Quick Take:
|
The Reserve Bank of India (RBI) has proposed a 1-hour cooling-off period on account-to-account digital transfers above Rs 10,000 — including UPI and IMPS — in a discussion paper released on April 10, 2026. Under the proposal, money would be provisionally debited from the sender’s account but held for up to one hour before reaching the recipient, giving users a window to cancel suspected fraudulent transactions. The RBI has invited stakeholder feedback until May 8, 2026, after which final guidelines will be issued.
| StartupFeed Insight
What this means: India’s Rs 20 lakh Cr+ annual UPI transaction ecosystem is being asked to choose between its founding promise — instant payments — and the urgent reality of Rs 22,931 Cr in annual fraud. The RBI’s proposed answer is a 60-minute pause for high-value P2P transfers. Winners:
Losers:
Action required: Submit feedback on RBI’s Connect 2 Regulate portal before May 8, 2026. Fintech founders, payment processors, and bank compliance teams should respond formally — this consultation window is real and consequential. |
What’s New — The Full Proposal
The RBI discussion paper outlines five interconnected measures. This is not a single rule — it is a framework:
| Provision | Old Rule | New Proposal | Impact |
| P2P transfers > Rs 10,000 (UPI/IMPS) | Instant settlement | 1-hour provisional hold; sender can cancel | High — affects daily large transfers |
| Trusted contact whitelist | None | Users can pre-approve recipients to skip delay | Medium — reduces friction for known contacts |
| Senior citizens (70+) transfers > Rs 50,000 | Standard OTP | Mandatory trusted-person authentication | High — protective for vulnerable users |
| Suspicious/mule accounts | No annual cap | Annual credit capped at Rs 25 lakh | Medium — targets fraud infrastructure |
| Kill switch | None | User can instantly disable all digital payments (UPI + Net Banking + Cards) | High — emergency fraud stopper |
| New account restrictions | Partial | Higher verification thresholds for recently opened accounts | Low-Medium — targets fresh mule accounts |
How the hold works mechanically: Money is provisionally debited from the sender’s account — so your balance updates immediately. But the funds sit in a holding stage for up to 60 minutes before crediting the recipient. During this window, the sender can cancel, and banks can flag the transaction as suspicious using AI-based fraud detection.
Who Is Affected?
| Transaction Type | Affected? | Why |
| P2P UPI transfer above Rs 10,000 (first-time recipient) | YES — 1-hour hold | Core scope of proposal |
| P2P UPI transfer to whitelisted trusted contact | NO — instant | Opt-in trusted list bypasses delay |
| Merchant payment (QR code, shop, petrol pump) | NO — instant | Person-to-merchant explicitly excluded |
| E-commerce payments (Flipkart, Amazon, etc.) | NO — instant | Merchant payment, excluded |
| NACH / e-mandate / EMI | NO — instant | Pre-authorized; different mechanism |
| Cheque-based transfers | NO | Already has clearing delay |
| IMPS transfer > Rs 10,000 (P2P) | YES — 1-hour hold | Same as UPI; same proposal scope |
| Senior citizen (70+) UPI transfer > Rs 50,000 | YES + extra step | Trusted-person auth required |
The Fraud Crisis That Triggered This
| Metric | 2021 | 2025 (Latest) | Change |
| Digital fraud cases | 2.6 lakh | 28 lakh | +10.7x |
| Total fraud value | — | Rs 22,931 Cr | — |
| % fraud value from transactions > Rs 10,000 | — | 98.5% | — |
| % fraud incidents from transactions > Rs 10,000 | — | 45% | — |
| UPI transaction volume growth (last 10 years) | 1x | 38x | 38x |
The data reveals a critical asymmetry: transactions above Rs 10,000 represent only 45% of fraud incidents but account for 98.5% of total fraud value. The Rs 10,000 threshold is not arbitrary — it targets the highest-damage segment of digital fraud while leaving everyday small payments untouched.The fraud typology: The RBI notes that most digital fraud today is not a technical system breach. It is APP fraud — Authorised Push Payment fraud — where social engineering, impersonation, and psychological pressure trick users into willingly transferring money. Once funds clear through instant UPI, recovery becomes near-impossible.
What Industry Says
|
The split in expert opinion reflects the genuine tension at the heart of this proposal. IDfy’s Singh identifies the real risk: a blanket rule could be gamed — fraudsters can simply pressure victims into whitelisting them as trusted contacts before attempting the scam. The RBI itself acknowledged this flaw in its own discussion paper, flagging that fraudsters may pressure victims into whitelisting transactions.
Compliance Checklist — What You Must Do
For individuals: Action items before May 8, 2026:
- Submit your feedback on RBI’s Connect 2 Regulate portal (rbi.org.in/CTP) before May 8, 2026
- If you send regular high-value payments to known contacts (family, service providers), plan to whitelist them when the feature becomes available
- If you are a caregiver for a senior citizen (70+), discuss the trusted-person authentication option — it provides an additional layer of protection
For fintech founders and payment companies: Action items before May 8, 2026:
- File formal stakeholder comments via Connect 2 Regulate — this is a real consultation window, not performative
- Begin UX redesign planning for a ‘payment in transit’ state — users will need clear feedback during the 60-minute window
- Review API integrations for any P2P UPI flows that currently assume instant settlement
- Prepare compliance teams for a potential 6–12 month implementation window once guidelines are finalized
Sector Impact Analysis
| Sector | Impact | Why |
| UPI Apps (PhonePe, GPay, Paytm) | Negative | Core instant-transfer UX disrupted; product redesign required for large P2P flows |
| Banks (PSU + Private) | Mixed | Compliance cost and system overhaul, but potential liability reduction from fraud losses |
| Fintech Lending / P2P Lending | Negative | Disbursements and repayments via UPI face friction; may shift to NEFT |
| MSMEs / Gig Economy | Negative | Contractor and supplier payments above Rs 10,000 face 1-hour delay; cash flow impact |
| Anti-Fraud Tech (IDfy, Signzy, Setu) | Positive | Demand surge for risk scoring, behavioral analytics, and trusted-contact management tools |
| Senior Citizen Users | Positive | Additional layer of protection against social engineering and impersonation fraud |
| E-commerce / Merchants | Neutral | Merchant payments explicitly excluded from proposal |
What’s Next
Feedback deadline: May 8, 2026 via RBI’s Connect 2 Regulate portal. After reviewing stakeholder responses, the RBI will issue final guidelines — expected by Q3 2026. Banks and payment service operators will then receive an implementation window, likely 6–12 months, before the rules become mandatory.
The kill switch feature may be implemented faster than the delay rule — it requires less systemic change and has broader stakeholder support. Watch for that as a standalone notification before the full framework goes live.
Our prediction: The final rule will raise the threshold from Rs 10,000 to Rs 25,000 after industry pushback, and the delay will be reduced to 30 minutes for accounts with clean transaction history. The trusted-contact whitelist will become the real workaround for most users — making the net impact on daily transactions lower than the current proposal suggests. But the kill switch will be implemented in full, and that alone could prevent hundreds of crores in fraud annually.
What do you think? Will the UPI delay make payments safer or just slower? Submit your RBI feedback before May 8. Tell us on X @StartupFeednews
