RBI proposes 1-hour lag for digital payments to curb frauds

• Over the past decade, digital payments in India have expanded at an unprecedented pace, reflecting a structural shift in the way individuals and businesses conduct financial transactions. 

• However, this has been accompanied with growing sophistication of fraudulent activities targeting customers.

• In alignment with the objective of promoting digital payments in a safe and secure manner, the Reserve Bank of India (RBI) issued a discussion paper on exploring safeguards in digital payments to curb frauds.

• It has proposed lagged credit for authorised push payments.

Sharp rise in digital frauds

• In the past decade, digital transaction volumes have increased 38-fold, while transaction values have more than tripled. 

• The compound annual growth rate (CAGR) of digital payments over this period stands at approximately 53 per cent and 13 per cent in volume and value terms respectively.

• The above growth has been supported by a diverse and interoperable payments ecosystem comprising credit and debit cards, Unified Payments Interface (UPI), Immediate Payment Service (IMPS), National Electronic Funds Transfer (NEFT), Real Time Gross Settlement (RTGS), mobile wallets, and net banking. 

• Strong security architecture, including mandatory Additional Factor of Authentication (AFA), beneficiary name look-up facilities, transaction controls, apart from fast settlement cycles, have enhanced user confidence and promoted seamless digital usage.

• However, the potential of digital payments is impeded by complaints related to frauds. 

• A typical fraud through digital payments may not involve technical compromise of systems, but mostly through manipulation of users through social engineering, coercion, or impersonation. 

• Victims, acting under deception, themselves initiate and authenticate transactions

• National Cyber Crime Reporting Portal (NCRP) indicate that fraud related to digital payments is on the rise, with 28 lakh frauds reported in 2025, amounting to Rs 22,931 crore, higher than 24 lakh, totalling Rs 22,848 crore in 2024, 13.1 lakh worth Rs 7,465 crore in 2023.

• Fraudsters are deploying various tactics, such as bogus call centres, deepfake-driven impersonation scams and mule account networks. 

• Almost all sections of society, especially the vulnerable groups such as senior citizens, have fallen prey to such Authorised Push-Payment (APP) frauds. 

• Therefore, there is an urgent need to put in place systems and processes to address these issues.

Lagged credit for authorised push payments

• Electronic payments to merchants are ordinarily enabled by banks and Payment Aggregators (PAs) after undertaking the requisite due diligence of the merchants. 

• In such cases, payment networks typically provide chargeback mechanisms as part of the dispute resolution framework. 

• No comparable safeguard exists in the case of account-to-account transfers.

• Accordingly, introducing a time lag for certain Authorised Push-Payment (APP) transfers to the bank account of an individual, or to the account of a sole proprietorship or partnership firm, at both the payer’s and the payee’s ends, may serve as an effective fraud-mitigation measure.

• Introducing a lag at the payer’s end is important, as this is the stage at which the decision to transfer funds is made and where social-engineering tactics are deployed. 

• A short delay before execution of the debit can act as a preventive control by disrupting the fraudster’s psychological influence over the victim and by giving the payer an opportunity to reconsider the transaction.

• To ensure that low-value transactions continue to remain frictionless, such lag mechanisms are proposed to be applied only to Authorised Push-Payment (APP) transactions above a specified threshold. 

• A threshold of Rs 10,000 per transaction may be considered appropriate. 

• As per information available with the National Cyber Crime Reporting Portal (NCRP), transactions above Rs 10,000 account for approximately 45 per cent of reported fraud cases by volume, but about 98.5 per cent by value.

• Under this approach, once a customer (individuals including sole proprietors plus partnership firms) initiates an APP transaction exceeding Rs 10,000, a lag period of one hour could be applied.

• During this period, the payer’s bank would provisionally debit the customer’s account, and the payer would retain the option to cancel the transaction for any reason. 

• The proposed one-hour window is consistent with the “golden hour” principle in fraud-risk management, under which the initial period following a fraudulent transaction is critical to prevent the dissipation of funds.

• During this period, if the payer’s bank identifies the transaction as unusual or atypical, it may seek reconfirmation from the payer, while sharing appropriate information on the nature of the suspicion and cautioning the payer. 

• If the payer, after reviewing the information provided, still chooses to proceed, the transaction will be executed by the payer bank.

• Further, recognising that certain transactions may be time-sensitive, an option may be provided to the payer to override the lag for a specific transaction by explicitly authorising it, for instance through a whitelisting mechanism. In such cases, the lag may be bypassed.