How To Prevent Digital Payment Frauds on UPI
The proliferation of digital payment modes has made life really easy. The ability to use payment apps to send money, pay all your bills, recharge, shop online and also make instant payments at your local kirana store has alost done away with dependence on cash.
While digital payment modes have been a big boon, fraudsters are constantly looking at new ways to cheat or defraud you with spurious transactions.
The Internet has made fraud attempts more scalable. These frauds currently cost the global economy $5 trillion every year. According to OnFido (a software company that helps businesses verify people's identities using a photo-based identity document), the industry average of fraudulent applicants is 1.5%; so, for every 10,000 applicants, 150 will be fraudulent.
In India, with the government support, unified payments interface (UPI), created by National Payments Corporation of India (NPCI), is being used by several mobile and e-wallet service- providers. 
More and more people from India are opting to use UPI-based payment apps like Paytm, Google Pay, Bharat Interface for Money application (BHIM), Amazon Pay and PhonePe. Using a virtual ID or payment address and password, any user can transfer (push) or request (pull) money through the UPI app.
Here Are Some Common Types of Frauds
Request Money Fraud: ‘Request’ (pull) feature in the UPI allows people to send you a payment request. You can send money to another user by just clicking on the ‘pay’ button and entering your personal identification number (PIN) for the UPI app. The problem is that fraudsters misuse this feature by sending fake payment requests with messages like ‘Enter your UPI PIN to receive money, “Payment successful receive Rsxxx” and so on. Many people fall for such fraud and respond to these messages by entering their PIN, thus, losing money from their UPI account. 
Scan QR Code for Receiving Money: Fraudsters share a QR code over multimedia apps, like WhatsApp, asking you to scan this code to receive money. However, creating and sending QR code for sending money is not allowed by UPI. You can scan QR code only to make a payment. So never scan any QR code that says you would receive money or payment from the sender for anything. 
Frauds via Social Media: Fraudsters call users or approach them through social media pretending to be authentic representatives. They ask users to download screen-sharing apps, such as Screenshare, Anydesk or Teamviewer, and hold their debit/credit card in front of the phone camera so that their ‘verification system’ can scan the details. Once they get the card details, they ask user to share one-time passcode (OTP) SMS from the phone and transfer funds to their own account.
Another method used by fraudsters is to keep track of what users are posting on the original customer care handle of pages of the app, including issues related with availing cash-back, money transfers and refunds, if any. The fraudsters immediately respond on such messages by sharing their phone number as customer-care or helpline number. Customers then end up calling the unauthorised helpline number and sharing sensitive information, such as card and OTP details. 
Debit/Credit Card or Top-up Fraud: For this, fraudsters call you claiming to be representatives of your bank, the Reserve Bank of India (RBI), an e-commerce site, or even a lottery scheme or online game site. They may ask you to share your 16-digit card number and CVV (card verification value) for verification so that they can ‘transfer’ the booty in your account. Next, they ask to share the OTP SMS for verification of your card details. However, the moment you share the OTP, money from your account will vanish.
Social Engineering Fraud: Social engineering is when fraudsters use your personal details, like date of birth and location (obtained from social media sites), to trick you into trusting them. They claim to be customer-support representatives from your bank and ask you to share sensitive bank account/ card information under the pretext of keeping your account active or your card valid. They then ask you to provide the OTP, to complete the transaction and top-up own wallet, using your banking details.
SIM Swap Fraud: This is a very serious type of fraud. In this, the fraudsters will obtain a new SIM by submitting your documents to a mobile operator. The fraudster can call you pretending to be a representative from your mobile operator and ask you to forward an SMS to upgrade your network. This SMS contains a 20-digit number from the back of a new SIM. This SMS deactivates your current SIM and activates a duplicate SIM. While you will blame the mobile company for no network signal on your mobile phone, the fraudsters will use the new SIM to receive SMS OTPs from your bank. 
Do’s & Don’ts to Prevent Fraud
  • Do not share confidential details, like card number, expiry date, PIN, OTP, etc, with anyone. If you are asked to give such details by anyone posing as an official representative from your bank or the mobile app, ask them to send you an email without sharing your email ID (as the bank or app would already have your email ID with them). Also respond only to emails from the official domain of your bank or the app.
  • Always remember you do not have to ‘Pay’ or enter your UPI pin to receive money on your UPI app.
  • Do not download and install third-party apps, such as Screenshare, Anydesk, Teamviewer.
  • Do not search for your app’s customer support numbers on Google, or any social media. Visit the official website of your app or bank and, from there, find out the customer-care number. 
  • Never call/ respond to unverified mobile numbers claiming to be from your bank or UPI app.
  • Always use mobile app downloaded from the official Google play store (for Android) or App Store (for iPhones). This applies for bank apps as well. 
  • Also, since most banks offer in-built UPI in their mobile banking apps, there is no need for you to download or use any third-party apps for banking or UPI. 
What Should You Do When Contacted by a Fraudster?
  • Immediately report the incident to your nearest cybercrime centre and lodge an FIR (first information report) providing relevant details like your mobile number (from where the transaction took place), transaction details, card number and bank account) to police.
  • Login to your UPI app and go to ‘Help’. Many apps allow you to report fraudulent incidents.
4 years ago
Yogeshji, a helpful article on fraud methods. May be you can do a Talk with live demos and create ML video, with Hindi sub titles. Aam Adami would benefit a great deal.
4 years ago
4 years ago
Nakul Kumar Reddy
4 years ago
Very useful information.
Vinay kalgutkar
4 years ago
Best option is
1. Reduce transaction limit, in banking app.
2 reduce per day limit from bank app.
3 switch off Upi from bank app
4 Switch off international usage of card.
5 open a new account for all ecom, pos, online trn, bill payment. Preferably, standalone account.
Keep away, your main high value saving account, from exposing to online.
6. Report fraud, immediately.
7 File online cyber police complaint, and online bank complaint, along with receipt of cyber fir receipt.
Jatin Patel
Replied to Vinay kalgutkar comment 4 years ago
Perfect strategy vinayji
Vinay kalgutkar
Replied to Vinay kalgutkar comment 4 years ago
Fraudsters are working in organised way, and mainly concEntrating in Jamtara, Jharkhand, West Bengal area, having Naxal belt proximity.

They transfer funds collected, immediately to various wallets, bank accounts, to confuse payment trail of money.

Wallets companies, both Paytm Bank, Airtel payment bank, and third party wallets like google pay, ola money Amazon etc generally do not respond, without police Fir copy.
Alternatively ,victim has to file online.complaint with NPCI, from NPCI website, alonwith cyber FIR copy

Banks, wallets companies, police , NPci, takes long respond and reply, where as fraudster is very quickly withdraws money.

Recommended action by NPCI,

A. Block devise peanently, where fraud lent transaction initiateD.
B. Block KYc id proof, permanently to use with other bank, wallets.
C Maintain database of frauds, and circulate with all players.
D. Wallets, accounts with weak KYC, should not be used to collect
More than Rs 5000, per.month,
And amount should be credited after 24 hours, shadow credit to account, be given.
D. Most importantly, nodal officer for digital transaction frauds, immediate blocking accounts, wallets, to be insisted, for online.response, within 5 to 10 minutes, to have control over frauds
Kaushik Joshi
4 years ago
how to prevent sim fraud the most serious type...
Free Helpline
Legal Credit