What PhonePe, Google Pay, and Paytm Didn’t Tell You About UPI Changes in October 2025
NPCI has disabled UPI collect requests from October 2025, a game-changing move to protect your money from rising digital fraud. This new rule forces all payments to be push transactions, dramatically reducing scams but changing how millions pay every day. Are you ready for what this means for your UPI app and wallet security? Uncover expert insights, hidden risks, and must-know tips to stay safe in India’s evolving digital payments landscape this year. Don’t miss this crucial update!
The National Payments Corporation of India (NPCI) has officially discontinued the “pull transaction” feature — also known as the “collect request” in UPI person-to-person (P2P) payments — effective from October 1, 2025. This security update mandates that only push transactions, where the payer initiates the payment, are permitted in order to reduce fraud risks. The move comes as part of a broader digital payment security overhaul responding to increasing scams involving pull transactions, where fraudsters misuse the collect request feature to deceive users into authorizing payments. Other measures by NPCI and the Reserve Bank of India (RBI) in 2025 focus on additional fraud mitigation such as stricter name verification, AI-driven fraud monitoring, and limits on inactive UPI IDs. This blog post will offer a comprehensive, step-by-step guide to understanding this UPI security update, expert insights into its impact on Indian digital financial transactions, and practical tips for consumers and merchants to stay secure.
UPI Security Update: Pull Requests Disabled for Safer Transactions in 2025
India’s Unified Payments Interface (UPI) has revolutionized digital payments with remarkable adoption, boasting over 452 million active users and millions of daily transactions in 2025. The “pull transaction” or “collect request” feature allowed payees to initiate a request for money, which the payer had to approve. Although convenient for splitting bills and requesting payments, this feature increasingly became a weapon for online fraud.
What Exactly Is the Pull Transaction (Collect Request) in UPI?
- The pull transaction allows the recipient to send a payment request (collect request) to the payer.
- The payer authorizes the payment by entering their PIN, completing the transaction.
- Useful in social scenarios like bill splitting but vulnerable when fraudsters pose as legitimate payees.
Why Is NPCI Discontinuing Pull Transactions?
- Growing scams where fraudsters send fake collect requests, tricking users into authorizing payments unknowingly.
- Although pull transactions are a small fraction of total UPI transactions, their misuse poses significant risks.
- NPCI capped pull transactions to ₹2,000 in 2019 but fraud incidents continued.
- Discontinuation mitigates these threats, making push transactions the only valid method, where users initiate payments actively.
What Are Push Transactions?
- Transactions initiated by the payer.
- Payer scans a QR code or enters the payee UPI ID to send money.
- More secure since the payer controls the payment initiation.
Which UPI Apps Changed Features after October 1, 2025
After October 1, 2025, major UPI apps including Google Pay, PhonePe, and Paytm implemented the discontinuation of the peer-to-peer (P2P) “collect request” or pull transaction feature as mandated by NPCI. These apps no longer allow users to send or receive money requests from other individuals via UPI. All person-to-person payments must now be initiated exclusively by the payer through push transactions such as scanning QR codes, entering UPI IDs, or selecting contacts and entering the amount.
Key points about these changes in UPI apps:
- Google Pay, PhonePe, and Paytm removed the “collect request” functionality enabling users to request money from friends or family.
- Merchant collect requests remain unaffected and continue to operate on platforms like Amazon, Flipkart, Swiggy, IRCTC, where payment requests for purchases still exist but require explicit user approval and UPI PIN entry.
- Users must update their apps to the latest versions to ensure compliance and continued smooth transactions.
- The move is aimed at reducing fraud where scammers exploited collect request to trick users into authorizing payments unwittingly.
- Users are encouraged to initiate payments themselves (push transactions), improving security and control over transactions.
This change aligns with NPCI’s wider security overhaul to curb digital payment fraud and make UPI transactions safer for millions of users across India
Recent Context and Events Triggering the Change
The NPCI notified all banks, fintech firms, and UPI-enabled apps about the discontinuation by October 1, 2025. This came amidst rising digital payment frauds reported by banks and RBI. Data indicates:
- In FY25, card and internet frauds amounted to ₹520 crore with many cases involving digital payments.
- RBI is also developing an AI-driven Digital Payments Intelligence Platform (DPIP) to flag risky transactions in real-time.
- Several additional 2025 UPI rules were introduced such as:
- Dormant UPI IDs deactivation
- Enhanced beneficiary name verification during transactions
- Caps on balance enquiries and auto-debit mandates for improved network efficiency
Step-by-Step Guide for Users: Navigating UPI Without Pull Transactions
Step 1: Understanding the New Workflow
- No more receiving collect requests or payment requests for sending money.
- Always initiate payments yourself by scanning QR codes or entering payee details.
Step 2: Updating Your UPI Application
- Ensure your UPI app like Google Pay, PhonePe, Paytm, or bank app is updated to the latest version.
- Old versions may not support the new protocol and may restrict functionality.
Step 3: Adjusting Your Payment Habits
- Avoid authorizing or responding to payment requests outside your initiated transactions.
- Verify the identity of merchants or individuals before sending money.
Step 4: Use Push Transactions for Security
- Prefer scanning merchant QR codes or entering VPA (Virtual Payment Address) manually.
- This reduces the risk of fraudulent collect requests.
Step 5: Report Suspicious Activities Immediately
- Use the National Cybercrime Reporting Portal (www.cybercrime.gov.in) or call the National Cybercrime Helpline (1930) to report fraud.
- Stay alert for any suspicious payment requests or calls.
Pro Tips for Enhanced Digital Payment Security
- Enable UPI app notifications for every transaction.
- Use device binding where your mobile number and device are linked for transactions.
- Never share your UPI PIN or OTP with anyone.
- Utilize biometric authentication if your device and app support it.
- Routinely review your transaction history to spot unauthorized payments.
- Use banks or UPI apps that offer AI-powered fraud detection alerts.
Mistakes to Avoid with New UPI Changes
- Don’t assume all payment requests are safe; now pull requests are disallowed, any such attempt is likely fraudulent.
- Avoid using older versions of payment apps.
- Do not authorize payments through random links or messages disguised as collect requests.
- Never reveal your PIN or personal data in response to any unsolicited request.
Expert Insights: What Industry Leaders Say
Rohit Mahajan, Founder of Plutos ONE, explains that this move protects users by shifting responsibility and control fully to the payer, streamlining security and reducing fraud vectors. Industry bankers and fintech experts agree this change, paired with advanced AI fraud monitoring and stricter transaction validation, will significantly improve trust in digital payments.
How Will This Affect Businesses and Merchants?
- Merchants will no longer receive payment requests from customers.
- Businesses should update Point of Sale (POS) systems to rely exclusively on push payments.
- Consumer education campaigns will be vital to ensure seamless transition.
- Payment aggregators and fintechs must comply fully or face penalties from NPCI.
Benefits of Disabling UPI Pull Transactions
- Substantially reduces scams exploiting payment requests.
- Enhances overall security of the UPI ecosystem.
- Simplifies compliance with new RBI and data protection regulations.
- Promotes safer, more transparent money transfers for all users.
Summary
UPI's “pull transaction” (collect request) feature was discontinued on October 1, 2025, to combat rising fraud. Users must now initiate all payments (push transactions) for safer digital payments. This update by NPCI reduces scam risks by eliminating recipient-initiated payment requests, supported by broader RBI-led fraud mitigation efforts in India's payment ecosystem.
Final Thoughts and Next Steps
India's UPI platform evolves constantly to protect its massive user base amid growing fraud. Users should embrace push transactions and adopt strict security habits. Payment apps and merchants will need to adjust their processes swiftly. Staying informed, vigilant, and using updated apps ensures safe, smooth, and fraud-free digital payments in India.
Start today by updating your UPI app, rejecting any collect requests, and confirming all payments personally. Digital payments in India are safer and more secure with these changes driving stronger consumer protection for 2025 and beyond.
Disclaimer: The use of any third-party business logos in this content is for informational purposes only and does not imply endorsement or affiliation. All logos are the property of their respective owners, and their use complies with fair use guidelines. For official information, refer to the respective company’s website.
