RBI suggests cooling-off period for UPI and bank transfers — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 29, 2026

Severity: MEDIUM | View Full Scam Details

RBI Suggests Cooling-Off Period for UPI and Bank Transfers in India 2026: A New Step Against Digital Payment Frauds

Digital payment frauds continue to evolve, and in 2026 the RBI recommends a cooling-off period for UPI and bank transfers to help protect users from increasing financial scams.

What Is the RBI Suggests Cooling-Off Period for UPI and Bank Transfers?

In response to a rise in fraud cases involving immediate funds transfer through UPI (Unified Payments Interface) and bank-to-bank digital transactions, the Reserve Bank of India (RBI) has suggested introducing a cooling-off period before processing certain transactions. The idea is to allow users a short window—ranging from a few minutes to up to 24 hours—during which they can cancel or verify suspicious transfers made via UPI apps or net banking.

This advisory follows complaints reported to RBI, CERT-In (Indian Computer Emergency Response Team), and the Indian Cyber Crime Coordination Centre (I4C) about scams where fraudsters impersonate bank officials or customer support teams. Victims receive urgent calls or messages asking them to transfer money or share OTPs under false pretenses. Because UPI transactions happen instantly, there is usually no chance for users to reverse unauthorized payments easily.

Though RBI has not mandated a fixed national regulation for the cooling-off period, it urges banks and payment service providers to explore integrating this feature, especially for high-value or new beneficiary transfers. The move aims to curb losses for digital payment users and reduce social engineering frauds that have affected lakhs of users across India.

How This Scam Works — Step by Step

1. Initial Contact: The victim receives a phone call, SMS, or WhatsApp message claiming to be from their bank or a government authority like the Income Tax Department, RBI, or even a fake fraud investigation unit.

2. Alleged Emergency: The fraudster creates a sense of urgency, warning about suspicious transactions, pending fines, or locked accounts, and instructs the user to immediately transfer funds or share UPI PINs/OTP to “secure” the account.

3. Request for Transfer: The caller directs the victim to send money via UPI or net banking to a specified account or UPI ID (e.g., us**@bank), often pretending it's a temporary verification step or refund processing.

4. No Cooling-off Window: Because UPI transactions generally process instantly without delay, the victim cannot undo the transfer once completed.

5. Loss of Funds: The fraudster receives the money and immediately withdraws or transfers it through multiple accounts or wallet apps, making tracing difficult.

6. Aftermath: Victims realize the loss when checking their bank balance or receive alerts from their bank after funds have drained.

The scam mostly targets digitally active Indians who often transact using mobile wallets and UPI apps like PhonePe, Google Pay, or BHIM. Scammers exploit trust in Indian banking names and sometimes use spoofed SMS to appear legitimate.

Real Warning Signs to Watch For

• Calls or messages urging immediate money transfer to avoid penalties or account blocking
• Unsolicited alerts claiming suspicious activity but asking for UPI PIN or OTP
• Requests to verify “temporary” accounts or supposedly “government” UPI IDs
• Pressure tactics including threats, time-limited offers, or repeated calls
• Caller phone numbers that mimic local or official-looking numbers but differ slightly (e.g., 98XXXXXX12)
• Asking to download unofficial apps or click unsafe links for “verification”
• Being told that refunds or benefits require upfront payment transfers

What Happens to Victims

Victims may lose thousands to lakhs of INR within minutes, with little chance of immediate refund due to the instant nature of UPI payments. Emotional impacts include stress, distrust in digital payment methods, and embarrassment. Victims often report difficulty getting banks to reverse the transactions, especially if they knowingly authorized the transfer under pressure, complicating dispute resolution.

In some cases, fraudsters also misuse Aadhaar-linked services or conduct SIM swap attacks to intercept OTPs and bypass two-factor authentication, worsening the victim’s loss. While RBI mandates UPI transaction protections, the rapid and sophisticated nature of social engineering scams challenges regulatory efforts.

What RBI and CERT-In Say

RBI and CERT-In have issued multiple advisories urging users to never share OTPs, UPI PINs, or bank details with anyone, even if they claim to be bank officials. The RBI's 1930 helpline assists fraud victims with reporting and guidance. CERT-In advises users to verify any suspicious calls or messages by independently contacting bank/customer support numbers and not through links provided in messages.

Though a national mandatory cooling-off period is not currently enforced, RBI encourages banks and fintech firms to explore this safety feature, especially for transactions above certain thresholds or to new beneficiaries. The focus remains on increasing public awareness about secure transaction behaviour and vigilant account monitoring.

How to Protect Yourself

1. Never share UPI PINs, OTPs, or passwords over calls, messages, or WhatsApp, regardless of who requests them.
2. Verify calls claiming to be from banks or government officials by independently calling official helpline numbers.
3. Avoid immediate or unverified transfers—pause and confirm if an unexpected request arises.
4. Use transaction alerts and immediately report unknown debit entries to your bank and the RBI helpline (1930).
5. Avoid clicking on suspicious links or downloading unknown apps related to banking or refunds.
6. Set up UPI transaction limits via your bank’s app to reduce potential losses from unauthorized transfers.
7. Regularly update your mobile phone’s OS and banking apps for the latest security patches.

What to Do If You've Been Targeted

If you suspect you have fallen victim to such fraud:

1. Immediately call your bank’s customer service and request to block or freeze your UPI transaction or debit card.
2. Report the fraud to the RBI’s 1930 helpline or your bank’s official helpline.
3. File a complaint online at cybercrime.gov.in under the financial cybercrime or fraud category.
4. Contact CERT-In for additional guidance on securing your device and accounts.
5. Change all passwords and UPI PINs on your device and monitor your bank statements closely for further unauthorized activity.
6. Inform your telecom provider if you suspect SIM swap fraud.

Act quickly to increase chances of recovery and reduce further damage.

Frequently Asked Questions

Q: Can I reverse a UPI payment if I made a transfer by mistake?
A: Generally, UPI transactions are instant and cannot be reversed automatically. You can request your bank to initiate a refund, but it depends on recipient cooperation and bank policies. Hence caution before transferring is vital.

Q: What is a cooling-off period, and how does it help protect me?
A: A cooling-off period is a short delay before processing a transaction, giving users time to verify and cancel suspicious payments to prevent fraud losses.

Q: How can I verify if a call or message about my bank is genuine?
A: Always cross-check any calls or messages from your bank by calling the official customer service number from your bank’s website or passbook. Avoid using numbers or links from the message or caller.

For more details and to verify suspicious messages, visit BharatSecure.app. If you encounter fraud, report it promptly at the 1930 cybercrime helpline.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.