RBI suggests a mandatory one-hour delay for digital transfers exceeding ₹10,000 to new payees
APP frauds spiked to 28 lakh reported cases in 2025, costing users over ₹22,931 crore
Vulnerable groups may require a "trusted person" to authenticate high-value transactions above ₹50,000
The Reserve Bank of India (RBI) on Thursday released a discussion paper proposing that for authorised push payment (APP) transactions above ₹10,000, a one-hour delay could be introduced at the payer bank’s end, primarily for individuals, sole proprietors, and partnership firms.
Issued by the RBI’s Department of Payment and Settlement Systems, the paper titled “Exploring safeguards in digital payments to curb frauds” outlines four potential measures to tackle rising digital payment fraud.
1 April 2026
Get the latest issue of Outlook Business
RBI’s Discussion Paper
The discussion paper draws on global examples to support its proposals. It notes that the UK payment system allows banks to delay suspicious outbound payments by up to 72 hours, while Singapore has implemented 12-hour cooling-off periods for high-risk actions.
Similarly, Sweden uses bank-led cooling-off and confirmation mechanisms. These cases highlight how temporary friction in digital payments is being used internationally as an anti-fraud tool.
The RBI has proposed four key safeguards. First, introducing a time lag for certain high-value APP transactions. Second, enabling additional authentication through a trusted contact for vulnerable customers. Third, restricting accounts from receiving credits beyond levels consistent with the customer’s declared banking relationship unless additional checks are conducted. And fourth, strengthening customer-controlled payment settings, such as kill-switches and transaction-level controls.
According to the RBI, these measures are designed either to slow down suspicious transactions long enough for intervention or to give users greater control over their payments.
Rationale Behind Proposals
The RBI emphasised that most digital payment frauds are no longer system breaches but social-engineering scams, where users are manipulated into authorising transactions themselves.
These are classified as APP frauds. Given that systems like UPI, IMPS, NEFT, and RTGS enable near-instant fund transfers, the scope to stop or recover money after a transaction is completed is extremely limited.
While account takeover frauds have become negligible, APP frauds are rising sharply. The paper cites data from the National Cybercrime Reporting Portal (NCRP), which shows that the number of fraud complaints surged from 2.6 lakh in 2021 to 28 lakh in 2025. Over the same period, the reported value of frauds increased from ₹551 crore to ₹22,931 crore.
The RBI noted that fraudsters are increasingly using sophisticated methods, including fake call centres, deepfakes, and mule account networks, with vulnerable groups, particularly senior citizens, being disproportionately affected. Against this backdrop, the central bank has sought stakeholder feedback on whether additional safeguards are necessary.
The paper concludes by inviting public and stakeholder comments and outlining the next steps. It poses 17 specific questions covering thresholds, exemptions, feasibility, due diligence, due process, opt-out safeguards, and reactivation rules across the proposed measures. Responses are to be submitted via the RBI’s “Connect 2 Regulate” portal, with a deadline of May 8, 2026. Following this, the RBI is expected to review the feedback and may issue draft guidelines.
