India’s real-time payments network is confronting a familiar dilemma of scale: how to preserve convenience while closing loopholes that have quietly cost users money. At the center of the debate are two UPI features—Collect and Autopay—that regulators now believe have been misused often enough to warrant redesign
A Quiet Reassessment of a Mass Payments System
For much of the past decade, the Unified Payments Interface, or UPI, has been celebrated as a model of frictionless digital finance. Built and overseen by the National Payments Corporation of India (NPCI), the system now processes billions of transactions each month, spanning everything from roadside tea stalls to subscription-based streaming services.
But behind that success, NPCI has begun re-evaluating two core features—Collect and Autopay—after mounting concerns that they have been exploited in fraudulent and misleading transactions. According to people familiar with the discussions, NPCI has asked payment aggregators to prepare for selective changes that would limit how these tools can be used, particularly in categories where customer losses have drawn scrutiny.
The proposed recalibration reflects a broader tension within India’s digital payments ecosystem: how to maintain scale and ease of use while tightening consumer protection in an environment where fraud tactics evolve as quickly as the technology itself.
How Collect and Autopay Became Points of Concern
The Collect feature allows merchants to initiate a payment request, shifting the starting point of a transaction away from the customer. Autopay, meanwhile, enables recurring payments for subscriptions and bills, often approved once and executed automatically thereafter. Together, they have helped fuel the rise of digital subscriptions and remote merchant payments.
Yet payment aggregators told speaking on condition of anonymity, that unclear display formats and insufficiently prominent consent cues have contributed to unintended payments and longer-term charges that users did not fully anticipate. In some cases, customers approved what they believed to be a one-time payment, only to discover later that they had authorized a recurring debit.
NPCI is now weighing changes that would selectively phase out Collect for the “person-to-person merchant” category, a segment that officials believe is particularly vulnerable to misuse. The intention, sources said, is not to dismantle the feature entirely but to curb its use for recurring collections that blur the line between one-off requests and subscriptions.
Fraud, Design, and the Cost of Ambiguity
At the heart of the debate is interface design. Regulators and industry participants increasingly agree that how information is displayed—what is emphasized, what is buried—can materially affect consumer outcomes. In a system as fast as UPI, even minor ambiguities can translate into large aggregate losses.
Payment aggregators said restrictions on Collect could reduce fraudulent charges by nudging transactions toward more explicit, intent-based flows such as QR-code payments, where customers actively initiate transfers. At the same time, they acknowledged that small merchants, particularly those reliant on remote payment requests, could feel the impact of a partial withdrawal.
NPCI is also planning to reinforce stricter display rules for Autopay, ensuring that users can clearly see and approve the nature, duration, and frequency of subscription-based payments before consent is granted. Industry participants say clearer disclosures could limit unintended long-term approvals without dismantling the subscription economy that has grown around UPI.
Industry Response and the Road Ahead
The proposed changes place payment intermediaries in a delicate position. While many privately concede that tighter rules are overdue, they must also prepare merchants for a shift in how payments are requested and authorized.
