The proliferation of digital payment modes has made life really easy. The ability to use payment apps to send money, pay all your bills, recharge, shop online and also make instant payments at your local kirana store has alost done away with dependence on cash.
While digital payment modes have been a big boon, fraudsters are constantly looking at new ways to cheat or defraud you with spurious transactions.
The Internet has made fraud attempts more scalable. These frauds currently cost the global economy $5 trillion every year. According to OnFido (a software company that helps businesses verify people's identities using a photo-based identity document), the industry average of fraudulent applicants is 1.5%; so, for every 10,000 applicants, 150 will be fraudulent.
In India, with the government support, unified payments interface (UPI), created by National Payments Corporation of India (NPCI), is being used by several mobile and e-wallet service- providers.
More and more people from India are opting to use UPI-based payment apps like Paytm, Google Pay, Bharat Interface for Money application (BHIM), Amazon Pay and PhonePe. Using a virtual ID or payment address and password, any user can transfer (push) or request (pull) money through the UPI app.
Here Are Some Common Types of Frauds
Request Money Fraud: ‘Request’ (pull) feature in the UPI allows people to send you a payment request. You can send money to another user by just clicking on the ‘pay’ button and entering your personal identification number (PIN) for the UPI app. The problem is that fraudsters misuse this feature by sending fake payment requests with messages like ‘Enter your UPI PIN to receive money, “Payment successful receive Rsxxx” and so on. Many people fall for such fraud and respond to these messages by entering their PIN, thus, losing money from their UPI account.
Scan QR Code for Receiving Money: Fraudsters share a QR code over multimedia apps, like WhatsApp, asking you to scan this code to receive money. However, creating and sending QR code for sending money is not allowed by UPI. You can scan QR code only to make a payment. So never scan any QR code that says you would receive money or payment from the sender for anything.
Frauds via Social Media: Fraudsters call users or approach them through social media pretending to be authentic representatives. They ask users to download screen-sharing apps, such as Screenshare, Anydesk or Teamviewer, and hold their debit/credit card in front of the phone camera so that their ‘verification system’ can scan the details. Once they get the card details, they ask user to share one-time passcode (OTP) SMS from the phone and transfer funds to their own account.
Another method used by fraudsters is to keep track of what users are posting on the original customer care handle of pages of the app, including issues related with availing cash-back, money transfers and refunds, if any. The fraudsters immediately respond on such messages by sharing their phone number as customer-care or helpline number. Customers then end up calling the unauthorised helpline number and sharing sensitive information, such as card and OTP details.
Debit/Credit Card or Top-up Fraud: For this, fraudsters call you claiming to be representatives of your bank, the Reserve Bank of India (RBI), an e-commerce site, or even a lottery scheme or online game site. They may ask you to share your 16-digit card number and CVV (card verification value) for verification so that they can ‘transfer’ the booty in your account. Next, they ask to share the OTP SMS for verification of your card details. However, the moment you share the OTP, money from your account will vanish.
Social Engineering Fraud: Social engineering is when fraudsters use your personal details, like date of birth and location (obtained from social media sites), to trick you into trusting them. They claim to be customer-support representatives from your bank and ask you to share sensitive bank account/ card information under the pretext of keeping your account active or your card valid. They then ask you to provide the OTP, to complete the transaction and top-up own wallet, using your banking details.
SIM Swap Fraud: This is a very serious type of fraud. In this, the fraudsters will obtain a new SIM by submitting your documents to a mobile operator. The fraudster can call you pretending to be a representative from your mobile operator and ask you to forward an SMS to upgrade your network. This SMS contains a 20-digit number from the back of a new SIM. This SMS deactivates your current SIM and activates a duplicate SIM. While you will blame the mobile company for no network signal on your mobile phone, the fraudsters will use the new SIM to receive SMS OTPs from your bank.
Do’s & Don’ts to Prevent Fraud
- Do not share confidential details, like card number, expiry date, PIN, OTP, etc, with anyone. If you are asked to give such details by anyone posing as an official representative from your bank or the mobile app, ask them to send you an email without sharing your email ID (as the bank or app would already have your email ID with them). Also respond only to emails from the official domain of your bank or the app.
- Always remember you do not have to ‘Pay’ or enter your UPI pin to receive money on your UPI app.
- Do not download and install third-party apps, such as Screenshare, Anydesk, Teamviewer.
- Do not search for your app’s customer support numbers on Google, or any social media. Visit the official website of your app or bank and, from there, find out the customer-care number.
- Never call/ respond to unverified mobile numbers claiming to be from your bank or UPI app.
- Always use mobile app downloaded from the official Google play store (for Android) or App Store (for iPhones). This applies for bank apps as well.
- Also, since most banks offer in-built UPI in their mobile banking apps, there is no need for you to download or use any third-party apps for banking or UPI.
What Should You Do When Contacted by a Fraudster?
- Immediately report the incident to your nearest cybercrime centre and lodge an FIR (first information report) providing relevant details like your mobile number (from where the transaction took place), transaction details, card number and bank account) to police.
- Login to your UPI app and go to ‘Help’. Many apps allow you to report fraudulent incidents.