UPI payments could see new limits as NPCI targets fraud-prone features
text_fields
The National Payments Corporation of India (NPCI) is considering changes to key UPI features such as Collect and Autopay after concerns over their misuse in fraudulent transactions.
The proposed steps aim to reduce customer losses linked to merchant-initiated payment requests and recurring subscription charges.
NPCI has asked payment aggregators to prepare for a selective phase-out of the Collect feature for the “person-to-person merchant” (P2PM) category. The move is intended to prevent merchants from using Collect requests for recurring or misleading payment collections, a method that has been increasingly linked to fraud.
Collect allows merchants to initiate payment requests instead of customers starting the transaction, while Autopay enables recurring payments for subscriptions and bills. NPCI is also planning to tighten display rules for Autopay, ensuring customers can clearly see payment details before approving recurring debits.
Payment aggregators said unclear interfaces have contributed to unintended payments and financial losses. They expect Collect to increasingly shift towards intent-based and QR-code transactions, which are considered safer. While smaller merchants may feel some short-term impact, restricting Collect in high-risk categories could significantly reduce fraudulent charges.
Clearer Autopay disclosures may also prevent users from unknowingly approving long-term subscriptions.
NPCI, Paytm, Pine Labs, and MobiKwik declined to comment on the proposed changes.
Industry experts believe the impact on listed fintech firms will be limited. Ranadurjay Talukdar, Partner and Payments Sector Leader at EY India, said P2PM Collect is not a major revenue source and that companies primarily earn from merchant payments, lending, subscriptions, and value-added services, which will remain unaffected.
Vinit Bolinjkar, Head of Research at Ventura Securities, echoed this view, saying transaction growth is unlikely to be hit. He added that limiting merchant-initiated Collect requests could close a key social-engineering route used in scams, improving trust in the UPI ecosystem even if it does not eliminate fraud entirely.