BHIM Payments App has a New Feature: Spending from Someone Else's Bank Account Legally - Without Asking.
BHIM’s 2025 feature lets others legally spend from your UPI account. But one hidden setting separates empowerment from financial disaster. Before giving access, you must know the one rule that keeps you in control. The future of Indian family finance is here—and the risks are not what you think.
What if, in 2025, someone who doesn’t even have a bank account could legally spend from your account—without asking you each time—yet you’d still remain fully in control? And what if this was not a bug, but the next big idea in India’s digital payments story?
Welcome to BHIM’s new “trusted person” feature, built on UPI Circle Full Delegation—possibly the most quietly revolutionary change in how Indian families, staff, and small businesses handle money since UPI itself.
What this new BHIM feature really does
NPCI BHIM Services Limited has rolled out UPI Circle Full Delegation inside the BHIM app, allowing a “primary user” to authorise a trusted contact to make UPI payments directly from the primary user’s bank account. The primary user sets a monthly spending cap up to ₹15,000, chooses how long this access will last (from 1 month up to 5 years), and can do this for up to five trusted people within a Circle.
Unlike earlier approval-style delegation where every payment needed a real-time “yes” from the account holder, Full Delegation lets the trusted person pay autonomously within the defined limits—no constant OTP forwarding, no phone calls. The secondary user does not even need a bank account of their own; they simply need to be on BHIM with a valid UPI ID, while all transactions still hit the primary user’s bank statement under the UPI Circle label for full traceability.
The hidden shift: from “account holder” to “financial guardian”
On the surface, this looks like a convenience feature for seniors and students—but its deeper impact is about who actually runs money in Indian households and micro-businesses. Until now, the person whose name was on the bank account was also forced to be the one doing every digital transaction, even if someone else handled most offline spending decisions.
BHIM’s delegation flips that: the account holder becomes more of a financial guardian, while everyday spending work can shift to the people who actually move around—elders, teenagers, domestic workers, delivery staff, field employees. This mirrors how Indian families already function offline, where one person “controls” money and others “use” it, but adds digital rails, logs, and limits instead of informal trust and cash.
Some of the most intriguing—and emotional—real-world scenarios include:
- Elderly parents in Tier‑2/3 cities
A son or daughter in another city can set up a Circle so parents pay for medicines, groceries, or auto rides without learning OTP flows or worrying about UPI fraud, within a tight monthly cap. - College students and young adults
Parents can give a realistic monthly expense limit, monitor it in real time, and dial it up or down without handing over a physical card or sharing ATM PINs. - Domestic staff and delivery helpers
Households can let staff pay for milk, gas, or quick store runs straight from the employer’s account, leaving a clean trail instead of handing out cash advances and worrying about reconciliation. - Kirana owners and small businesses
Shopkeepers can authorise trusted staff to pay suppliers, pay for logistics, or settle small dues, while keeping amounts small and everything tagged under UPI Circle in account statements.
The emotional hook here is relief and control together: people who fear digital payments get a safety net, and those who juggle everyone’s payments gain structure instead of chaos.
Safety, law, and what nobody is telling you
Behind the scenes, this feature arrives in the middle of a regulatory hardening of digital payments and data protection in India. The Reserve Bank of India’s 2025 directions on authentication mandate at least two‑factor authentication for almost all digital payments from April 2026, while also allowing more sophisticated, non‑OTP methods. Delegated payments through BHIM sit inside that framework, giving banks and NPCI room to design strong risk controls even when “spenders” and “account holders” are different people.
At the same time, the Digital Personal Data Protection Act, 2023, along with draft rules notified in 2025, gives users explicit rights to access their data, seek correction or erasure, and demand breach notifications from companies that handle their personal information. Payment providers and banks are treated as “data fiduciaries” with legal duties to secure data, minimise retention, and face penalties for violations—a crucial backdrop when one person’s account is being used by another through a digital interface.
Less discussed, but hugely important, are these hidden implications:
- Soft surveillance inside households and workplaces
Every rupee spent by a secondary user is visible to the primary user in their bank statement and BHIM history, turning informal cash-based spending into a fully logged trail. For some, this means protection and accountability; for others, it may feel like financial surveillance and control inside families or employment relationships. - Power dynamics for women and low‑income workers
Many women and domestic staff currently operate in mostly cash ecosystems with limited visibility into the “main” account. Delegation can either empower them—by giving independent spending rights within limits—or lock them deeper into controlled, monitored digital spending dictated by whoever owns the account. - Blurring lines between delegation and liability
Legally, the bank sees the primary user as responsible for transactions, even if a delegated user initiated them via BHIM, as long as the flows respected limits and authentication rules. That makes it crucial for account holders to treat delegation like giving someone a mini‑credit line—with all the trust, documentation, and clarity that normally involves.
There is also a subtle link to UPI‑based credit: RBI has allowed pre‑sanctioned credit lines to be used on UPI, and banks are slowly rolling out credit‑over‑UPI products for low‑ticket, short‑tenor borrowing, especially for “new‑to‑credit” customers. In the long run, data from delegated transactions—who spends, on what, how predictably—could become a powerful input for lenders assessing thin‑file users, raising big questions about consent and fairness that India’s data protection framework will have to keep up with.
How to use it smartly (and safely) in real life
Setting up UPI Circle Full Delegation inside BHIM is meant to be simple: the primary user opens the BHIM app, navigates to the UPI Circle section, chooses “Invite to Circle,” selects a contact or UPI ID, sets a monthly limit up to ₹15,000, picks a duration, and verifies the relationship and identity using supported documents like Aadhaar. The invited person accepts the request in their BHIM app, after which they can scan QR codes, pay merchants, or send UPI payments within that limit straight from the primary user’s account.
To turn this from a “cool feature” into a real advantage, it helps to treat it as a formal arrangement, not a casual favour. Some practical moves that can protect both sides:
- Write down the rules you agree on
Even within families, clearly note the monthly limit, what expenses are okay, and what’s off‑limits (e.g., no peer‑to‑peer transfers, only merchant payments). - Use different Circles for different roles
A parent may create one Circle for a college‑going child, another for an elderly parent, and a separate one for staff—each with different limits, durations, and accounts. - Align with RBI’s security expectations
Ensure that the phone numbers, BHIM installations, and SIMs used by both primary and secondary users are locked with biometrics and strong screen locks, in line with RBI’s push for tighter authentication and risk control. - Leverage DPDP rights when something feels off
If a user fears misuse of their data around delegated payments—say, excessive profiling or unwanted marketing—they can rely on DPDP rights to seek information, correction, or erasure from the relevant data fiduciaries. - Regularly review and revoke
Because BHIM lets you set an end date (up to five years), treat renewals like an annual financial check‑up: if trust or circumstances have changed, reduce the limit or shut the Circle for that person.
For Indians already juggling UPI123Pay for feature phones, credit lines via UPI, and digital wallets, this delegation feature can become the missing coordination layer that binds a family or business’s payment flows together—if configured thoughtfully.
Why this matters for India’s digital future
India’s payments story is now moving from “everyone should get online” to “everyone online should be organised, protected, and empowered”—and BHIM’s trusted‑person payments are a clear sign of that second phase. UPI123Pay brought feature‑phone users into UPI, credit‑over‑UPI aims to bring the credit‑invisible into formal borrowing, and now delegated payments try to bring the social reality of families and micro‑enterprises into app design.
In 2025–26, RBI’s new authentication rules, expanding UPI credit, and India’s data protection regime will all be maturing at the same time that tens of millions of Indians test out features like UPI Circle. The real question is no longer “Will India go cashless?” but “Who will control digital money flows—and on whose terms?”, as power quietly shifts from cardholders and account owners to a web of authorised spenders connected by apps like BHIM.
For now, the smart move is to experiment early but cautiously: start with low limits, one or two trusted people, clear agreements, and regular reviews of transactions and permissions. Because the next upgrade to BHIM—or the next RBI circular on UPI credit and authentication—may turn today’s “small delegation” into a central pillar of how your family, your staff, or even your neighbourhood shop runs its money tomorrow.
Disclaimer: The use of any third-party business logos in this content is for informational purposes only and does not imply endorsement or affiliation. All logos are the property of their respective owners, and their use complies with fair use guidelines. For official information, refer to the respective company’s website.
