Source: Business Standard
Context:
The Reserve Bank of India (RBI), in a discussion paper released in April, has proposed a one-hour delay on account-to-account digital transfers above ₹10,000 before the funds are credited to the beneficiary’s account — a measure aimed at curbing the sharp rise in digital payment fraud. Stakeholders were asked to submit feedback by May 8. Banks have broadly supported the idea of a delay, but have urged the central bank to raise the threshold to ₹25,000, arguing that ₹10,000 is too low for a country where small everyday transactions are increasingly digital. The payments industry — including the Self-Regulated Payment System Operators Association (SRPSOA) — has submitted its feedback, flagging operational issues such as delayed payments and the whitelisting of accounts, and warning that even if peer-to-peer (P2P) transfers are restricted, peer-to-merchant (P2M) flows could become the next attack surface.
Key Highlights
- Proposing authority: Reserve Bank of India (RBI) — in an April discussion paper on curbing digital payment fraud.
- Core proposal: One-hour delay on account-to-account digital transfers above ₹10,000 before crediting the beneficiary.
- Scope: Peer-to-Peer (P2P) transfers.
- Feedback deadline: May 8.
- Banks’ position: Broadly supportive of a delay but want the threshold raised from ₹10,000 to ₹25,000.
- Industry body: SRPSOA (Self-Regulated PSO Association) has formally submitted feedback to the regulator.
Other measures in the discussion paper:
| Measure | What it does |
|---|---|
| Additional authentication by trusted individuals | For vulnerable users (senior citizens, first-time digital users) |
| Tighter scrutiny of accounts | For accounts receiving large credits — potential mule-account check |
| Expanded customer-controlled safeguards | Per-account / per-customer customisable risk controls |
| ₹25 lakh ceiling on annual aggregate credits | Proposed cap on total credits into a bank account in a year (banks flagged as not feasible) |
Why the urgency — fraud stats:
| Metric | Figure |
|---|---|
| Share of fraud cases by volume from transactions above ₹10,000 | ~45% |
| Share of fraud cases by value from transactions above ₹10,000 | ~98.5% |
| Growth in digital payment fraud value over the past 5 years | 41× |
| Total digital payment fraud value | ~₹23,000 crore |
Industry concerns:
- The proposal covers only P2P; P2M (peer-to-merchant) flows could become the next vector for scams.
- Operational friction — delayed payments, whitelisting of accounts, customer onboarding.
- Risk of over-correction — what was designed to be instantaneous becomes stretched and inconvenient.
- The ₹25-lakh annual aggregate credit ceiling is flagged as operationally unfeasible.
About the News (Q&A)
What has the RBI proposed in its April discussion paper?
A one-hour delay before account-to-account digital transfers above ₹10,000 are credited to the beneficiary’s account — applicable to peer-to-peer (P2P) transfers, with the objective of curbing rising digital payment fraud.
Why has the RBI proposed this delay?
Because the fraud pattern data shows that transactions above ₹10,000 account for ~45% of fraud cases by volume and ~98.5% by value — and digital payment frauds have grown 41 times in five years to nearly ₹23,000 crore. A short cooling-off window can give victims time to reverse fraudulent transfers and banks time to flag mule-account behaviour.
What is the position of banks?
Banks have broadly supported the idea of some kind of delay, but have urged the RBI to raise the threshold from ₹10,000 to ₹25,000 — arguing that ₹10,000 is too low for everyday small-value digital transactions in India.
What other measures are in the discussion paper?
(a) Additional authentication by trusted individuals for vulnerable users (e.g., a senior citizen’s child or another nominated person). (b) Tighter scrutiny of accounts receiving large credits — to identify mule accounts. (c) Expanded customer-controlled safeguards — letting customers set their own limits and alerts. (d) A proposed ₹25 lakh ceiling for annual aggregate credits into a bank account.
What concerns has the payments industry raised?
(a) The measures cover only P2P transfers; P2M flows could become the next fraud vector. (b) Operational issues — implementation costs, delayed payments, whitelisting mechanics, customer education. (c) Risk that fraud prevention ends up creating friction for honest users. (d) The ₹25 lakh annual aggregate credit ceiling is not operationally feasible to implement.
What is the difference between P2P and P2M in this context?
(a) P2P (Peer-to-Peer) — transfers between two individuals. Beyond basic KYC, banks have limited additional checks for the recipient. (b) P2M (Peer-to-Merchant) — payments from individuals to registered merchants. Merchants undergo due diligence at onboarding by banks/payment aggregators, so the counterparty risk is lower.
The RBI’s discussion paper has focused on P2P because that is where the due-diligence gap is widest.
How is this proposal connected to the broader rise in cyber fraud?
The proposal complements other recent measures: (a) MuleHunter.AI to detect mule accounts. (b) CBI’s ‘Abhay’ helpbot to counter digital arrest scams. (c) National Cybercrime Reporting Portal + 1930 helpline for financial-fraud reporting. (d) KYC tightening and video-KYC norms.
Together, these point to a systemic effort to harden the digital payments rail.
Background Concepts (Q&A)
What is the Reserve Bank of India (RBI)?
India’s central bank and monetary authority, established under the RBI Act, 1934 and nationalised in 1949. The RBI handles monetary policy, currency issuance, banking regulation, payment systems oversight, foreign exchange management (FEMA), and consumer protection in financial services. Its Payments and Settlement Systems Department regulates and oversees digital payments and PSOs.
What is the Payment and Settlement Systems Act, 2007?
The legal foundation for payment systems oversight in India. It empowers the RBI to regulate and supervise payment systems, including the authorisation, monitoring, and supervision of Payment System Operators (PSOs) — such as NPCI, Visa, Mastercard, RuPay, payment aggregators, and prepaid issuers.
What is the Unified Payments Interface (UPI)?
A real-time, 24×7 inter-bank payments system developed by the National Payments Corporation of India (NPCI) under RBI’s framework. It enables instant push-and-pull payments between bank accounts through mobile apps. UPI is the world’s largest real-time payments system by volume.
What is the National Payments Corporation of India (NPCI)?
An umbrella organisation for retail payments and settlement systems in India, incorporated in 2008 under the PSS Act, 2007. It operates UPI, IMPS, RuPay, NACH, AePS, NETC FASTag, and BBPS, and is jointly owned by major Indian banks.
What is a “Mule Account”?
A bank account used by cybercriminals to receive, layer, and move proceeds of fraud. Mule accounts can be: (a) Opened directly by fraudsters using stolen identities. (b) Rented or bought from unsuspecting account-holders lured by easy money schemes.
The RBI’s MuleHunter.AI detects mule accounts by analysing transaction patterns in near-real time.
What is KYC (“Know Your Customer”)?
A mandatory customer-due-diligence process prescribed by the RBI’s Master Direction on KYC and the Prevention of Money Laundering Act (PMLA), 2002. It verifies a customer’s identity, address, and beneficial ownership to prevent money laundering, terror financing, and identity-based fraud. It includes e-KYC via Aadhaar, Video-KYC, Central KYC Registry (CKYCR), and risk-based periodic re-verification.
What is a “cooling-off” period in banking, and how does it differ from this proposal?
A cooling-off period is a short delay between a customer action and the transaction taking effect — for example, banks already impose a delay (and lower limits) on transfers to a newly added beneficiary to allow time to detect fraud. The RBI’s proposal extends this principle to all P2P transfers above ₹10,000, regardless of whether the beneficiary is new.
What is a “Self-Regulatory Organisation (SRO)” in the payments space?
An industry body recognised by the RBI to set and enforce standards for its members in addition to the regulator’s framework. The Self-Regulated PSO Association (SRPSOA) is the SRO for Payment System Operators, providing collective representation and industry self-discipline for PSOs — including payment aggregators, prepaid issuers, and TPAPs (Third-Party Application Providers) under UPI.
Why does the RBI distinguish between P2M and P2P payments?
Because the counterparty risk in P2M is substantially lower: merchants are onboarded by banks/payment aggregators with full due diligence, including business registration, GSTIN, and bank-account verification. P2P transfers, by contrast, rely only on basic KYC of both individuals, with limited additional checks on the recipient — making them the preferred channel for scammers.
How does this proposal relate to G20 priorities on cross-border payments?
The G20 has prioritised faster, cheaper, more transparent, and safer cross-border payments. The RBI’s domestic move toward delayed crediting for higher-risk transactions is consistent with the global emphasis on “safer” — recognising that speed must be balanced with security, not pursued in isolation.
What is the trade-off this proposal embodies?
The classic regulatory trade-off between: (a) Speed and convenience — UPI’s selling point is instant settlement, the foundation of mass digital adoption. (b) Security and trust — fraud at the ₹23,000-crore scale is eroding public confidence.
The RBI is signalling that after a decade of speed-first design, India’s digital payments architecture must now rebalance toward safety, even at the cost of some friction.
Practice MCQs
Q1. With reference to the RBI’s April 2026 discussion paper on digital payment fraud, consider the following statements:
- The RBI has proposed a one-hour delay on account-to-account digital transfers above ₹10,000.
- The proposed measure is intended to apply to peer-to-peer (P2P) transfers.
- Banks have broadly supported the idea of a delay but have proposed raising the threshold to ₹25,000.
- The discussion paper also proposes additional authentication by trusted individuals for vulnerable users.
How many of the above statements are correct? (a) Only one (b) Only two (c) Only three (d) All four (e) None
Q2. Consider the following statements about peer-to-peer (P2P) and peer-to-merchant (P2M) digital payments:
- In P2M payments, merchants undergo due diligence at onboarding by banks or payment aggregators.
- In P2P transfers, additional checks on the recipient are limited beyond basic KYC.
- The RBI’s proposed one-hour delay is intended to apply primarily to P2M transactions.
- The payments industry has flagged that P2M flows could emerge as the next vector for fraud if only P2P is regulated.
Which of the above are correct? (a) 1, 2 and 3 only (b) 1, 2 and 4 only (c) 2, 3 and 4 only (d) 1 and 4 only (e) All four
Q3. With reference to digital payments fraud statistics highlighted in the discussion paper, consider the following statements:
- Transactions above ₹10,000 account for about 45% of fraud cases by volume.
- Transactions above ₹10,000 account for about 98.5% of fraud cases by value.
- Digital payment fraud in value terms has grown roughly 41 times over the past five years.
- The total digital payment fraud value is estimated at nearly ₹23,000 crore.
Which of the above are correct? (a) 1, 2 and 3 only (b) 1, 2 and 4 only (c) 2, 3 and 4 only (d) 1 and 4 only (e) All four
Q4. Consider the following statements about India’s digital payments and regulatory framework:
- The Unified Payments Interface (UPI) is developed by the National Payments Corporation of India (NPCI).
- The Payment and Settlement Systems Act, 2007 empowers the RBI to regulate and supervise payment systems.
- MuleHunter.AI is an RBI-backed tool to detect mule accounts used in financial fraud.
- NPCI is a profit-driven private company regulated by the Ministry of Finance.
Which of the above are correct? (a) 1, 2 and 3 only (b) 1, 2 and 4 only (c) 2, 3 and 4 only (d) 1 and 4 only (e) All four
Answer Key
- (d) — All four statements are correct.
- (b) — Statements 1, 2, 4 are correct. Statement 3 is wrong: the RBI’s proposed delay applies to P2P (peer-to-peer) transfers, not P2M (peer-to-merchant), since P2M already involves due diligence at merchant onboarding.
- (e) — All four statements are correct.
- (a) — Statements 1, 2, 3 are correct. Statement 4 is wrong: NPCI is an umbrella organisation for retail payments, incorporated in 2008 under the PSS Act, 2007, and is a not-for-profit (“Section 8”) company owned by banks, regulated by the RBI — it is not a “profit-driven private company regulated by the Ministry of Finance”.
