Unified Payments Interface (UPI) is a digital payment infrastructure that allows for quick interbank transfers. UPI has reached several milestones since its inception in 2016 in India. In October 2020, it reached a milestone of one billion transactions in a single month. It can now confidently be asserted that digital payment portals have established themselves as a dominant method of payment in the Indian economy.
The fast deployment of the Unified Payment Interface was witnessed in the months of 2020 as a result of the Coronavirus, as everything was transferred from physical platforms to digital platforms due to lockdowns, and as a result, people’s mindsets altered, leading to the acceptance of advanced payment methods. There are now 202 Unified Payment Interface Applications working with 216 banks that allow transactions to be made via them. However, the challenge with such market digitization is UPI frauds like hacking and cybercrimes like thefts.
According to yearly data published by the Reserve Bank of India, financial frauds totalled Rs. 1.85 trillion in the financial year 2020, about double the frauds reported in the previous year. As a result of the increased use of web-based financial transactions in India, the number of internet banking scams in India has increased significantly. As a result, the focus of this study is on the scams perpetrated using digital payment systems, as well as what is lacking that is causing such an increase in banking frauds.
VARIOUS UPI FRAUDS AND HOW YOU CAN BE TRAPPED
As the number of UPI transactions has increased, so have the number of online financial attacks, UPI fraud complaints, hacking, cyber-frauds, and other dangers. The following are some of the most prevalent UPI scams:
1. Scams including phishing or unauthorized payment links might be sent to you through SMS by fraudsters.
Phishing is a form of fraud where the hacker delivers the customer emails or text messages that, if the user opens and inputs personal information like bank account numbers or PINs. Once you provide permission, the information is immediately sent to the hacker and the money is deducted from your UPI account immediately.
“Do not open on links in any SMS, especially those from unfamiliar organisations,” warned Rajesh Mirjankar, MD and CEO of Infrasoft Technologies, a Mumbai-based fintech business. It might be a ruse to steal money from your bank account via the UPI app. Also, keep in mind that on the Internet, a name isn’t everything. www.your.bank.com, for example, is not the same as www.yourbanker.com. Takedown the official online portal and email address of the banker, stockbroker, or other financial institution from their reps or official webpage.
Additionally, by visiting the bogus URL, there is a risk of infecting one’s device with malware. Malware is one of the most prevalent frauds where the hacker sends a false email or website link, and when you click such bogus portals, the malware is immediately downloaded into the user’s devices. The virus extracts the person’s personal information, which the hackers may then readily access.
Furthermore, Pranjal Kamra, CEO of Raipur-based Fintech startup Finology, stated, “You should never use Google to look for a customer service number. If you have a problem with your transaction, you may file a complaint using the platform or acquire the phone number from the official website.
You could wind yourself phoning a phoney call centre as a result of a random Google search ” he stated. Such a situation also leads to vishing where a person assumes the identity of a bank official or a lottery site. The individual speaks to you as if he or she is a government official who has called to get some vital information. If the user falls into their trap, they lose all of the money.
Sometimes the hacker also uses SIM Clones in which he creates a clone of any cellphone number, and because it is a clone number, they obtain all information and One-Time Passwords (OTP) immediately. They may even alter the user’s Unified Payment Interface PIN, which will be used for all transactions, using this unlawful approach.
2. Screen mirroring software that can be used remotely
With working from home becoming virtually mandatory, many individuals are installing remote screen mirroring apps that allow them to link their phones or laptops to bigger screens, such as smart TVs, through WIFI.
However, not all digital payment apps available on Google Play or the Apple App Store are genuine, especially those that have not been vetted. When people install an untrusted app, it will access the phone’s data and have complete control over it.
Scammers may also masquerade as bank employees and encourage customers to install a 3rd party app for “authentication purposes.” These applications will allow them remote access to your phone after they are downloaded.
3. By using UPI handles that are deceptive
It is not enough that a UPI social media profile (Twitter, Facebook, etc.) include the words NPCI, BHIM, or names that are similar to any bank or government organisation. Many con artists establish similar handles to mislead you into divulging your account information using a phoney UPI app.
According to Kamra, while attempting to connect with a UPI business, one should not disclose their contact information on social media. Typically, users post screenshots of received messages to their UPl account.
4. By use of OTP or UPI PIN.
MoneyTap, a Bengaluru-based fintech business, co-founder and CEO Bala Parthasarathy claimed, “Hackers sent “request money” links to customers in a recent UPI scam. The sum is taken from the customer’s account when they click the link and authorise the transaction under the impression that they would receive money.”
Another factor to consider is the OTP. When you use your UPI app to conduct a transaction, you must either enter the one-time password (OTP) or the UPI PIN. Your bank gives you an OTP via SMS to your bank-registered mobile phone for OTP authentication. Your transaction will be completed after the OTP has been confirmed.
According to Parthasarathy, “One of the most common techniques for scammers to defraud individuals is to persuade them to give over their UPI PIN and/or OTP over the phone. They may validate UPI transactions and take money from the customer’s account once they have the information.” Never give out personal information over the phone, such as your UPI PIN or OTP. Furthermore, banks will never call you to inquire about these data.
What should you do in the case of digital fraud?
Sujay Vasudevan, Vice President, Cyber & Intelligence Solutions (C&I), Mastercard, stated that while best-in-class technology is used to prevent fraudulent transactions, the onus of keeping one’s money secure falls on both banking and payment organisations as well as people.
“As a result, you must be alert and vigilant against scammers, and avoid disclosing personal data such as PIN, OTP, and so on to keep your money safe,” Vasudevan added. Here are some steps you may do to protect your money against scammers.
- Financial information is never requested through SMS by government authorities, banks, or other financial institutions.
- Report a UPI fraud to your bank or e-wallet provider, and have the wallet banned to prevent additional losses.
- You can also contact the police or a cyber-crime unit to report the occurrence.
- You should only download programmes that have been validated and authenticated by Google Play Store or Apple Store.
Never dismiss the spam alert that appears on your phone when you use a digital payment app. A warning will appear if a user has been reported previously when you are dealing with them. If a user receives a request from an unfamiliar account, UPI applications such as Google Pay, PhonePe, and others provide a warning.
While governments, regulators, and specialist groups collaborate to improve electronic payments systems and accompanying infrastructure, it’s important to consider how end-users perceive these options.
To increase the frequency of sophisticated exchanges, the issue of a lack of training and computerised competency should be addressed first. Furthermore, while cashback offers are currently working well, a submitted, secure, and extremely dependable instalments organisation will be required to support advanced exchanges in India to have transparency in the exchanges, the destruction of dark cash, and a long time ago show monetary advancement to a credit-only economy.
The largest challenge facing the government is a lack of awareness and knowledge among the general public, as well as the fear of cash shortages caused by the use of advanced payment techniques, which pose a risk of hacking. The government must address these issues to have a credit-only economy and to provide a boost to advanced instalments to provide long-term monetary development to the country.
To address this issue, the government should concentrate on enacting more explicit Unified Payment Interface legislation. The government is attempting to establish a stronger framework for a digital economy, but it has to strengthen its lawmaking in this area.
Experts feel it is critical to inform others if you have been caught in a fraudulent activity so that they can avoid having similar experiences. You should also be aware of other people’s mishaps so that you can be cautious on your own.
Despite Apple and Google’s best efforts to eliminate duplicate and fake applications from their app stores, you may encounter counterfeit UPI apps while installing other apps. You mustn’t install any of these on your phone. Before installing an app on their phone, users should double-check its identity, creator, registered website, and email address, according to ACI Worldwide’s Madden.
Along with counterfeit UPI applications, several apps look to be affiliated with your bank but aren’t. As a result, you must ensure that only authorised and legitimate banking apps are installed on your devices.
Nowadays, con artists try to interact with people through phoney hotline profiles on social media. Fraudulent phone numbers can also be found on search engines in rare circumstances. Platforms such as Google Pay and PhonePe, on the other hand, advise customers to contact their support team directly. You may contact Google Pay by calling the toll-free number 18004190157 or using the app’s Contact Us feature.
On its website, PhonePe also offers specialised customer service. In the same way, most commercial banks offer official helpline lines and social media profiles that you may contact if you have a question or want to report a scam.
Avoiding interacting with strangers through any medium is one of the first actions you can take to protect yourself against online fraud. It’s critical not to communicate with strangers over the phone or text messages unless the situation is urgent and unavoidable.
As hackers continue to develop new ways and processes to target innocent individuals, businesses are finding it increasingly difficult to safeguard their consumers. Thus, people using such digital payment methods should be well aware of the dangers and frauds as well as take timely action in case they become a victim of one.