RBI’s latest discussion paper shows that India’s digital payments challenge is no longer only about cyber-security. Instead, it is about frauds that manipulate users into authorising transfers themselves. Accordingly, this ABC Live critical analysis examines the data, the four proposed safeguards, and how RBI’s 17 consultation questions should be answered.
Mumbai (ABC Live): The Reserve Bank of India’s new discussion paper on digital payment fraud may become one of the year’s most important financial-regulatory texts. India’s payment system is fast, cheap, and deeply woven into daily life. However, that very success has opened a new frontier for fraud. The threat now lies less in breaking banking systems and more in manipulating users into authorising transfers themselves. Therefore, the paper is timely. At the same time, the policy challenge has become far more complex.
RBI is trying to redesign trust, not just security
India’s digital payments story has been built on scale, speed, and ease. RBI says digital transaction volumes have risen 38-fold over the last decade, while transaction values have grown more than three times. It also says the compound annual growth rate stands at about 53% in volume and 13% in value. Taken together, that growth reflects the spread of UPI, cards, IMPS, NEFT, RTGS, wallets, and net banking across a highly interoperable payment ecosystem.
Yet scale has also changed the nature of risk. As payments become faster, the window for reflection, intervention, reversal, and recovery becomes smaller. RBI, therefore, acknowledges a hard truth: many digital-payment frauds are not classic cyber breaches. Instead, they are Authorised Push Payment (APP) frauds, where the victim is deceived into making the transfer. In other words, the user becomes the last weak link in an otherwise secure system.
This is why the paper matters. RBI is no longer focusing solely on technical protection. Instead, it is asking whether instant payments need carefully designed friction when fraud risk is high. As ABC Live argued in its earlier analysis of RBI’s Payments Vision 2028, the next phase of payment reform will not be judged only by scale. Rather, it will also be judged by resilience, trust, and user protection.
So the real policy question is no longer whether India needs fast payments. It already has them. Instead, the harder question is whether India can keep payments fast while also making them safer against fraud that exploits fear, urgency, and human error. In that sense, this discussion paper is RBI’s first serious attempt to answer that question.
The fraud data behind RBI’s concern
The paper’s urgency stems from rapid fraud growth. RBI cites data from the National Cyber Crime Reporting Portal showing a steep rise in both the number and value of digital-payment-related frauds.
Table 1: Digital Payment Fraud Trend Cited by RBI
| Year Number | r of frauds reported Value | e of frauds (₹ crore) |
|---|---|---|
| 2021 | 2.6 lakh | 551 |
| 2022 | 6.9 lakh | 2,290 |
| 2023 | 13.1 lakh | 7,465 |
| 2024 | 24 lakh | 22,848 |
| 2025 | 28 lakh | 22,931 |
Source: RBI discussion paper citing NCRP data.
What this table shows
Three conclusions stand out.
First, the volume of fraud reports has exploded. The rise from 2.6 lakh in 2021 to 28 lakh in 2025 suggests that fraud has scaled with digital adoption.
Second, the value impact has become systemic rather than incidental. The jump from ₹551 crore to ₹22,931 crore in four years shows that digital-payment fraud is now a major threat to trust and retail financial stability.
Third, the 2025 value remains close to the 2024 level, even though volumes continued to rise. That may indicate either:
- a wider spread of smaller fraud incidents, or
- better containment of some high-ticket frauds.
However, the paper does not provide enough disaggregated data to confirm which reading is correct. Therefore, that remains one of its key weaknesses.
India’s digital payments and fraud rise are now moving together
RBI’s paper makes clear that India’s payment success story and fraud story must now be read together. Indeed, one cannot be analysed without the other.
Table 2: RBI’s Core Structural Diagnosis
| Issue: RBI’s position, Regulatory implications | on | |
|---|---|---|
| Digital payment growth | Volumes up 38-fold; values more than tripled | Success has increased the exposure surface |
| Nature of fraud | Mostly APP fraud, not system compromise | OTPs and normal authentication alone are insufficient |
| Speed of payments | Immediate execution limits intervention and recovery | Some form of calibrated friction may be needed |
| Existing safeguards | Stronger security architecture already in place | New measures must target user manipulation, not just cyber risk |
Based on the RBI’s discussion paper.
This is the paper’s strongest contribution. RBI correctly understands that the next-generation fraud problem lies in human vulnerability inside the fast payment architecture.
What the RBI has already done before proposing new safeguards
The paper is not an isolated intervention. Instead, RBI lists multiple earlier steps meant to secure digital payments.
Table 3: Existing Regulatory Measures Mentioned in the Paper
| Measure | Year/period referenced in paper, Intended | d effect |
|---|---|---|
| Two-factor authentication | Earlier mandated | Stronger transaction authentication |
| Device tokenisation | 2019 | Reduce raw card data exposure |
| Card-on-file tokenisation | 2021 | Restrict storage of actual card data |
| Card user controls | 2020 | Enable switch on/off and transaction limits |
| Security controls for banks | 2021 | Improve governance and cyber resilience |
| Security controls for non-bank PSOs | 2024 | Extend baseline digital-payment security |
| Principle-based authentication framework | 2025 | Encourage new factors and risk-based checks |
| Limited customer liability for unauthorised e-banking transactions | 2016 instructions | Protect customers in certain unauthorised cases |
| Use of MNRL and telecom-linked fraud controls | Ongoing | Help distinguish legitimate calls from scam attempts |
| MuleHunter.AI and DPIP prototype | 2024 onward | Improve mule-account detection and real-time fraud intelligence |
Compiled from the uploaded paper.
This table shows something important. RBI is not acting prematurely. Instead, it is responding after years of layered system-security measures. In effect, the paper says that the remaining gap lies in APP fraud, where a customer willingly presses the button under deception.
RBI’s four proposed safeguards
The paper puts forward four options:
- Lagged credit for authorised push payments other than low-value
- Additional authentication by a trusted person for high-value digital transactions by vulnerable sections
- Only accounts with satisfactory additional review will receive large credits
- Customer-induced controls
Table 4: Quick Comparison of the Four RBI Proposals
| Option | Target problem | Proposed trigger | Main strength | Main concern |
|---|---|---|---|---|
| Option 1: Lag for APP | Urgency-driven fraud | APP above ₹10,000 | Breaks the fraudster pressure cycle | Delays genuine urgent transfers |
| Option 2: Trusted person | Vulnerable-user fraud | APP above ₹50,000 | Added protection for high-risk users | Autonomy, legal authority, and misuse concerns |
| Option 3: Shadow credit/credit ceiling | Mule-account misuse | Annual aggregate credits above ₹25 lakh | Beneficiary-side scrutiny | Heavy compliance burden and inconvenience |
| Option 4: Customer controls / kill switch | Emergency fraud containment | User choice / suspicious situation | High autonomy and fast self-protection | Reactivation design and usability issues |
Based on the paper’s option contours.
Option 1: Lagged credit for APP transactions above ₹10,000
RBI proposes a one-hour lag for APP transactions above ₹10,000, mainly at the payer bank’s end. Meanwhile, merchant payments, recurring payments, and cheque-based payments would be excluded. The payer can cancel during the lag. In addition, the bank may seek reconfirmation if the transaction appears suspicious.
Table 5: Option 1 — Proposed Contours
| Element | RBI proposal |
|---|---|
| Scope | APP transactions by individuals, sole proprietors, and partnership firms |
| Threshold | ₹10,000 and above |
| Lag period | Mandatory 1 hour |
| Where lag applies | Suggested mainly at the payer bank’s end |
| Exclusions | Merchant payments, recurring payments, and cheques |
| Customer relief | Payer may cancel during the lag |
| Flexibility | Allowlisting of transactions or payees may be allowed |
Source: uploaded RBI paper.
Why this option is compelling
This is the strongest proposal in the paper because it targets the psychology of fraud rather than only the mechanics of the transfer. Fraudsters rely on urgency, fear, and constant pressure. Therefore, a one-hour pause can interrupt that emotional hold.
RBI also notes a crucial data point. Transactions above ₹10,000 represent roughly 45% of reported fraud cases by volume but around 98.5% by value. Accordingly, a well-calibrated delay at this band could have a major impact on the value side.
Table 6: Why RBI Selected ₹10,000 as a Key Threshold
| Parameter RBI’s | s cited position |
|---|---|
| Fraud volume share above ₹10,000 | Approximately 45% |
| Fraud value share above ₹10,000 | Approximately 98.5% |
| Policy logic | Protect value-heavy fraud zone while keeping low-value payments frictionless. |
Source: paper text.
Critical view
The weakness is clear. India’s genuine digital economy also operates heavily in this range. For example, rent, tuition, medical support, informal business transfers, and family emergencies may all cross ₹10,000. So, although the proposal is persuasive in principle, the final design should likely be risk-based rather than purely threshold-based.
Option 2: Trusted-person authentication for vulnerable users
RBI’s second proposal would require an additional authenticator, a trusted person, for APP transactions above ₹50,000 by citizens aged 70 and above and persons with disabilities. It would be optional for other individuals. Moreover, changes to the trusted person and opt-out would require a 24-hour cooling period.
Table 7: Option 2 — Proposed Contours
| Element | RBI proposal |
|---|---|
| Mandatory for | Citizens aged 70+ and persons with disabilities |
| Optional for | Other individual customers |
| Scope | APP transactions to bank accounts |
| Threshold | Above ₹50,000 |
| Safeguard | An additional authenticator through a trusted person |
| Cooling period | 24 hours for a trusted person to change |
| Opt-out | Allowed after 24 hours, with a risk explanation by the bank |
Source: uploaded paper.
Why RBI sees value here
The paper says that fraud affecting vulnerable groups often involves fabricated emergencies, family impersonation, or emotional manipulation. So, for high-value transfers, an independent second check may prevent devastating losses.
RBI also notes that nearly 92% of the fraud value reported in NCRP exceeds the ₹50,000 threshold used for this safeguard. Therefore, the threshold is not arbitrary.
Table 8: Why RBI Selected ₹50,000 for Vulnerable-User Safeguard
| Parameter RBI’s | s cited position |
|---|---|
| Fraud value above ₹50,000 | Nearly 92% |
| Policy reasoning | Focus stronger control on high-loss transactions |
Source: paper text.
Critical view
This is the most ethically sensitive proposal. It risks sliding from protection into paternalism. For instance, a blanket rule for everyone above 70 is overbroad. Likewise, the category of persons with disabilities needs sharper legal and policy definition.
The deeper issue is legal authority. The trusted person may have no formal beneficial or legal interest in the account. Yet that person may still gain effective power over transaction flow. As a result, the model creates risks of misuse, delay, dependency, privacy violation, and family-level coercion.
Option 3: Credit ceiling and shadow credit for certain accounts
RBI’s third option would treat many accounts by default as low-credit-turnover accounts, with a suggested annual aggregate credit ceiling of ₹25 lakh unless the bank undertakes enhanced review and turns off the flag. Beyond that limit, funds would enter as shadow credit and remain unavailable until verified. If the customer fails to satisfy the bank within 30 days, the money may be reversed.
Table 9: Option 3 — Proposed Contours
| Element | RBI proposal |
|---|---|
| Accounts covered | Individuals, joint accounts, sole proprietorships, partnerships, LLPs |
| Accounts excluded | Corporations, listed companies, Central/State government accounts |
| Suggested annual credit threshold | ₹25 lakh or below, as set by the bank within the RBI ceiling |
| Default approach | Flag on by default for low-credit-turnover accounts |
| Bank action after breach | Permit shadow credit only |
| Release of funds | After the bank is satisfied with the genuineness |
| Failure to satisfy the bank | Reverse after 30 calendar days |
Source: uploaded paper.
Why RBI is considering it
This proposal is aimed at mule-account misuse. In practice, fraud proceeds often move quickly through ordinary accounts that do not appear commercially large, but are used as temporary parking and routing points.
Critical view
This is the paper’s most disruptive proposal. It effectively changes the ordinary customer expectation that once valid funds are credited, they are available unless specifically frozen under lawful procedures.
It may also burden precisely those genuine customers who are growing, semi-formal, or not documentation-heavy:
- freelancers,
- gig workers,
- small traders,
- home-based entrepreneurs,
- and newly formalised businesses.
Table 10: Option 3 — Likely Benefit vs Likely Burden
| Likely benefit | Likely burden |
|---|---|
| Better detection of mule accounts | Delayed access to genuine funds |
| Stronger beneficiary-side scrutiny | Heavy documentation demands |
| More profile-based account monitoring | Disputes over what counts as satisfactory proof |
| Potential deterrence for fraud routing | Friction for small and informal economic actors |
This is an analytical table based on the proposal in the paper.
ABC Live view: RBI is right to target mule accounts. Even so, this model needs significant narrowing. In its current form, it risks overreach.
Option 4: Customer-induced controls and kill switch
RBI’s fourth option proposes broader customer control over digital payment channels, including switch-on/off features, transaction limits, and a kill switch to disable all digital payments from an account at once. The paper also asks whether new accounts should have digital payment “default off.”
Table 11: Option 4 — Proposed Contours
| Element | RBI proposal |
|---|---|
| Facility | Turn on or off one or all digital payment channels |
| Channel access | Through branch, internet banking, mobile banking, phone banking, IVR, or authenticated interfaces |
| Additional control | Kill switch for all digital payments from the account |
| Reactivation | Digital mode with stronger checks or branch visit |
| Possible exemptions | Mandates, standing instructions, and similar transactions |
| Open policy question | Should new accounts be defaulted off for digital channels? |
Source: uploaded paper.
Why is this the most workable option
This is the most proportionate and user-friendly measure in the paper. It empowers the customer without slowing down every payment. At the same time, it creates an emergency response tool. In fraud situations, time is everything. So a kill switch can become the retail customer’s fastest line of defence.
Table 12: Comparative Strength of the Four Options
| Option Fraud-control strength User autonomy Operational practicality Risk Risk | Risk of overreach | |||
|---|---|---|---|---|
| Option 1: Lag for APP | High | Medium | Medium | Medium |
| Option 2: Trusted person | Medium | Low to medium | Medium | High |
| Option 3: Shadow credit | Medium to high | Low | Low to medium | Very high |
| Option 4: Kill switch/controls | High | High | High | Low |
This is an analytical assessment based on the paper’s design choices.
ABC Live’s critical findings
Table 13: What RBI Gets Right and Where It Risks Overreach
| RBI gets it right. RBI | I risks overreach |
|---|---|
| Correctly identifies APP fraud as the central threat | Treats some solutions too broadly |
| Accepts that instant payments may need calibrated friction | Does not provide enough segmented fraud data |
| Focuses on prevention, not just post-fraud remedy | The trusted-person model raises autonomy and legal issues |
| Considers customer-control tools like a kill switch | The shadow-credit model may burden genuine users |
An analytical table based on the paper.
RBI’s central insight is correct: a fraud-heavy instant-payments system cannot remain entirely frictionless. Yet the friction must be smart, proportionate, and customer-centred.
How Each of RBI’s 17 Questions Should Be Answered
RBI has asked 17 consultation questions across the four proposed options. A good response should do more than say yes or no. Instead, it should explain which ideas deserve support, which require redesign, and which should be narrowed before they become regulation. Based on the uploaded discussion paper, the most balanced approach is to support customer-control tools and risk-based delay mechanisms, while urging caution on mandatory trusted-person architecture, especially broad shadow-credit restrictions.
Table 14: Suggested Answer Framework to RBI’s 17 Questions
| Q. No. | RBI’s issues. Suggested | answer in principle, ABC | C Live view |
|---|---|---|---|
| 1 | Whether lagged credit is needed from a cost-benefit perspective | Yes, but only in calibrated form | Support with redesign |
| 2 | Exemptions from the lagged-credit approach | Yes, certain categories should be exempt | Support exemptions |
| 3 | Whether ₹10,000 is the right threshold | Not as a universal threshold | Raise or risk-calibrate |
| 4 | Mandatory lag or optional/risk-based lag | Risk-based preferred | Do not make a full blanket |
| 5 | Whether a one-hour lag is reasonable | Broadly, yes, but not for every case | Reasonable if selectively applied |
| 6 | Allowlisting design | Payee-specific is safer than transaction-only | Allow both with safeguards |
| 7 | Coverage of the vulnerable-user solution | A narrower and optional approach is preferred | Do not apply too broadly |
| 8 | Legal/consumer concerns about a trusted person | Yes, major concerns exist | Strong caution |
| 9 | Due diligence for a trusted person | Customer declaration plus basic verification | Do not overburden |
| 10 | Whether the ₹50,000 threshold is reasonable | Broadly yes | Reasonable starting point |
| 11 | Guardrails for opt-out by vulnerable users | Strong disclosure and cooling-off needed | Essential |
| 12 | Views on low-credit-turnover / shadow-credit approach | Too broad in present form | Major redesign needed |
| 13 | Whether the ₹25 lakh threshold is reasonable | Not as a default across all covered accounts | Reconsider |
| 14 | Whether 30 days is enough for the customer to satisfy the bank | Often too long for genuine users, too short for disputes | Needs flexibility |
| 15 | Other exemptions from controls and the kill switch | Yes, some essential transactions should be exempt | Targeted exemptions |
| 16 | Should new accounts be default-off | Not for all channels | Low-risk access may stay enabled |
| 17 | How reactivation after the kill switch should happen | Digital plus strong safeguards, not branch-only | Hybrid model best |
This table is an analytical response built from the RBI paper’s consultation structure.
Option 1: Lagged Credit for APP Transactions
Question 1: Is there a need to introduce the lagged-credit option from a cost-benefit perspective?
Suggested answer: Yes, but only in a carefully calibrated, risk-based form.
RBI is right that APP fraud requires intervention before the money is irreversibly moved. A delay window can interrupt urgency-based scams and give the customer time to reconsider. However, a universal delay also imposes real friction on genuine transactions. Therefore, the cost-benefit balance supports a selective lag rather than a blanket lag.
Recommended response to RBI:
There is a clear need for a lag-based safeguard in principle. However, the final framework should rely on risk indicators such as:
- new payee,
- unusual device or location,
- abnormal transaction pattern,
- velocity spike,
- recent credential reset,
- or other fraud flags,
rather than solely on transaction value.
Question 2: Should any transaction or account category be exempted?
Suggested answer: Yes.
The paper already proposes an exemption for merchant transactions, recurring payments, and cheques. That is sensible. In addition, RBI should consider excluding or treating differently:
- government benefit transfers,
- court-ordered or statutory payments,
- insurance claim disbursements,
- hospital payments and verified medical emergency transactions,
- certain intra-family transfers are already on long-standing patterns,
- and pre-verified business counterparties.
ABC Live view:
Exemptions should be designed around low fraud probability and high urgency.
Question 3: Is ₹10,000 the right threshold?
Suggested answer: Not as a rigid universal threshold.
RBI’s data point is important. Transactions above ₹10,000 account for about 45 per cent of fraud cases by volume but 98.5 per cent by value. Thus, that figure supports using ₹10,000 as a policy reference point. However, in real-life India, many routine and legitimate transactions cross this amount.
Recommended response to RBI:
₹10,000 may serve as a starting point for an enhanced risk review, but not necessarily as the automatic trigger for a mandatory delay in every case. Either:
- the threshold should be raised, or
- the delay should depend on a combination of threshold plus risk scoring.
Should the lag be mandatory or optional, depending on the risk?
Suggested answer: Optional in low-risk cases, stronger in high-risk cases.
A full mandatory lag may be too blunt. Instead, a smarter system is one in which the bank must apply a delay where risk is materially high. Still, it may permit immediate execution where customer history and transaction context suggest low risk.
ABC Live recommendation:
Use a mandatory-risk model, not a mandatory-value-only model.
Question 5: Is a one-hour lag reasonable?
Suggested answer: Broadly yes, but only where the transaction has triggered concern.
One hour is long enough to disrupt emotional manipulation and short enough not to look like a full banking freeze. The “golden hour” logic cited by RBI is persuasive. Still, allocating 1 hour to every covered transaction may unnecessarily frustrate users.
Recommended answer:
One hour is a reasonable default intervention period for suspicious or risk-triggered transactions.
Question 6: What should the allowlisting approach be?
Suggested answer: Both transaction-specific and payee-specific allowlisting may be allowed, but payee-specific allowlisting should be more tightly structured.
Payee-specific allowlisting is practical for repeated trusted relationships. Meanwhile, transaction-specific allowlisting is useful for urgent one-off needs. However, both can be exploited if fraudsters pressure victims into using them.
Recommended safeguards:
- cooling-off for first-time payee allowlist,
- customer education warning before allowlist confirmation,
- extra confirmation for unusually large value,
- and bank-side monitoring of suspicious safelist behaviour.
Option 2: Trusted-Person Authentication for Vulnerable Users
Question 7: Is the solution’s coverage adequate, and who should be covered?
Suggested answer: Coverage should be narrower and more choice-based.
RBI’s concern for old citizens and persons with disabilities is understandable. However, a blanket mandatory rule for all persons aged 70+ and all PwD is too broad and may undermine autonomy.
Recommended response to RBI:
The framework should:
- remain opt-in by default,
- allow banks to offer it to high-risk users actively,
- and define any mandatory category very narrowly, if at all.
If any mandatory coverage is retained, it should be based on a carefully justified risk basis, not a broad age or disability label alone.
Question 8: Are there legal, contractual, or consumer protection concerns regarding the trusted person?
Suggested answer: Yes, there are very substantial concerns.
This is the biggest weakness in Option 2. A trusted person may not be:
- a joint holder,
- a nominee with operational authority,
- a power-of-attorney holder,
- or a legal guardian.
Yet that person could still affect the execution of the transaction. Consequently, this raises questions of authority, consent, privacy, liability, misuse, and conflict of interest.
ABC Live view:
RBI should not finalise this model without a detailed legal and consumer-rights framework.
Question 9: What due diligence should be required for a trusted person?
Suggested answer: Basic verification, not full banking-style onboarding.
Banks should not be forced into a heavy KYC-style process for a trusted person who may not even be a customer. At the same time, simple customer declaration alone may be too weak.
Balanced model:
- customer declaration and explicit consent,
- mobile/email verification,
- OTP-based validation,
- relationship disclosure,
- and a record of acceptance by the trusted person.
This creates traceability without excessive friction.
Question 10: Is the ₹50,000 threshold reasonable?
Suggested answer: Yes, as a provisional starting point.
RBI notes that nearly 92 per cent of fraud value lies above this amount. Therefore, ₹50,000 is a rational threshold for stronger intervention.
ABC Live view:
₹50,000 is a reasonable starting threshold, though banks may be allowed to tighten it for especially vulnerable opt-in users.
Question 11: What guardrails should protect vulnerable users who opt out?
Suggested answer: Strong guardrails are essential.
The paper already proposes a 24-hour waiting period and an explanation of the risk. That is sensible. In addition, RBI should add:
- clear disclosure in simple language,
- confirmation that the customer understands the fraud risks,
- easy re-entry into the facility,
- fraud-awareness nudges at opt-out,
- and perhaps temporary re-activation prompts after suspicious account events.
Recommended response to RBI:
Opt-out should remain possible, but it must be informed, documented, and reversible.
Option 3: Accounts to Receive Credits Commensurate With Nature of Relationship
Question 12: What are the views on this approach, including proportionality?
Suggested answer: The present design is disproportionate and needs major narrowing.
RBI is right to target mule accounts. However, making large categories of accounts default to a low-credit-turnover flag and shadow-credit restrictions risks serious inconvenience to genuine customers. In particular, it may affect small traders, freelancers, and semi-formal businesses.
ABC Live response:
This option should not be adopted in its present broad form. Instead, any final framework should be:
- risk-triggered,
- behaviour-based,
- and focused on suspicious patterns rather than wide default presumptions.
Question 13: Is ₹25 lakh a reasonable threshold?
Suggested answer: Not as a universal default for all covered accounts.
₹25 lakh may appear large for some individuals. However, for many growing businesses, professionals, and partnerships, it is not extraordinary. So a flat threshold may not reflect India’s diversity of account use.
Recommended response to RBI:
The threshold should not operate uniformly across all covered categories. Instead, a differentiated approach by account type and risk profile would be more proportionate.
Question 14: Are 30 calendar days enough for the customer to satisfy the bank?
Suggested answer: The current proposal is problematic.
For genuine customers, 30 days may be far too long to keep incoming funds effectively frozen. At the same time, for some complex disputes or document collection issues, 30 days may still not resolve the matter neatly.
Recommended answer:
If RBI retains any shadow-credit model, it should:
- require much faster preliminary review,
- allow partial use where risk is low,
- impose escalation timelines on banks,
- and create customer appeal or review rights.
Option 4: Customer-Induced Controls and Kill Switch
Question 15: What other transactions should be exempt from controls and the kill switch?
Suggested answer: Exemptions should be narrow and necessity-based.
The paper already mentions payment mandates and standing instructions. In addition, RBI should consider carefully defined exemptions for:
- loan EMI auto-debits,
- court or statutory recoveries,
- selected government dues,
- and certain pre-authorised essential services.
ABC Live view:
Exemptions should be limited to avoid weakening the kill switch. After all, the purpose of the kill switch is emergency control.
Question 16: Should new accounts be defaulted off for all digital channels?
Suggested answer: No, not for all channels.
A fully default-off design may support security. However, it could also undermine financial inclusion, customer convenience, and digital adoption at account opening. RBI itself acknowledges this trade-off.
Better approach:
- allow low-risk, low-limit digital access by default,
- require customer activation for higher-risk or higher-limit features,
- and use progressive enablement based on customer choice and account maturity.
Question 17: If a kill switch is applied, should reactivation happen only through a branch visit or also digitally?
Suggested answer: Reactivation should be possible digitally as well, but with stronger safeguards in place.
Branch-only reactivation would be too burdensome in a country built around mobile-first digital payments. At the same time, digital reactivation must not be so easy that fraudsters can undo the protection.
Recommended guardrails:
- stronger multi-factor authentication,
- cooling-off for reactivation in suspicious cases,
- device-binding checks,
- customer alerts across channels,
- and branch fallback for disputed or high-risk cases.
ABC Live view:
A hybrid model is best: digital reactivation for normal, genuine use, and branch or manual review for flagged high-risk circumstances.
Table 15: Consolidated Recommendation to RBI
| Regulatory areas: Suggested | d stance |
|---|---|
| Lag for APP payments | Support in principle, but make it risk-based |
| Threshold-only triggers | Avoid over-reliance |
| Trusted-person model | Keep mostly opt-in and narrowly structured |
| Shadow-credit regime | Redesign substantially before adoption |
| Customer controls and kill switch | Strongly support |
| Default off onboarding | Use partially, not universally |
| Reactivation after the kill switch | Permit digitally with strong safeguards |
Analytical summary based on the paper’s full consultation framework.
What RBI should prioritise
Table 16: ABC Live Priority Ranking of the Four Options
| Priority rank ProposalABC | BC Live view | |
|---|---|---|
| 1 | Customer-induced controls and kill switch | Strongly support |
| 2 | Risk-based lag for suspicious APP transactions | Support with redesign |
| 3 | Optional trusted-person protection | Support only as opt-in |
| 4 | Broad shadow-credit regime | Needs substantial narrowing |
Analytical ranking based on the paper.
Final assessment
RBI’s discussion paper is timely, insightful, and important because it recognises the central shift in digital payment risk. The next regulatory challenge is not only about stronger passwords, better cyber walls, or tighter back-end controls. Instead, it is about the design of human decision-making inside instant payment systems. That is the paper’s biggest strength.
Even so, the quality of the final framework will depend on the degree of restraint. India cannot fight fraud by making ordinary banking slow, confusing, or document-heavy for genuine users. At the same time, it cannot preserve trust if fraud continues to scale through urgency, impersonation, and mule-account networks. Therefore, the right path is a middle one: stronger customer controls, faster emergency shutoff tools, risk-based delay where fraud signals are real, and much sharper scrutiny of suspicious account behaviour.
If RBI gets that balance right, India will not just remain a leader in fast payments. It may also become a leader in fraud-aware payment design. That, in turn, would be the paper’s most important legacy.
How We Verified This Report
This report is based directly on the uploaded RBI’s Digital Payments Fraud Safeguards Discussion Paper issued by the Department of Payment and Settlement Systems, Reserve Bank of India. All figures, thresholds, proposal contours, and consultation questions referenced here are taken from the uploaded document.
Why ABC Live Is Publishing This Report
Digital payment fraud is no longer a niche banking issue. Instead, it affects consumer trust, financial inclusion, small business operations, digital public infrastructure, and the credibility of India’s fast-payment model. RBI’s proposals could shape the next generation of digital-payment safeguards in India. Therefore, this paper deserves public scrutiny beyond the banking sector.
