The Reserve Bank of India is considering a sweeping set of new digital payment safety rules that would introduce a mandatory one-hour delay on transactions above Rs 10,000, with a cancellation window built in, along with additional safeguards for payments above Rs 50,000 and a targeted crackdown on mule accounts used to move fraudulently obtained money across the banking system, the Economic Times reported.
The proposals, if implemented, would represent the most significant structural change to India’s real-time digital payments framework since UPI was launched a decade ago and would affect hundreds of millions of transactions processed daily across the country.
What the proposed rules would actually do
The centrepiece of the proposal is the one-hour delay on transactions above Rs 10,000. Under current UPI and IMPS infrastructure, money moves from sender to receiver in seconds with no recall option once the transaction is confirmed. The proposed rule would introduce a mandatory cooling-off window of one hour for transactions crossing the Rs 10,000 threshold, during which the sender would retain the ability to cancel the payment before it is finally settled.
The logic is straightforward. The overwhelming majority of digital payment fraud in India follows a pattern where victims are socially engineered into authorising a payment — through fake customer care calls, investment scams, or impersonation of government officials — and the money moves instantly and irreversibly into a mule account before the victim realises what has happened. A one-hour delay with a cancellation option breaks that chain at its most critical moment, giving the defrauded person a window to reverse the transaction before it becomes permanent.
For payments above Rs 50,000, the RBI is considering additional verification layers beyond the standard UPI PIN. The specific mechanisms under consideration have not been publicly detailed but are understood to include stepped-up authentication, possible second-factor confirmation, or additional checks that would make large-value transactions harder to execute fraudulently even if the primary credentials have been compromised.
The mule account problem
The mule account crackdown addresses a specific and growing dimension of India’s digital fraud ecosystem. Mule accounts are bank accounts opened using real but often unsuspecting individuals’ KYC documents, which are then used by fraud networks to receive and rapidly disperse stolen money across multiple accounts before withdrawal. By the time a fraud is reported and investigated, the money has typically moved through three to five mule accounts and been cashed out, making recovery almost impossible.
The RBI’s proposed monitoring mechanisms would use transaction pattern analysis to flag accounts displaying behaviour consistent with mule account usage — unusually high volumes of incoming transfers followed immediately by outgoing transfers, accounts receiving funds from a large number of different senders within short windows, and new accounts showing high-value activity inconsistent with their KYC profile. Possible caps on the volume or frequency of transactions through accounts flagged as suspicious are also under consideration.
What it means for ordinary users
For the vast majority of everyday transactions — paying a restaurant bill, splitting rent, buying groceries, recharging a phone — nothing changes. The overwhelming majority of UPI transactions are well below Rs 10,000 and would not be affected by the proposed threshold at all.
For higher-value payments — sending money to family, paying a contractor, making a large purchase — the one-hour window would add a layer of friction that most legitimate users would find manageable and that defrauded users would find potentially lifesaving. The cancellation option transforms what is currently an irreversible act into a reversible one for the duration of the cooling-off period.
The Rs 50,000 threshold for additional safeguards targets the segment of transactions where fraud losses are highest in absolute rupee terms. While high-value fraud events are numerically fewer than low-value ones, they account for a disproportionate share of the total money lost to digital payment fraud in India each year.
The bigger picture
India processed over 100 billion UPI transactions in 2024, a volume that makes it the world’s largest real-time payments system by transaction count. That scale has made it indispensable to everyday economic life and simultaneously made it the primary hunting ground for an increasingly sophisticated digital fraud industry. The RBI has been tracking fraud losses across the payments ecosystem and the proposed rules reflect a judgment that the current framework’s speed-first design, which made UPI’s adoption possible, now needs to be balanced with protection mechanisms that did not exist when the system was built.
The rules are currently under consideration and have not been formally notified. The RBI is expected to seek industry feedback before any implementation, and the final thresholds, delay durations, and verification requirements may be modified from what has been reported. For now, the direction of travel is clear — India’s digital payments system is about to get a safety net, and the price of that net is a one-hour wait.