The Right to refuse unsolicited digital credits has emerged as a proposed safeguard for Indian bank account holders as the country’s banking system needs a consent layer to protect innocent recipients from account freezes triggered by suspicious inbound payments.
FCRF Academy Launches Premier Anti-Money Laundering Certification Program
Indian account holders currently have no legal or technical mechanism to accept or deny a payment before it reaches their ledger. This is a serious gap in the digital payments framework, particularly in the context of UPI, where money can be pushed into an account without prior approval from the recipient.
Consent Gap in Digital Banking
While UPI is widely seen as a success in financial inclusion and digital efficiency, its current architecture remains an “open-gate” system for inbound payments. Unlike social platforms, where a user must accept a connection request, banking transactions can enter an account without a similar consent requirement.
This absence of a pre-credit permission mechanism can expose unsuspecting citizens to serious consequences. A malicious actor can allegedly deposit tainted funds, often sourced from accounts flagged for cyber fraud, into another person’s account by merely obtaining their UPI ID or account details.
Under the prevailing interpretation of Section 102 of the CrPC, now mirrored in the Bharatiya Nagarik Suraksha Sanhita, the presence of such funds can trigger an immediate freeze of the entire account by cyber cells, regardless of the amount involved or the recipient’s lack of criminal intent.
In a recent case in where a client with a balance of Rs. 50 lakh, earmarked for the purchase of a residential flat in Noida, allegedly found his entire account frozen on the day he intended to issue a demand draft for property registration. The freeze followed an unsolicited UPI credit of Rs. 900 from an unknown source a few days earlier. That small amount was allegedly linked to a suspicious origin, leading to the entire account being flagged and blocked. Even though the disputed amount represented less than 0.02 percent of the total holdings. The fallout went beyond legal hurdles and a lengthy de-freezing process. It states that the client suffered tangible financial loss after his property commitment failed at a critical stage, forcing him to pay additional interest to the vendor to keep the deal alive. This situation reflects a broader problem in which an innocent account holder can be held hostage by a transaction they never requested.
Global Models and Proposed Reform
We can compare India’s position with consent-based payment systems in the United Kingdom, the European Union and Australia. The UK’s “Request to Pay” framework, under which recipients can pay in full, pay in part, pay later or decline to pay. It identifies the decline option as a key safeguard against unfamiliar or suspicious requests.
The European Union’s SEPA Request-to-Pay scheme, which it describes as a messaging functionality in which a payee initiates a request and the payer must explicitly authenticate and authorise the transaction. Australia’s PayTo system is another model, where users can authorise, pause or cancel payment mandates through their banking app.
Suggestions for A Consent-based Banking Framework
India should move toward a similar consent-based banking architecture.The Reserve Bank of India must issue updated directions under the Payment and Settlement Systems Act, 2007, mandating inbound transaction controls. These guidelines could allow users to set thresholds for automatic credits, block credits from unverified or flagged VPA categories and enable a permission mode for high-value accounts or businesses.
The National Payments Corporation of India should integrate a “Request-to-Credit” protocol within UPI. Under this proposed model, a transaction from a non-whitelisted VPA or first-time sender would remain pending until the recipient accepts or declines it. If declined, the funds would be automatically reversed to the source without appearing in the recipient’s ledger.
The “Right to Refuse” should be treated not merely as a technical feature but as a safeguard for modern banking. RBI and NPCI should ensure that bank accounts remain secure repositories for savings rather than vulnerable targets for procedural disruption.
