RBI’s 1-Hour UPI Delay Rule: Everything You Need to Know (April 2026)

RBI Discussion Paper — April 10, 2026

RBI’s 1-Hour UPI Delay Rule:
Everything You Need to Know

Digital fraud crossed ₹22,931 crore in 2025. Here’s exactly what the RBI is proposing, who gets affected, and what you should do right now.

📅 April 11, 2026 🏛 Source: RBI Official Paper ⏰ Feedback deadline: May 8, 2026

India’s UPI network processed 228 billion transactions worth nearly ₹300 lakh crore in 2025 alone — averaging 698 million transactions every single day by December. That is more daily transactions than Visa handles globally. But behind those jaw-dropping numbers, a different set of figures has been quietly climbing: fraud cases have surged more than tenfold in just four years.

On April 10, 2026, the Reserve Bank of India released a discussion paper titled “Exploring Safeguards in Digital Payments to Curb Frauds.” It sets out four concrete proposals. Stakeholders have until May 8, 2026 to submit responses before the RBI potentially issues formal guidelines.

Current status (April 2026): This is a discussion paper — not yet law. No rules have changed. The RBI is accepting public and industry feedback until May 8, 2026 through its Connect 2 Regulate portal. After reviewing responses, draft formal guidelines may follow.

1. What RBI Is Actually Proposing

The headline proposal is a one-hour pause on peer-to-peer digital transfers above ₹10,000. Here is precisely how it would work under the proposal:

Mechanism	How It Works
Your account is debited	Instantly, the moment you confirm the payment
Recipient receives funds	After a hold of up to 60 minutes
Cancellation window	Any time during that 60-minute hold period
Suspicious transaction alert	Bank must seek reconfirmation before releasing funds
Bypass option — whitelisting	Pre-approved trusted contacts receive funds instantly
Who is covered	Individuals, sole proprietors, small partnership firms
Minimum transfer amount to trigger hold	Above ₹10,000

“Fraudsters typically rely on creating urgency and maintaining continuous psychological pressure on the victim to prevent deliberation. Introducing lag at the payer’s end breaks the fraudster’s psychological control.”

— RBI Discussion Paper, “Exploring Safeguards in Digital Payments to Curb Frauds,” April 10, 2026

2. The Real Fraud Numbers: 2021 to 2025

The following figures are verified data from the National Cyber Crime Reporting Portal (NCRP), cited directly in the RBI’s official discussion paper.

₹22,931 Cr Total digital fraud value reported in 2025

28 Lakh Fraud complaints in 2025, up from 2.6 lakh in 2021

~40× Rise in fraud value: from ₹551 Cr (2021) to ₹22,931 Cr (2025)

98.5% Of total fraud value from transactions above ₹10,000

45% Of total fraud cases by volume involve amounts above ₹10,000

92% Of fraud value (NCRP) involves senior citizens aged 70+

2021

2.6 lakh fraud complaints filed. Total financial losses: ₹551 crore. UPI fraud is emerging but not yet alarming.

2022–23

Rapid growth in APP (Authorised Push Payment) fraud as system-level hacking becomes harder. Social engineering takes over as the primary attack method.

2024

RBI restricts UPI Collect requests — one of the most heavily exploited fraud channels. Fake call centres, deepfakes, and mule account networks become commonplace.

2025

28 lakh complaints filed. Losses hit ₹22,931 crore. Fraud cases rose more than 10× in four years; value rose approximately 40× from 2021 levels.

April 10, 2026

RBI releases discussion paper with four proposals. Industry and public feedback window officially opens.

May 8, 2026

Deadline for stakeholder submissions via Connect 2 Regulate portal. RBI will review before issuing possible draft guidelines.

3. How UPI Fraud Actually Works — No Technical Hacking Required

The RBI paper emphasises a point that is easy to overlook: almost none of today’s digital payment fraud involves a breach of banking systems. No one is hacking into servers. No passwords are stolen from databases.

The dominant attack category is called Authorised Push Payment (APP) fraud. The victim sends the money themselves — willingly, but under psychological manipulation.

How a typical APP fraud plays out

Scammer calls posing as bank official / govt officer

→

Creates urgency: “Act NOW or account blocked”

→

Victim initiates transfer under pressure

→

Money gone in 2 seconds via UPI

→

Funds moved through mule accounts within minutes

Fraud Type	How It Works	Why Instant UPI Makes It Worse
Fake bank official call	Caller claims your account is compromised; asks you to transfer to a “safe” account	Transaction completes in under 2 seconds — no recovery window
KYC / SIM card scam	Caller pretends to be from telecom or government, says Aadhaar/SIM needs urgent verification	Urgency prevents the victim from verifying the caller’s identity
Deepfake / AI voice fraud	AI-generated voice or video of a known contact requests emergency money transfer	Rising sharply in 2025–26; nearly impossible to detect in real time
Mule account networks	Fraudsters move money through multiple accounts in minutes to avoid recovery or tracing	Instant settlement removes the window to intercept the transaction chain
Fake customer care	Victim finds a fake helpline number online, calls it, and is tricked into making a payment	Victim authorises payment themselves — banks have limited liability recourse

Speed is the fraud’s most powerful asset. Once money moves on UPI or IMPS, recovery is extremely difficult. Banks can file disputes and law enforcement can get involved — but actual recovery rates remain low because funds are moved, split, or withdrawn within minutes of arriving.

4. All Four RBI Proposals, Clearly Explained

The discussion paper does not propose just one measure. It outlines four distinct options, each targeting a different dimension of the fraud problem.

Option 1

1-Hour Lag for P2P Transfers Above ₹10,000

Funds held at payer’s bank for up to 60 minutes before reaching recipient. Cancellable anytime during this window. Merchant payments, e-mandates, NACH, and cheques are explicitly exempt. Trusted contacts can be whitelisted for instant transfers.

Option 2

Trusted-Person Authentication for Senior Citizens

Citizens aged 70 and above, and persons with disabilities, must get approval from a nominated “trusted person” for transfers above ₹50,000. Covers approximately 92% of fraud value reported in this segment. Opt-out may be permitted on application.

Option 3

Shadow Credit Cap at ₹25 Lakh / Year

Annual aggregate credits into flagged accounts capped at ₹25 lakh. Amounts beyond this threshold held as “shadow credit” — visible but inaccessible — until the account holder satisfies the bank about transaction legitimacy. If no justification given within 30 days, funds are returned to the sender. Specifically targets mule accounts.

Option 4

Customer Kill Switch for All Digital Payments

One-tap button to instantly disable all digital payment channels from your account — UPI, IMPS, net banking — in a single action. Already operational in Singapore. Being rolled out by select banks in Australia. Gives users immediate control when they suspect fraud or account compromise.

5. Who Is Affected — and Who Is Not

Transaction Type	Affected by Delay?	Reason
P2P transfer above ₹10,000 to a new/unwhitelisted contact	Yes — 60-min hold	Core target of the proposal
P2P transfer to a whitelisted / trusted contact	Instant	Pre-approved recipients bypass the hold entirely
QR code scan at a shop or restaurant	Instant	Merchant payments explicitly exempt under proposal
Online shopping / e-commerce checkout	Instant	Routed through verified payment aggregators with own checks
EMIs / recurring mandate payments	Instant	Pre-authorised by verified merchants; explicitly exempt
NACH transactions (utility, insurance)	Instant	Explicitly exempt under the discussion paper
Cheque-based payments	Instant	Explicitly exempt under the discussion paper
Sole proprietors / small firms making informal P2P transfers	Yes — hold applies	Informal business P2P transfers are included in scope
Any P2P transfer below ₹10,000	Instant	Below the threshold; daily micro-payments fully unaffected

Why ₹10,000? This is not an arbitrary cutoff. RBI data shows transactions above ₹10,000 represent approximately 45% of fraud cases by volume, but account for 98.5% of the total value lost to digital fraud. The threshold targets fraud where it causes the most financial damage, while leaving the vast majority of daily low-value transactions — the backbone of India’s digital economy — completely untouched.

6. What Other Countries Are Already Doing

India is not the first country to introduce friction into instant payment systems as an anti-fraud tool. The RBI discussion paper itself draws on global precedents.

🇬🇧 United Kingdom

Banks can delay suspicious outbound payments by up to 72 hours under the Payment Systems Regulator framework. The UK also introduced mandatory reimbursement for APP fraud victims in 2024.

🇸🇬 Singapore

12-hour cooling-off periods for high-risk account actions. Kill switch already fully deployed and operational nationwide for all major banks.

🇸🇪 Sweden

Bank-led cooling-off and confirmation mechanisms on large transfers. Consent-based delay model with clear user communication.

🇦🇺 Australia

Kill switch rolling out through major banks. Scam prevention legislation passed in 2024 shifts liability toward banks for APP fraud losses.

India’s proposed 60-minute hold is actually shorter than the UK’s 72-hour window or Singapore’s 12-hour model for high-risk actions. The RBI has acknowledged this as an intentional trade-off — preserving UPI’s competitive speed advantage while introducing a targeted intervention window where it matters most.

7. Practical Tips for UPI Users Right Now

Whitelist contacts you pay regularly. Most UPI apps allow saving trusted contacts. Send a ₹1 test transfer to a new recipient today — this whitelists them so future transfers above ₹10,000 go through instantly once the rule is live.
Keep IMPS active as a backup. For truly urgent, time-sensitive transfers where instant confirmation is non-negotiable, IMPS remains an option. Set it up before you need it — not after an emergency arises.
For offline emergencies, use QR codes. Physical merchant QR code scans are expected to bypass the delay entirely. Keeping this option available matters for in-person urgent situations.
Plan high-value transfers in advance. For rent, freelancer payments, or family remittances above ₹10,000, sending earlier in the day removes any timing pressure. The 60-minute window becomes irrelevant when you plan ahead.
Watch your app’s UI for clear messaging. A message like “Payment releases at 3:47 PM” turns the wait into a feature. Vague loading spinners create confusion. If your bank’s app communicates poorly, report it via their official feedback channels.
Senior citizens: discuss the trusted-person option with family. Under Option 2, nominating a trusted family member as an authenticator for transfers above ₹50,000 could provide significant added protection for elderly relatives.
Never whitelist a contact under pressure. If someone calls and insists you whitelist their number before sending money — stop. Legitimate recipients do not ask to be whitelisted on a call. This is a fraud tactic designed to bypass the new safeguard.

8. Frequently Asked Questions

↑