The Reserve Bank of India’s latest discussion paper on digital payment fraud safeguards promises to reduce Authorized Push Payment (APP) fraud while preserving transaction convenience. Yet the proposed measures—transaction delays, enhanced authentication layers, and mandatory cooling-off periods—point toward slower, more friction-heavy payment experiences.
The central bank acknowledges that APP fraud, in which customers are tricked into authorizing payments to fraudsters, has surged alongside the adoption of digital payments. The paper proposes transaction delays for first-time beneficiaries and high-value transfers, additional authentication steps for suspicious patterns, and mandatory warnings before irreversible payments.
What emerges from the consultation framework is a regulatory admission that current Know Your Customer (KYC) and transaction monitoring systems have failed to keep pace with the sophistication of fraud. Banks and payment service providers have invested heavily in real-time fraud detection, yet the RBI’s proposals suggest these systems require manual intervention and customer friction to function effectively.
The paper’s treatment of liability allocation reveals deeper structural issues. While it discusses shared responsibility between banks, payment aggregators, and customers, it stops short of prescribing specific liability frameworks. Banks currently bear most fraud losses under existing RBI guidelines, but the discussion paper hints at shifting some burden to customers who ignore warning prompts or bypass authentication steps.
For payment companies, the compliance mathematics are stark. Transaction delays could reduce payment volumes, affecting revenue models built on transaction velocity. Enhanced authentication requirements will increase operational costs while potentially driving users toward less secure alternatives. The paper seeks feedback on implementation timelines but provides no cost-benefit analysis for proposed measures.
The consultation process itself carries regulatory signaling value. By releasing a discussion paper rather than direct guidelines, the RBI appears to be testing industry appetite for significant increases in friction in digital payments. Previous RBI consultations on payment security have typically resulted in watered-down final guidelines after industry pushback.
My Boardroom Takeaway: Directors of fintech companies and digital-heavy banks should prepare for a fundamental shift in payment user experience design. The RBI’s fraud prevention priorities may conflict with growth metrics tied to transaction volumes and user acquisition. Risk committees may wish to model the revenue impact of proposed transaction delays and authentication requirements. Companies heavily dependent on instant payment flows should consider diversifying their business models before these safeguards become mandatory guidelines.