If you regularly use UPI apps and prefer making payments online, this update is important for you. From April 1, 2026, several major changes in digital payments and banking rules have come into effect in India.
These changes have been introduced by the Reserve Bank of India (RBI) to reduce fraud and improve security.
Under the new rules, two-factor authentication (2FA) is now mandatory for all digital transactions.
This includes payments made through UPI, debit/credit cards, and mobile wallets. This change will affect how users complete their online payments.
Online payment fraud has been increasing in India. OTP-based systems are no longer fully secure, as fraudsters use methods like phishing and SIM swap scams. To tackle this, RBI has made stronger security measures compulsory.
Now, every transaction must be verified using at least two different methods. OTP will still be used, but it must be combined with another verification method such as:
PIN
Password
Biometric authentication (fingerprint/face)
Secure token
This means OTP alone will not be enough anymore. Every payment will go through two layers of security. While this may take a little more time, it will make transactions much safer.
Risk-Based Authentication System
To balance safety and convenience, banks will follow a risk-based approach:
Low-risk transactions: Small, regular payments from trusted devices will be processed quickly with minimal steps.
High-risk transactions: Large payments or transactions from new devices may require extra verification.
Stricter Rules for Banks and Faster Complaint Resolution
RBI has also increased the responsibility of banks and payment platforms to ensure secure systems.
Compensation for fraud: If fraud happens due to a system failure or negligence, banks may have to compensate customers.
Faster resolution: Complaints related to fraud are expected to be resolved more quickly under the new rules.
New UPI Operational Rules by NPCI
The National Payments Corporation of India (NPCI) has introduced new limits to improve system efficiency:
Balance check limit: Users can check their balance only up to 50 times per day per app.
Account linking limit: A maximum of 25 bank accounts can be linked to one UPI app in a day.
Transaction status check: Pending transaction status can be checked only 3 times, with a 90-second gap between each attempt.
Auto-debit timing: Recurring payments like EMI or subscriptions will be processed during non-peak hours (before 10 AM or after 9:30 PM).
Other Important Banking and Finance Changes
ATM charges: Banks like HDFC Bank will now include UPI-based cardless cash withdrawals in the monthly free transaction limit. After the limit, a charge of ₹23 plus tax will apply.
Lounge access: From now on, RuPay Platinum debit card users will no longer get access to airport or railway lounges.
International payments: Similar 2FA rules will also apply to cross-border transactions. These rules must be fully implemented by October 1, 2026.
