India’s Unified Payments Interface (UPI) has transformed the country into a global leader in digital payments, processing billions of transactions with unmatched speed and convenience. Yet this very openness has created a serious vulnerability for ordinary account holders. Unsolicited credits from unknown sources can land in anyone’s account, sometimes triggering police investigations, account freezes, and prolonged hardship—even when the recipient is completely innocent. A “consent layer” for inbound payments offers a practical, technology-driven solution to close this gap and safeguard users.
The Flaw in the Current “Open-Gate” System
UPI operates on a push-only model. Anyone who knows your UPI ID, mobile number, or account details can send money without your permission. Once the funds are credited, they become part of your account ledger. This creates multiple risks:
- Tainted Credits and Reverse-Refund Frauds: Fraudsters often send small amounts from accounts linked to cyber crimes or money laundering. Later, they or their accomplices contact the recipient claiming it was sent by mistake and pressure them to transfer the money elsewhere. The innocent recipient’s account then gets flagged.
- Blanket Account Freezes: Under criminal procedure laws, police and cyber cells frequently freeze entire bank accounts upon detecting even a single suspicious inbound transaction. A ₹500 credit from a flagged account can result in lakhs of rupees being locked, disrupting salaries, EMIs, business deals, and daily life. Many victims—students, homemakers, freelancers, and small traders—spend months petitioning courts to unfreeze their funds despite having no guilty intent.
- Money Mule Exploitation: Ordinary citizens unknowingly become part of laundering chains. The system currently offers no easy way for them to reject funds before they contaminate their accounts.
These issues have led to growing public frustration and repeated judicial interventions emphasising proportionality. However, court relief is always reactive and time-consuming.
What a Consent Layer Would Look Like
A consent layer would introduce an explicit “accept or decline” mechanism for inbound payments, especially from non-whitelisted or unknown senders. Funds would remain in a pending state until the recipient gives consent. If declined, the money would automatically reverse to the sender without ever touching the recipient’s ledger.
Key features could include:
- Notifications asking “Do you want to accept this payment?”
- Custom rules: auto-accept from family and known contacts, auto-decline from flagged VPAs, or permission required above a certain threshold.
- Option to maintain “open mode” for trusted merchants or regular payers while keeping sensitive accounts protected.
This approach treats a bank account as private property where the owner has the right to refuse entry, rather than an open conduit for any transaction.
Lessons from Global Models
Several countries have already implemented consent-based systems successfully:
- The United Kingdom’s Request to Pay (Pay.UK) allows recipients to review, accept, partially pay, or decline incoming requests.
- The European Union’s SEPA Request-to-Pay requires explicit authorisation.
- Australia’s PayTo mandates pre-authorisation with easy pause or cancellation options.
These frameworks have reduced fraud and disputes while maintaining high transaction volumes, proving that consent mechanisms can coexist with efficiency.
Alignment with India’s Digital Framework
India already understands the power of consent. The Account Aggregator framework and the Digital Personal Data Protection (DPDP) Act place explicit user consent at the centre of data sharing. Extending the same principle to payment inflows is a logical next step. The Reserve Bank of India (RBI) and National Payments Corporation of India (NPCI) can implement this through updates to UPI protocols and the Payment and Settlement Systems Act.
Addressing Potential Challenges
Critics may argue that an extra consent step adds friction. However, this can be minimised through smart defaults—whitelists, trusted contact groups, and tiered rules based on transaction size or frequency. Legitimate regular payments would face almost no delay, while risky or unsolicited ones would be filtered. Implementation would require coordination between banks, NPCI, and fintech apps, but the technical foundation already exists within the India Stack.
The Way Forward
A consent layer would shift Indian banking from a reactive model of freezes and court battles to a proactive model of prevention. It would reduce the burden on law enforcement, lower the misuse of innocent accounts as money mules, restore public trust, and strengthen the integrity of the entire digital payments ecosystem.
As India pushes towards even greater financial inclusion and digital economy growth, protecting innocent account holders must remain a priority. Introducing a well-designed consent layer is not just a technical upgrade—it is a necessary safeguard for the rights and financial security of millions of ordinary citizens. The RBI and NPCI have the opportunity to lead this reform and set a new global standard for responsible digital payments.
About The Author
