In February, Alok (name changed), a business analyst from Pune, received what appeared to be a routine message: a notification asking him to pay ₹1,000 as a speeding fine. The message warned that failure to act quickly could result in the suspension of his driving licence. as reported by BBC.
Concerned, Alok clicked on the link and proceeded with the payment. As part of the process, he was asked to enter an OTP (one-time password). Within minutes, however, his credit card was charged $3,225—the maximum transaction limit.
Alok had unknowingly approved a far larger transaction than intended. He had fallen victim to a common scam in India, where fraudsters impersonate official platforms, sending phishing links that trick users into revealing sensitive information.
Experts identify this as “social engineering,” a method where scammers manipulate victims psychologically by creating urgency or fear.
Such incidents are no longer isolated. With India’s rapid shift towards digital payments over the past five years, fraud cases have surged dramatically. In 2025 alone, nearly 2.5 million individuals collectively lost around $2.5 billion—marking an alarming 4,300% increase since 2021. This sharp rise has prompted India’s central bank, the Reserve Bank of India (RBI), to take notice.
Earlier this month, the RBI released a discussion paper outlining potential measures to curb digital fraud. Among the proposed solutions is a one-hour delay in account-to-account transactions, allowing users a buffer period to identify and stop fraudulent payments.
The central bank has also suggested additional authentication measures involving a “trusted person” for high-value transactions, particularly for vulnerable groups such as senior citizens.
The paper further recommends stricter monitoring of large credits into accounts to detect mule accounts—those used for illegal fund transfers. It also proposes giving users more control over digital transactions, including the ability to switch payments on or off and set limits, similar to existing card controls.
While these steps signal a proactive approach, experts remain cautious about their overall effectiveness. Rajesh Bansal, former CEO of the RBI’s Innovation Hub, points out that OTP-based scams like Alok’s now represent only a small portion of total fraud losses.
“These scams were the dominant variety three or four years ago, but frauds have now moved to another level, and are far more sophisticated.”
Implementation challenges also loom large. “It is not going to be easy to implement a lag because there are so many parties involved in the payment network. There is no simple way to do it without changing the current architecture,” says Wriju Ray of IDfy, a regulatory technology firm.
The RBI itself acknowledges these difficulties, noting that introducing delays would require extensive system-wide changes—from transaction queuing to cancellation processes—bringing additional costs and operational complexity. Moreover, such a move would contradict the fundamental principle of instant digital payments.
“It’s like building an expressway and adding speed breakers every few kilometres,” says Bansal.
Experts also warn that fraudsters may quickly adapt. “They [scammers] are just going to figure out a way to overcome the lag. For instance, they might ask for a customer to undertake a payment and wait for an hour for their acknowledgement so an alarm is not raised,” says Ray.
Other proposals, such as requiring a “trusted person” for additional verification, raise practical concerns. “Additional checks for senior citizens is probably highly recommended but how does one comply? What if your so-called ‘trusted adviser’ is abroad? And what if they ask you to go ahead with a transaction that still ends up being a fraudulent one? Then who does the accountability move to?” Ray questions.
Similarly, enhancing detection of mule accounts through stricter due diligence may prove effective but resource-intensive. According to Ray, the cost of implementing such systems will likely be passed on to consumers.
Bansal highlights that the RBI already has a tool designed to tackle this issue. “It was conceptualised when I was the CEO. It needs to be implemented in near real-time in the banking system. Unfortunately, that has not happened,” he says, referring to Mulehunter.AI, a platform that identifies suspicious beneficiary accounts.
Despite these regulatory efforts, experts agree that policy changes alone will not be sufficient. Strengthening public awareness and digital literacy is equally critical. India’s digital adoption has far outpaced its education on online safety, leaving many users vulnerable.
The RBI has initiated awareness campaigns, featuring prominent figures like Amitabh Bachchan and leveraging high-visibility platforms such as IPL cricket broadcasts. However, experts argue that much more investment is needed in educating users.
Collaboration across institutions is also essential. Bansal stresses the need for coordinated action involving law enforcement, government ministries, and financial regulators. “The challenge right now is, whose baby is this?” he asks.
Even so, the RBI’s decision to open a consultative process marks a shift in approach. As Ray notes, “These discussions will eventually result in regulation. This is a big change from earlier where the RBI would just announce a diktat.”
ISSUE
Leave a Comment