How to Avoid Online Payment Fraud While Using UPI Apps, E-Wallets

How to Avoid Online Payment Fraud While Using UPI Apps, E-Wallets

Avoiding on-line fee fraud whereas utilizing UPI apps or e-wallets is turning into more and more troublesome with the rising quantity of on-line transaction in India. Total variety of transactions made by means of the Unified Payments Interface (UPI) in February 2021 was 2.29 billion, in accordance to knowledge offered by the National Payments Corporation of India (NPCI). And as extra folks make funds utilizing UPI apps and e-wallets within the nation, the incidences of on-line fraud develop. Scammers proceed to discover new methods to steal the hard-earned cash of people. Many such victims have posted about their ordeals on social media.

The record of victims of on-line fee fraud not solely consists of the individuals who reside in rural areas and are new to the world of digital funds, but in addition many individuals residing in city areas and utilizing UPI apps and e-wallets ceaselessly. In a latest case, Delhi Chief Minister Arvind Kejriwal’s daughter Harshita Kejriwal was additionally allegedly duped of Rs. 34,000 whereas making an attempt to promote a settee on-line. A person posing as a purchaser contacted Kejriwal and advised her that he would ship a small quantity to verify her checking account. He initially despatched her Rs. 2 and requested her for affirmation, in accordance to media studies. But after that, he reportedly despatched her a QR code that enabled him to withdraw funds from her financial institution.

This is a standard method of fraudsters trick people by sending them a fee request on their UPI app. That request permits them to simply switch the cash. But together with sending fee requests, criminals use social engineering to dupe folks.

“Social engineering can be found in various forms, and we use various names to it such as phishing and smishing,” Vikram Jeet Singh, Director, Risk Consulting – IT Advisory, KPMG, advised Gadgets 360 in an earlier interview.

Once the fee request is accepted, the UPI app asks for the PIN, which is the final step to full the transaction. This signifies that you may lose the cash the second you enter your UPI PIN, which you should not.

“When it comes to a consumer, it boils down to common sense,” stated Ram Movva, President and Co-Founder of Tamil Nadu-based cybersecurity companies agency Cyber Security Works.

Most of the main industrial banks run numerous on-line and offline campaigns to inform their prospects about frauds happening by means of UPI apps and e-wallets. The NPCI additionally educates people by means of its social media channels. However, some consultants imagine that frauds could possibly be minimised by bringing stringent insurance policies and guidelines.


“With no data standards… defined by the government — and neither by the Reserve Bank of India nor by CERT-In — people have been left aside from the security point,” stated Sateesh Kumar Peddoju, Associate Professor, Indian Institute of Technology – Roorkee.

The progress in on-line fee frauds have made it fairly troublesome for companies to shield prospects as cybercriminals proceed to construct new methods and mechanisms to goal harmless folks.

“More and extra of us have grow to be accustomed to doing an increasing number of transactions on-line, particularly for the reason that COVID-19 pandemic hit final 12 months, and it’s simple to overlook that there are folks on the market who will do something to receive cash or private info by deception,” knowledge safety agency Sophos stated in an announcement.

Having stated that, you possibly can take sure steps to keep secure from on-line frauds whereas making funds by means of a UPI app or e-wallet.

Avoid participating with strangers

One of the primary steps that may assist you keep protected towards on-line frauds is to keep away from participating with strangers by means of any medium. It is necessary that you’re not speaking with unknown folks over a telephone name or message — except it is one thing very pressing and unavoidable. Banks additionally inform their prospects to not disclose private or transactional particulars resembling UPI PIN or OTP even to folks claiming to be banking officers contacting them by way of electronic mail or telephone.

“There are tens of millions of faux emails which might be being despatched on a regular basis by hackers,” stated Karmesh Gupta, CEO of community safety agency WiJungle. “They often pose that they belong to an genuine organisation or platform to trick and ask you for the specified info. Before performing upon any electronic mail, just be sure you totally verify and confirm the e-mail tackle.”

By not speaking with fraudsters, you possibly can keep away from getting caught in social engineering tips that fraudsters typically use to steal cash from people.

In case you want to interact with somebody you do not know, possibly for promoting a family merchandise (like in Harshita Kejriwal’s case), you have to be very cautious of the communication you make and must not ever share your financial institution particulars. You should additionally not share OTP or every other transactional info you get in your telephone whereas speaking to somebody you do not know personally.

“Fraudsters track social media accounts and can approach the user under the guise of providing assistance,” stated Damon Madden, Principal Fraud Consultant— Fraud & Risk Management, ACI Worldwide.

PhonePe had additionally noted in a weblog submit that fraudsters typically construct on their credentials by telling those that they work for the armed forces, police, or the federal government. But you have to be conscious and never belief any particular person simply because they seem to signify a reputed organisation.

Gupta identified that in some instances, unhealthy actors strive to join with people by pretending to supply them heavy reductions, gives, and offers from on-line procuring platforms. “This is likely one of the mostly used and trending methods of looting folks by means of on-line channels,” he stated.

You ought to, due to this fact, be utmost cautious whereas taking any actions on emails or messages claiming to offer you low cost gives and offers.

Do not share OTP with anybody

One-time password (OTP) is what banks and monetary establishments ship to validate transactions in India. But sadly, OTPs have additionally grow to be the entry-point for many frauds these days.

“Banks usually don’t ask for personal information on SMS, so if you receive a text asking about your financial information, it is generally a red flag,” stated Madden of ACI Worldwide.

Gupta of WiJungle stated that OTP frauds had been probably the most frequent due to which lots of people misplaced entry to their necessary info and even lakhs of rupees. “It is often the lack of information that individuals share their OTP (one-time-password) contemplating that it has come from the financial institution or any official authority. Thus, it will be important to take care earlier than sharing the OTP to any unknown,” he stated.

You ought to by no means share the OTP you may get in your telephone with anybody over a name or message. It can also be necessary to be aware that you should not be coming into your banking particulars or login credentials to your checking account on a pc or gadget that’s a part of a shared community, as it might let somebody know your info from the backend.

Fraudsters typically ship doctored hyperlinks to receive cash out of your account. UPI apps resembling BHIM and Google Pay have additionally made it simpler for scammers to make fraudulent transactions by sending fee requests. However, Movva of Cyber Security Works stated that irrespective of it’s best to by no means click on on a hyperlink you obtain or proceed with a transaction request except you initiated it your self by way of a UPI app or your financial institution’s web site.

Google Pay shows a blocker warning display screen for prime worth QR/ fee hyperlink transactions to warn customers about fraudulent funds and guarantee they approve transactions after due deliberation. But a number of folks nonetheless grow to be victims, particularly when a fraudster tries to participate funds from their account as an alternative of getting all the cash out in a single transaction.

Similar to Google Pay, PhonePe additionally asks customers to not reply to any random fee requests. “Always remember you do not have to ‘Pay’ or enter your UPI PIN to receive money on PhonePe,” the corporate wrote in one other weblog submit that particulars the kind of on-line frauds that occur whereas utilizing UPI apps.

“Receiving money requires no PIN,” Citibank additionally wrote in a detailed support page round UPI frauds.

Stay away from counterfeit apps

Although Apple and Google strive onerous to take away duplicate and false apps from their app shops, you should still come throughout counterfeit UPI apps whereas downloading different apps. It is, due to this fact, necessary that you should not set up these in your telephone.

“Users should verify the name, developer, registered website and email address of an app before installing it on their mobile phone,” stated ACI Worldwide’s Madden.

Alongside counterfeit UPI apps, you may discover a number of apps that seem to be related together with your financial institution after they really aren’t. It is, due to this fact, your accountability to set up solely authenticated and official banking apps in your gadgets.

Fraudsters lately strive to join with people by means of pretend helpline accounts on social media. In some instances, fraudulent telephone numbers additionally seem on search engines like google and yahoo. Platforms like Google Pay and PhonePe, nonetheless, suggest customers to join with their help group straight. You can attain out to Google Pay by way of its toll-free quantity 18004190157 or by going by means of the Contact Us part within the app. PhonePe additionally has devoted buyer help on its web site. Similarly, most industrial banks have their official helpline numbers and social media accounts that it’s best to attain in case of a question or for reporting a fraud.


Experts imagine that it will be important to let others know for those who’ve caught in a fraudulent exercise to assist them beware of comparable experiences. You must also hear in regards to the incidents occurred with others to watch out at your finish.

“Report scams for those who can. It may not really feel as if you might be doing a lot to assist, but when many individuals present some proof, there’s a least an opportunity of doing one thing about it. On the opposite hand, if nobody says something, then nothing will or may be carried out,” Sophos stated.

Does WhatsApp’s new privateness coverage spell the top on your privateness? We mentioned this on Orbital, our weekly know-how podcast, which you’ll subscribe to by way of Apple Podcasts, Google Podcasts, or RSS, download the episode, or simply hit the play button beneath.

Source link