Digital fraud: RBI's safety proposals are broadly welcome but could be fine-tuned to suit everyone

Given the rapid growth of online transfers, it was but inevitable that frauds would also increase manifold. Even as digital transaction volumes multiplied and transaction values zoomed, digital frauds rose from some 260,000 incidents involving ₹551 crore in 2021 to 2.8 million involving ₹22,931 crore in 2025. That’s a nearly 42-fold jump in just five years.

Over the years, RBI has initiated a number of measures to keep digital payments safe. But fraudsters have found ingenious new ways to defraud the unsuspecting. As the paper points out, frauds often entail “the manipulation of users through social engineering, coercion, or impersonation.”

Victims are deceived into starting and okaying transactions, leading to ‘Authorised Push-Payment’ frauds. At the same time, the use of instantaneous payment systems—from NEFT and RTGS to UPI and IMPS—means it is often too late to intervene and recover the funds.

In a bid to tackle frauds that are purportedly authorized by account holders, the RBI paper lists four options: lagged credit to recipient accounts for authorized push payments beyond ₹10,000; additional authentication by some ‘trusted person’ for high-value online transactions (beyond ₹50,000) by vulnerable users; letting only accounts with a satisfactory additional review receive large credits; and customer-induced controls.

The basic idea is to create a lag in select categories of digital payments, thereby buying time for both customers and system operators to stop money from fraudulently being moved. During the buffer period, the payer’s bank would provisionally debit the customer’s account, but the payer would retain the option to cancel the transfer.

Similarly, the nomination of a ‘trusted person’ could protect a vulnerable user if the nominee spots something amiss with a big payment. The paper proposes making such measures mandatory for users aged 70 or above and those with disabilities, while keeping it optional for others. However, recurring payments, apart from merchant and cheque-based transactions, would be exempt so that these safety bars do not disrupt routine flows.

Since the modus operandi of most frauds involving dormant accounts is to use these as ‘mules’ for moving large funds, the RBI paper proposes a ceiling of ₹25 lakh for annual total credits into bank accounts that have a low credit turnover, unless there is additional proof of a genuine reason for a higher cap.

It also suggests extending a facility that lets users set their own limits for various transaction types—as credit cards offer—to other digital payment channels. This is expected to give customers greater agency over using their money.

Overall, the proposals are both reasonable and broadly in line with those other countries use. They could help fight digital frauds. However, as curbs on large credits could hamper genuine transfers, they may need a rethink. To maximize user agency, rupee caps are best left for users to decide. Many above-70s, for example, move large sums around by their own volition; sudden medical expenses could require it.

A shield for most should not be a hassle for some. Likewise, time buffers could be kept flexible. After all, RBI already has a number of checks in place to prevent the misuse of mule accounts.