Recent proposals by the Reserve Bank of India to curb digital fraud could disrupt payments and hurt small merchants’ cash flows while proving insufficient to combat the growing problem, several industry experts told Mint.
In a discussion paper floated on 9 April, the RBI proposed introducing a one-hour lag at the payer’s end for transactions above ₹10,000. Other suggestions included:
- additional authentication by a trusted person for high-value transactions by vulnerable sections of society;
- capping or monitoring the total amount credited into certain accounts or ‘low credit turnover accounts’; and
- customer controls such as usage limits and a ‘kill switch’ to disable all digital payments.
Causes, not symptoms
Industry leaders said the RBI's current ‘safety net’ approach addresses the symptoms rather than the cause. Abhinav Parashar, co-founder and CEO of Digio, said. “Time delays and trusted persons are purely downstream safety nets; they only trigger after a victim has already been manipulated. While these are vital circuit breakers, the most feasible long-term solution is upstream intervention.”
Echoing this sentiment, Rohit Mahajan, founder and CEO of Plutos ONE, emphasized that the nature of these crimes makes blanket rules problematic. “Application of security measures should be proportional so that the least risky transactions are frictionless for users, whereas the most risky transactions have the strictest level of security.” Mahajan noted that since most fraud is driven by social engineering rather than technical system failures, crimes rely on exploiting human behavior rather than gaps in infrastructure.
This leads to concerns over ‘friction’—the industry term for any step that slows down a user. “A blanket delay on payments above a certain threshold risks disrupting the core value proposition,” said Eshita Singh, head of payments propositions at IDfy. Introducing such delays could impact liquidity for small merchants in the unorganised sector, such as local garages or second-hand sellers, who typically depend on real-time payments, Singh said.
Other experts warned that implementing these measures in isolation could create systemic gaps and potentially undermine the near-instant speed of digital payments. “While added safeguards are important, overly complex layers may create friction and confusion,” said Raj P Narayanam, founder and executive chairman of Zaggle, adding that any blanket implementation could disrupt everyday use cases for merchants.
The silent majority
Among the various types of digital payments, UPI transactions are the most vulnerable owing to their scale, speed, and the irreversibility UPI payments, experts said. This warrants targeted implementation, pre-transaction screening, and the use of artificial intelligence (AI) to prevent lags and minimise the inconvenience to customers.
Perhaps their most significant criticism is that the proposals ignore a massive "silent" portion of the UPI fraud landscape. A major issue the new proposals fail to address is that an estimated 51% of UPI fraud victims never file a complaint, according to a June 2025 survey by community platform LocalCircles, suggesting that actual fraud volumes are significantly higher than official data indicates. This data gap underscores a broader oversight: while the RBI focuses on the consumer-facing layer, experts argue it neglects underlying infrastructure-led measures.
The UPI platform processed 219 billion transactions totalling ₹308 trillion in FY26, accounting for 85% of India's digital payments volume. By value, UPI accounted for about 9% of retail digital payments. According to the RBI’s annual report for FY25, digital payment fraud accounted for 56.5% of all reported banking fraud cases, with losses of ₹520 crore. India's banking system reported 23,953 fraud cases in FY25, involving losses of ₹36,014 crore.
Nishkam Ojha, partner at Deloitte India, noted that while average losses per incident remain lower on UPI than netbanking, the volume is surging. “The most common types of digital frauds have been identity theft and impersonation, phishing, fake links and QR code scams, fake refund scams, SIM swap attacks, and mule account networks,” he said.
Beyond the user experience, there is the matter of the technical and financial burden on the institutions themselves. Kunal Jhunjhunwala, founder of Airpay, said, “The RBI itself has noted potential trade-offs, such as increased transaction friction and higher compliance costs for banks." He added that for smaller fintechs and co-operative banks, the burden of system upgrades and ongoing monitoring is disproportionate, suggesting a tiered implementation timeline.
Manish Chachada, COO of Cyble, added that to minimize disruption, banks will be forced to pivot toward more expensive, proactive technology. As such, banks are now looking for solutions that include behavioral analytics, device fingerprinting, and mule account detection. All of these will increase costs in the short term due to technology investment and operational complexity, Chachada added.
The way forward
To bridge this gap, experts suggested a more sophisticated technological framework that includes:
- Shared intelligence: Creating a cross-institutional fraud signal registry for real-time collaboration between banks, fintechs, and telcos.
- Sector coordination: Utilizing call metadata and SIM-swap alerts through telco-financial sector alignment.
- Adaptive verification: Using risk-scoring to flag and delay only anomalous transactions.
- Behavioral biometrics: Monitoring device-level patterns like keystroke speed and device tilt.
- Awareness: Strengthening customer education to prevent social engineering.
Looking ahead, the consensus points toward a shift from blanket delays to ‘intelligent friction’. Digio’s Parashar suggested "out-of-band friction" such as voice-authenticated OTPs and face liveness checks, and called for closing the “visual UI gap” to prevent unverified merchants from using mule accounts. “Banks must decouple fraud reporting from general customer service... we need instant-response ‘fraud SOS’ channels to freeze funds,” he added.
Deloitte’s Ojha concluded that a truly effective system must be invisible until necessary. He spoke in favour of a risk-based approach where advanced technological authentication—such as behavioral biometrics and predictive AI—analyzes transactions in real time to detect fraud patterns without hindering legitimate users.