, whitelisting and kill switch hand back control. People can pause and think twice when a stranger claims to be from the bank or police. The mule-account caps will make it harder for fraud rings to launder money quickly, indirectly protecting everyone by shrinking the criminal ecosystem.
Banks will need to implement these features carefully. The RBI has invited comments from all stakeholders until May 8, 2026. After reviewing feedback, it will issue draft guidelines for implementation.
Balancing Convenience and Security in India’s Digital Economy
The proposals acknowledge that digital payments have transformed India but also created new risks. The instant nature that makes UPI popular is the same feature fraudsters exploit. By introducing deliberate friction at the right moments — without killing speed for routine use — the RBI aims to protect users while preserving the ecosystem’s growth.
These measures are not yet final rules. They are open for discussion precisely because the RBI wants practical, implementable solutions that work for banks, fintech companies and millions of customers. The focus remains on prevention rather than reaction, giving ordinary citizens — especially seniors — real tools to fight back.
The discussion paper also reinforces that technical safeguards alone are not enough. Human factors — awareness, quick thinking and the ability to say “stop” — remain crucial. The new controls are designed to support exactly that human intervention at the moment it matters most.
Next Steps and Timeline
Stakeholders have until May 8, 2026, to submit comments. Once the consultation closes, the RBI will finalise guidelines. Banks and payment service providers will then get a clear roadmap to roll out the one-hour delay, whitelisting, trusted-person authentication, kill switch, enhanced user controls and mule-account restrictions.
In the meantime, customers should stay vigilant. Use official apps, never share OTPs, verify caller identities independently and report suspicious activity immediately to the National Cyber Crime Reporting Portal.
The RBI’s latest move signals a clear message: India’s digital payment revolution will continue, but it will no longer be an open field for fraudsters. With these proposed safeguards — from the one-hour cooling period and kill switch to special protections for seniors and a clampdown on mule accounts — the central bank is building a safer, more resilient system for every Indian user.
FAQs
1. What is the RBI’s proposed 1-hour delay rule for digital payments?
The Reserve Bank of India has proposed a mandatory one-hour cooling period for all Authorised Push Payment (APP) transactions above ₹10,000. During this window, the payer’s bank will provisionally debit the amount but the customer can cancel the transaction for any reason. This delay aims to break the psychological pressure created by fraudsters during social engineering calls. Transactions below ₹10,000 will remain instant. Customers can also whitelist trusted payees or explicitly authorise urgent transactions to bypass the delay.
2. How will the new RBI rules specifically protect senior citizens and vulnerable users?
For senior citizens and persons with disabilities (Divyang), the RBI has suggested an additional layer of authentication for high-value transactions above ₹50,000. These users can designate a “trusted person” whose approval will be required before such payments are processed. Any change in the trusted person will trigger a mandatory 24-hour cooling period. This measure is designed to prevent impersonation, deepfake scams, and coercion that disproportionately affect elderly users.
3. What is the “Kill Switch” proposed by RBI and how does it work?
The RBI has proposed a “Kill Switch” feature that allows customers to instantly disable all digital payment modes (UPI, cards, net banking, etc.) in one go if they suspect they are being scammed. Once activated, re-enabling digital payments will require either strong digital authentication or a physical visit to the bank branch. This gives users emergency control to stop further fraud.
4. How will RBI’s proposals affect mule accounts used in frauds?
To curb the misuse of mule accounts, the RBI plans to impose stricter scrutiny on large credits. For accounts without enhanced due diligence, annual credits will be capped at around ₹25 lakh. Amounts exceeding this limit will be held as “shadow credits” and released only after the bank verifies legitimacy with additional documents. If concerns persist for 30 days, the funds will be reversed to the sender. This will make it much harder for fraudsters to quickly launder stolen money.
5. When will these RBI digital payment safeguards come into effect?
These are currently proposals mentioned in the RBI’s Discussion Paper released on April 10, 2026. The RBI has invited comments from banks, fintech companies, and the public until May 8, 2026. After reviewing feedback, the RBI will issue draft guidelines. Actual implementation timeline will be announced later once the final rules are notified. In the meantime, existing safeguards like 2FA, Mulehunter.AI, and transaction alerts continue to apply.
