Whalesbook
New Rules to Boost Payment Security
The central bank's proposal comes as Authorised Push Payment (APP) frauds, often carried out through social engineering during urgent moments, have become a major concern. Transactions over ₹10,000 make up a large part of these illegal activities, accounting for about 45% by volume and a huge 98.5% by value of all reported fraud cases.
How the Delay and Safeguards Will Work
The proposed one-hour lag would allow banks to temporarily debit customer accounts, giving them a chance to spot unusual activity and alert the payer. If the customer still chooses to proceed after receiving warnings, the transaction would be completed. This system includes exemptions for merchant and recurring payments, recognizing their different risk profiles and existing checks. A whitelisting mechanism could also allow immediate transfers for pre-approved payees.
Special Protections for Vulnerable Customers
Recognizing that certain groups are more at risk, the RBI also suggested extra authentication for individuals over 70 or those with disabilities, for transactions above ₹50,000. A nominated 'trusted person' could act as a second authenticator, with any changes to this role requiring a mandatory 24-hour waiting period. These measures aim for targeted help without slowing down most customers.
Stricter Account Monitoring and Controls
Further proposals target accounts used to facilitate fraud. A limit of roughly ₹25 lakh annually on inflows for accounts lacking extra checks is suggested, with any excess funds held aside until verified. Additionally, the RBI is looking into extending account-level controls, similar to card payments, allowing customers to set transaction limits or enable a single 'kill switch' to instantly disable all digital payment activity. Comments on the proposals are welcome until May 8, 2026.