/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow Us/dq/media/media_files/aLUenz3dxsrgINrNM3OB.png)
If you travel to every corner of India's vast geography, you might not always find an ATM to withdraw cash, but you will certainly find QR codes to scan and pay the money. These codes connect millions of Indians in a payment ecosystem that has significantly transformed financial transactions.
Backed by the Unified Payments Interface (UPI), the 'scan and pay' system has taken the nation by storm due to its convenience in transactions. The integration of digital wallets with the UPI has democratised the digital payment landscape by making them accessible to a larger population, thus contributing to financial inclusion.
While UPI transactions hit a new record of a whopping 16.58 billion in October 2024, amounting to INR 23.50 lakh crore, this surge in digital payments is unfortunately accompanied by a concerning rise in fraudulent activities. According to Reserve Bank of India data, digital payment frauds witnessed a more than five-fold increase to INR 14.57 billion in the fiscal year ending March 2024.
Emerging fraud trends
Development of technology has led to several sophisticated fraud mechanisms with the increased adoption of UPI. Let’s discuss some of the emerging trends.
Vishing and impersonation: Fraudsters pose as bank representatives, conducting elaborate phone schemes to extract sensitive information like PINs and passwords. These scammers often use social engineering techniques to gain trust before requesting personal details. They usually begin with innocent verification questions before gradually manipulating victims into revealing crucial security information.
QR code and payment manipulation: Criminal elements have devised sophisticated methods of payment deception through fake UPI QR codes that redirect users to phishing websites or malicious applications. In addition to QR code manipulation, these fraudsters are perfect at creating convincing but fraudulent payment screenshots. These fake confirmation messages and screenshots are designed to deceive merchants and users into believing transactions have been completed successfully, often leading to significant financial losses.
Technical exploitation: The technical landscape of UPI fraud is extremely sophisticated. Fraudsters now employ SIM cloning techniques to intercept one-time passwords, effectively bypassing this critical security measure. They distribute malware through deceptively legitimate-looking applications that can compromise entire devices. Screen monitoring applications are deployed to capture sensitive information, including PINs and passwords.
Deceptive collection requests: The UPI collect request feature, while designed for convenience, has become a tool for sophisticated fraud. Scammers have developed complex scenarios where they pose as legitimate entities, often creating a false sense of urgency that pressures users into authorising fraudulent transactions. They might impersonate utility companies, delivery services, or even government agencies to lend credibility to their requests.
Strategies to deal with fraud
To combat these emerging threats, users must implement a comprehensive security approach encompassing multiple protective layers. Here are some strategies:
Immediate security measures: Security in the UPI ecosystem begins with personal vigilance. Users must maintain strict confidentiality of their UPI PINs, passwords, and OTPs, understanding that these credentials should never be shared under any circumstances.
Transaction requests should be scrutinised carefully before authorisation, with particular attention paid to the sender's details and the transaction's purpose. It's crucial to use only official UPI apps downloaded from trusted sources and, whenever possible, enable biometric authentication for additional security.
Digital hygiene practices: Maintaining good digital hygiene is essential for long-term security. This involves regular monitoring of account activities to quickly identify any unauthorised transactions. Users should avoid conducting financial transactions on public Wi-Fi networks, which can be easily compromised. Regular updates of UPI apps ensure access to the latest security patches and features.
Transaction safety: Safe transaction practices form the cornerstone of UPI security. These practices involve carefully verifying UPI IDs before initiating payments, maintaining a healthy skepticism toward unexpected collection requests, and taking the time to verify merchant legitimacy through official channels.
Way forward
As UPI continues to drive India's digital payment ecosystem, user vigilance remains crucial. While the technology offers unprecedented convenience, understanding and implementing security measures is essential.
Financial institutions and regulatory bodies are continuously enhancing security frameworks, but user awareness and proactive prevention still remain the first line of defence against UPI fraud. Regular monitoring, cautious engagement with unknown parties, and strict adherence to security protocols can significantly reduce the risk of being a victim of UPI fraud.
-- Sandeep Sethi, VP of Sales- India & South Asia, Wibmo, a PayU company.