India Cracks Down: Stricter Rules To Combat Rising Digital Payments Fraud
India has launched a pointy clampdown on on-line cost scams, ordering harder checks and new guidelines that purpose to chop the rising tide of fraud. Based on experiences, regulators and cost networks moved after authorities recorded large jumps in each the variety of circumstances and the cash misplaced to scams final 12 months.
India: RBI And NPCI Move Fast
Regulators have pushed a number of modifications into the banking and funds system. According to revealed figures, incidents tied to Unified Payments Interface or UPI greater than doubled from about 7.25 lakh ($8,700) to 13.42 lakh ($16,200) in fiscal 12 months 2023-24.
Reported losses rose too, from ₹573 crore ($69 million) the 12 months earlier than to ₹1,087 crore ($131 million) in 2023-24. The central bank has allowed risk-based extra checks for sure transactions, and NPCI has instructed banks and apps to dam pull or gather requests on UPI from October 1, 2025, a transfer meant to close a typical rip-off vector.
The Reserve Bank of India (@RBI) releases new pointers on authentication for #digital cost transactions, set to take impact from April 1, 2026.
The framework mandates two-factor authentication for all digital funds, although no particular technique is enforced.
The central… pic.twitter.com/NH7xKuMmzm
— All India Radio News (@airnewsalerts) September 25, 2025
New Authentication And Domain Rules
One of the headline modifications is a requirement for two-factor authentication for funds, set to return into impact on April 1, 2026. Banks and cost corporations might want to apply at the very least two strategies of ID for transactions — comparable to biometrics, system tokens, or passphrases — whereas SMS OTPs will nonetheless be allowed in some circumstances.
Reports additionally say the business will probably be requested to order clear, trusted internet domains for banks and finance corporations — examples given embody “financial institution.in” for banks and “fin.in” for non-bank monetary corporations — to make phishing websites simpler to identify and block.
How Users And Banks Will Be Affected
The new guidelines are supposed to cease impersonation scams, pretend calls that faux to be regulation enforcement, and different social engineering methods that ship cash out of accounts.
A particular Cyber Fraud Mitigation Centre and the Indian Cyber Crime Coordination Centre will coordinate responses, and a suspect registry drawn from the nationwide cybercrime portal is getting used to trace suspicious accounts and identities.
Banks and small operators that run Aadhaar-enabled cost companies will face stricter due diligence necessities for his or her brokers and terminals.
Costs, Complexity And The Rural Gap
Banks and tech suppliers should improve programs to run the additional checks and preserve information. That will add value and complexity, particularly for smaller corporations and rural operators that depend on older units.
Users could face extra steps after they pay, notably for cross-border or uncommon transactions. Reports warn that fraudsters usually change ways after guidelines tighten, so the measures will want fixed assessment and lively enforcement to remain efficient.
Featured picture from Unsplash, chart from TradingView