In order to eliminate frauds related to digital payments, the Reserve Bank of India is proposing the introduction of a lag before the execution of debits. This can act as a preventive control by disrupting the fraudster’s psychological influence over the victim and by giving the payer an opportunity to reconsider the transaction.
Threshold for applicability
To ensure that low-value transactions continue to remain frictionless, such lag mechanisms are proposed to be applied only to APP transactions above a specified threshold. A threshold of ₹10,000 per transaction may be considered appropriate, the apex bank said in its recently released discussion paper, Exploring Safeguards in Digital Payments to Curb Frauds.
Objective of the proposed measure
Inducing a lag in a select category of digital payments (by way of process-level changes or in terms of additional due diligence requirements) would help buy time for both customers and PSOs to limit fraudulent transactions from being executed or the proceeds thereof from being moved quickly, while also empowering customers through the provision of customised controls.
Gap in existing safeguards
Electronic payments to merchants are ordinarily enabled by banks and Payment Aggregators (PAs) after undertaking the requisite due diligence of merchants. In such cases, payment networks typically provide chargeback mechanisms as part of the dispute resolution framework. However, no comparable safeguard exists in the case of account-to-account transfers.
Accordingly, introducing a time lag for certain APP transfers to the bank account of an individual, or to the account of a sole proprietorship or partnership firm, at both the payer’s and the payee’s ends, may serve as an effective fraud-mitigation measure.
Fraud data insights
As per information available with the National Cyber Crime Reporting Portal (NCRP), transactions above ₹10,000 account for approximately 45% of reported fraud cases by volume, but about 98.5% by value.
Implementation framework
Under this approach, once a customer (individuals, including sole proprietors and partnership firms) initiates an APP transaction exceeding ₹10,000, a lag period of one hour could be applied. The lag can be applied at the payer’s end, the payee’s end, or both. From an ease-of-implementation perspective, it is suggested that the lag be introduced at the payer’s end only.
Customer control during lag period
During this period, the payer’s bank would provisionally debit the customer’s account, and the payer would retain the option to cancel the transaction for any reason. The proposed one-hour window is consistent with the “golden hour” principle in fraud-risk management, under which the initial period following a fraudulent transaction is critical to prevent the dissipation of funds.
During this period, if the payer’s bank identifies the transaction as unusual or atypical, it may seek reconfirmation from the payer while sharing appropriate information on the nature of the suspicion and cautioning the payer. If the payer, after reviewing the information provided, still chooses to proceed, the transaction will be executed by the payer’s bank.
Provision for time-sensitive transactions
Further, recognising that certain transactions may be time-sensitive, an option may be provided to the payer to override the lag for a specific transaction by explicitly authorising it, for instance through a whitelisting mechanism.
In such cases, the lag may be bypassed. Instead of allowing whitelisting of transactions, or in addition to it, payees can be whitelisted by the payer. All payments to such whitelisted payees will not be subjected to the time lag.