India is making a significant transition towards digital payment system. The government has been relentlessly pushing towards a more digital economy. National Payments Corporation of India (NPCI) has come forward to inform and make people aware of the Unified Payments Interface (UPI). UPI allows users to transfer money instantly from one bank account to another round the clock, on a real-time basis. Transfers are instant from one bank account to another round the clock. The user does not need to share credentials such as bank account details or bank codes. An individual can use multiple bank accounts on a single app. UPI, which was launched by NPCI in 2016, has grown faster than another mode of digital payment in India.

Highlights:

  • UPI allows users to transfer money instantly from one bank account to another on a real-time basis
  • UPI has grown faster than another mode of digital payment in India

Here Are Some Common Types of Frauds

Request Money Fraud: 
‘Request’ (pull) feature in the UPI allows people to send you a payment request. You can send money to another user by just clicking on the ‘pay’ button and entering your personal identification number (PIN) for the UPI app. The problem is that fraudsters misuse this feature by sending fake payment requests with messages like ‘Enter your UPI PIN to receive money, “Payment successful receive Rsxxx” and so on. Many people fall for such fraud and respond to these messages by entering their PIN, thus, losing money from their UPI account. 
Scan QR Code for Receiving Money:
 Fraudsters share a QR code over multimedia apps, like WhatsApp, asking you to scan this code to receive money. However, creating and sending QR code for sending money is not allowed by UPI. You can scan the QR code only to make a payment. So never scan any QR code that says you would receive money or payment from the sender for anything. 
Frauds via Social Media:
 Fraudsters call users or approach them through social media pretending to be authentic representatives. They ask users to download screen-sharing apps, such as Screenshare, Anydesk or Teamviewer, and hold their debit/credit card in front of the phone camera so that their ‘verification system’ can scan the details. Once they get the card details, they ask the user to share one-time passcode (OTP) SMS from the phone and transfer funds to their own account.
Debit/Credit Card or Top-up Fraud: 
For this, fraudsters call you claiming to be representatives of your bank, the Reserve Bank of India (RBI), an e-commerce site, or even a lottery scheme or online game site. They may ask you to share your 16-digit card number and CVV (card verification value) for verification so that they can ‘transfer’ the booty in your account. Next, they ask to share the OTP SMS for verification of your card details. However, the moment you share the OTP, money from your account will vanish.
Social Engineering Fraud:
 Social engineering is when fraudsters use your personal details, like date of birth and location (obtained from social media sites), to trick you into trusting them. They claim to be customer-support representatives from your bank and ask you to share sensitive bank account/ card information under the pretext of keeping your account active or your card valid. They then ask you to provide the OTP, to complete the transaction and top-up own wallet, using your banking details.
SIM Swap Fraud:
 This is a very serious type of fraud. In this, the fraudsters will obtain a new SIM by submitting your documents to a mobile operator. The fraudster can call you pretending to be a representative from your mobile operator and ask you to forward an SMS to upgrade your network. This SMS contains a 20-digit number from the back of a new SIM. This SMS deactivates your current SIM and activates a duplicate SIM. While you will blame the mobile company for no network signal on your mobile phone, the fraudsters will use the new SIM to receive SMS OTPs from your bank. 

Do’s & Don’ts to Prevent Fraud

  • Do not share confidential details, like card number, expiry date, PIN, OTP, etc, with anyone. If you are asked to give such details by anyone posing as an official representative from your bank or the mobile app, ask them to send you an email without sharing your email ID (as the bank or app would already have your email ID with them). Also, respond only to emails from the official domain of your bank or the app.
  • Always remember you do not have to ‘Pay’ or enter your UPI pin to receive money on your UPI app.
  • Do not download and install third-party apps, such as Screenshare, Anydesk, Teamviewer.
  • Do not search for your app’s customer support numbers on Google or any social media. Visit the official website of your app or bank and, from there, find out the customer care number. 
  • Never call/ respond to unverified mobile numbers claiming to be from your bank or UPI app.
  • Always use mobile app downloaded from the official Google play store (for Android) or App Store (for iPhones). This applies for bank apps as well. 
  • Also, since most banks offer in-built UPI in their mobile banking apps, there is no need for you to download or use any third-party apps for banking or UPI. 

What Should You Do When Contacted by a Fraudster?

  • Immediately report the incident to your nearest cyber crime centre and lodge an FIR (first information report) providing relevant details like your mobile number (from where the transaction took place), transaction details, card number and bank account) to police.
  • Login to your UPI app and go to ‘Help’. Many apps allow you to report fraudulent incidents.