Unified Payments Interface or UPI was introduced with the aim of merging several banking features into a single mobile application providing seamless fund routing and merchant payments. The goal was to make digital payments easier for everyone. However, even this mode of transaction has been targeted by fraudsters to steal customers’ money with several such cases emerging in recent months. Hackers are taking unauthorized access of innocent people’s mobile devices to carry out fraudulent transactions via UPI using third party apps on smartphones.
What are different UPI frauds?
Trishneet Arora, Founder & Chief Executive Officer of TAC Security explains that one of the most common ways is to call customers and ask for UPI PIN instead of ID to complete a transaction. In this case, fraudsters pose as e-commerce users. There have been other instances where fraudsters have posed as bank representatives and asked customers to download a third-party app to steal their money.
“One of the most recent UPI frauds had conmen calling up e-commerce users and asking them to enter their UPI PINs in the app, instead of their UPI IDs, to complete payment and receive money. What the victims did not realise was that doing so confirmed the transaction requested by fraudsters. They also conduct UPI frauds by posing as representatives from the victim’s bank, telecom service provider, or the RBI on call, asking them to download a third-party app for “verification purposes”,” Arora told Zee Business Online.
He added that once downloaded, these apps give fraudsters remote access to the victim’s phone which can then be used to conduct fraudulent UPI-based transactions.
How to make sure you don’t fall for such traps?
Arora believes that most UPI frauds occur as victims don’t have a proper understanding of how this new-age payments system operates. This is the reason why they are easily fooled. He added that a greater awareness has to be generated for UPI payments.
“As can be seen from the examples above, most UPI frauds occur because victims don’t have a proper understanding of how this new-age payments system operates. As a result, they are easily fooled into taking actions that compromise their information security and leaves them vulnerable to financial fraud. Countering this challenge, therefore, requires greater awareness about the UPI payments process, as well as the various methods employed to conduct UPI frauds,” he said.
Arora added that service providers, e-commerce players, and financial institutions must seek to deploy customer-facing awareness campaigns through initiatives such as mass emails/circulars and informative videos. They must also look to opt for strong third-party penetration testing and vulnerability assessment services to regularly gauge vulnerabilities in their UPI integration frameworks, he added.
“On the customer’s end, care must be taken to avoid sharing confidential details such as OTPs with suspicious callers claiming to be the representative of a service provider or bank. Care must also be taken to verify the identity of the person/business that you are transacting with over an online platform, especially when a large amount of money is involved,” he said.