RBI bars banks from forcing digital banking for other services access.
Customers’ explicit consent now mandatory before activating digital banking facilities.
Banks allowed risk-based controls to prevent fraud and monitor unusual transactions.
The Reserve Bank of India (RBI) on November 28 issued its final instructions on digital banking channels, stating that banks or financial services cannot force customers to opt for any digital banking channel to access other facilities, such as debit cards.
The services that a bank offers to its clients via its website, mobile apps, or other digital channels via any electronic device are known as digital banking channels. These channels allow users to conduct financial and banking transactions.
31 October 2025
Get the latest issue of Outlook Business
“While it may be more convenient for the customer to opt for some services together (for example, virtual access to card controls), the choice to apply for digital banking facilities shall lie solely with the customer,” reported Business Standard citing RBI.
However, banks can continue to obtain and record customers’ mobile numbers to send transaction alerts and meet KYC (know your customer) requirements at the time of account opening, the RBI further added.
In accordance with their internal policies based on their perception of risk, the RBI has permitted banks to implement suitable risk mitigation measures, such as transaction limits, transaction velocity limits, and fraud checks.
According to reports, the RBI has also mandated that banks implement risk-based transaction monitoring and surveillance mechanisms. “Study of customer transaction behaviour patterns and monitoring unusual transactions or obtaining prior confirmation from customers for outlier transactions may be incorporated in the systems in accordance with the Fraud Risk Management Policy of the bank,” it said. The RBI has ordered banks that provide mobile banking services to guarantee that clients of all mobile network providers can utilise the services.
Why RBI’s New Rule Matters
According to a news release by the Ministry of Finance, India’s financial transactions including transactions through Unified Payment Interface (UPI) have increased consistently during the last five financial years—crossing over 18,000 crore transactions in 2024-25 alone.
However, the surge in digital banking and payments has also led to a parallel rise in frauds and cyber-threats. The total number of digital payment frauds was 63,315 cases, as reported by commercial banks and all-India financial institutions under the specific category ‘Card / Internet and Digital Payments’ (for amounts involving ₹1 lakh and above) between the financial year 2014–15 and December 2024 (covering a period of nearly ten years), reported Business Standard. These digital payment frauds cost users financial loss amounting to ₹733.26 crore.
Considering the above statistics, RBI’s new instruction—mandating explicit customer consent before enabling digital-banking services and permitting banks to implement risk-based controls and transaction surveillance—aims to strengthen agency and tighten security.
