If you also depend on UPI apps for every payment and prefer making most of your payments online, then this update is important for you.
From April 1, 2026, several major changes in digital payment and banking rules have come into effect in India. The Reserve Bank of India (RBI) has introduced stricter regulations to reduce fraud and improve accountability.
Under the new framework, two-factor authentication (2FA) has become mandatory for all digital transactions. This will change how users make payments through UPI, cards, and mobile wallets.
Online payment fraud has been increasing in India. This step has been taken because OTP-based systems are now facing higher risks from fraud methods such as phishing and SIM swap scams.
Contents
2FA Rules for All Payments
According to RBI’s new rules, every digital payment made through UPI, card, or wallet must now be verified using at least two different methods.
OTP will still remain a part of the authentication process, but it must now be combined with another separate verification method.
This means that OTP alone will no longer be enough. Every transaction will need an extra layer of verification, such as:
PIN
Password
Biometric authentication
Secure token
In simple terms, every payment will now go through two layers of security. While this may make the payment process slightly longer, it will also make it much safer.
Risk-Based Authentication System
To maintain a balance between security and convenience, banks will now follow a risk-based authentication system.
Low Risk:
Small daily transactions made from trusted devices can remain quick and smooth.
High Risk:
Large payments or transactions made from new or unfamiliar devices may require extra verification steps.
Banks and Payment Platforms More Accountable
The RBI has also made banks and payment platforms more responsible for maintaining secure systems.
Compensation for fraud:
If fraud happens because of a system failure or negligence, banks and institutions may have to compensate users. This is expected to help resolve complaints faster.
Faster resolution:
The new rules are also aimed at ensuring quicker action on fraud-related complaints.
New UPI Operational Rules by NPCI
The National Payments Corporation of India (NPCI) has also introduced several limits to improve system performance.
Balance check limit:
To reduce system load, users can check their balance up to 50 times per day on one app.
Bank account linking:
You can link up to 25 bank accounts in one day on a single UPI app.
Transaction status check:
The status of a pending transaction can be checked only 3 times, and there must be a mandatory 90-second gap between each check.
Auto-debit timing:
Recurring payments such as EMIs and subscriptions will now be processed during non-peak hours, such as before 10 AM or after 9:30 PM.
Other Important Banking and Finance Changes
ATM charges:
Banks like HDFC Bank will now count UPI-based cardless withdrawals within your monthly free transaction limit. After crossing the limit, a charge of ₹23 plus taxes will apply.
Lounge access:
From today, RuPay Platinum Debit Card holders will no longer get access to airport or train lounges.
International payments:
Similar 2FA rules will also apply to cross-border transactions, and these must be fully implemented by October 1, 2026.