Hyderabad Police reported a surge in "cyber fraud" complaints that were actually children making unauthorised in-game payments. The issue is kids using saved UPI details from family phones for loot boxes in games like Free Fire MAX. This exposes a major regulatory grey area for in-app purchases and microtransactions in India's 2025 online gaming law.
How We Got Here
The Hyderabad Cybercrime Cell has seen increased complaints since early 2026, initially miscategorised as online fraud. This follows the Promotion and Regulation of Online Gaming Act, 2025, which banned real money games but left loot box mechanics unregulated.
The Numbers
- Hyderabad Police Commissioner VC Sajjanar issued the advisory on June 24, 2026.
- Most complaints involve children aged 10-17 years, predominantly boys, buying virtual skins and Elite Pass tiers.
- A significant share of cases trace back to grandparents' phones, which are less monitored and often have saved payment credentials.
- RBI considered extra checks in April 2026, proposing "trusted person" approval for transactions over Rs 50,000 made by those 70+ or with disabilities.
- The 2025 Online Gaming Act's broad definition of "other stakes" creates legal uncertainty for in-app purchases and loot boxes.
What Happens Next
🇮🇳 Why This Matters for India
For game developers in Bangalore and Pune relying on in-app purchases, this highlights a major regulatory risk to their primary monetisation models, beyond just parental control concerns.
The Take
India's 2025 gaming law has a fundamental loophole: it fails to clearly define or regulate loot boxes and in-app purchases. This regulatory void stunts legitimate social gaming startups, forcing platforms like Free Fire MAX into a self-regulation dilemma or risking ad-hoc restrictions.
Source:
MediaNama ↗