Thanks to the rapid growth of Unified Payment Systems (UPI), India is becoming a global digital payment model. According to the Ministry of Home Affairs (MHA), UPI frauds have jumped by 15.3% between the first (Q1) and the second (Q2) quarters of 2022. Meanwhile, according to RBI data, UPI transactions have been reported to increase by 1200% in the financial year ending September 2022.
The chemistry between digital penetration in payment systems and UPI frauds exposes the prevailing knowledge gaps. This also highlights the urgency to spread awareness about fraud mitigation and financial safety measures to reduce the digital hesitance among customers that commonly leads to UPI frauds.
This blog will educate you on the various types of UPI frauds and the pathways you can use to protect your account from fraud.
What is UPI?
Unified Payments System (UPI) is a real-time instant money transfer system between two participating banks developed by the National Payments Corporation of India (NPCI). UPI is a redesigned version of Immediate Payment Service (IMPS) that addresses the surviving flaws, like the need to enter sensitive information about your bank account at the time of each transfer.
You are probably curious about how it works now that you have learned about UPI.
How Does UPI Work?
UPI works on a four-party model and can be categorized into Peer-to-Peer transactions and Peer-to-Merchant transactions based on the parties involved. The four parties involved in any UPI transaction are-
- Payer – A person who initiates any payment
- Payee – The person who receives the payment
- Beneficiary Bank- Receiver’s bank account
- Remitter Bank- Sender’s bank account
Steps involved in making/receiving payment through UPI include-
Step 1– Download any Payment Service Provider (PSP) app like PhonePe, Paytm, Amazon Pay etc., and select your preferred Bank.
Step 2- The information related to your Bank account mapped to the entered mobile number is retrieved. Here, you can choose one/multiple Bank accounts to enable debit authorization in the selected accounts.
Step 3- Your PSP provides a few VPA (Virtual Payment Address) options, like @ybl, @icici etc.
Step 4- In this step, set up the UPI PIN. The customer must enter the following details for the successful validation of credentials
- the last six digits of the debit card
- an OTP generated in the process
- And the expiry date of your debit card.
Who can use UPI?
As of November 2022, 376 Indian banks were using the Unified Payments Interface (UPI). Anyone who wishes to use UPI must have a bank account with one of these member banks and have their mobile number registered with their Bank.
NPCI has enabled UPI PIN creation using Aadhar cards to make UPI more user-friendly for people who do not have debit cards issued to their bank accounts.
What is UPI PIN?
The UPI Personal Identification Number (PIN) is a four to six-digit number that the user enters during UPI registration or later. UPI PIN is required to approve any transaction on the platform. Therefore, it becomes more crucial not be share your UPI PIN/password to avoid UPI frauds.
You must create a unique and easy-to-remember UPI PIN to reduce the likelihood of forgetting this critical passcode. However, if you forget your UPI PIN, you can easily retrieve it by selecting “Forgot UPI PIN” and answering a few questions to confirm yourself as an authentic user.
Common types of UPI frauds
Some common types of UPI frauds are explained below in detail-
- Phishing Link Frauds
In such cases, fraudsters create a phishing website that looks exactly like an existing reputable website, say of a bank or a popular e-commerce website. The links to these websites are then distributed via SMS, social media platforms, email, and so on. When a person clicks on these websites without thoroughly checking the detailed URL (Uniform Resource Locator), the system captures and stores the user’s personal information, which is later misused by fraudsters.
- Vishing Calls Frauds
In such UPI frauds, fraudsters posing as Bank or RBI officials/any genuine entity dupe customers into sharing their confidential information, such as UPI PIN, OTP or passwords, etc., by creating an urgency/emergency such as an account being blocked/ KYC updating, etc.
- UPI Frauds Using Unauthorized applications/ Screen Sharing Apps/ Remote Access
Fraudsters frequently trick users into downloading screen-sharing, unknown or unverified apps that grant complete control over their devices. The fraudsters can easily obtain your financial credentials by using this access to your internet banking and other payment apps. Then, they transfer funds/make unauthorized payments using your username and login password to siphon off your hard-earned money.
Frauds through QR Code Scan
Fraudsters may contact you under the pretences of winning a lottery, a jackpot, or a government subsidy. To transfer the prize amount, they ask you to deposit a relatively small amount as taxes/forex charges/upfront or handling fee by scanning a QR (Quick Response) code from your UPI app.
OTP-based UPI Frauds
Fraudsters impersonating banks, RBIs, NBFCs, and other reputable organizations offer low-interest loans or credit limit increases on your credit cards. You must call a specific mobile number to register for these benefits. When users dial the number, they are prompted to enter their financial information. During this process, the fraudsters ask the users to share the PIN/ OTP generated and then conduct unauthorized transactions from their bank accounts.
What is UPI lite newly introduced by RBI?
Under the guidance of RBI, NPCI has recently launched UPI Lite at the Global Fintech Fest 2022 held in Mumbai. UPI Lite is a secure and seamless mechanism to facilitate offline low-value payments.
UPI Lite has been launched with a vision to enable simpler, faster, and more secure. This payment system will enhance convenience and facilitate transactions without cluttering your Bank passbooks or Bank account statements, providing better transaction success rates. Your UPI PIN is not needed for transactions up to Rs. 200/-, adding to speed and convenience.
7 UPI security tips to avoid UPI frauds
To safeguard yourself against UPI frauds, it is important to exercise certain precautions and security advice like-
- Be cautious of the suspicious-looking pop-ups that appear during your browsing sessions on the internet.
- Always check for a secure payment gateway (the URL must have a padlock symbol) before initiating payment on any website.
- Keep your UPI PIN and other sensitive information private, and never allow storing options for PIN/password/Card details on websites/public devices.
- Change your UPI PIN regularly, and secure UPI account with a biometric password on your devices when not used.
- Share no personal, confidential, or financial information on any social media platform because fraudsters can easily access your bank account by misusing this information.
- Never scan any QR code to receive money. For example, transactions involving money receipts do not require scanning barcodes/ QR codes/passwords/UPI-PIN.
- If you encounter a technical problem with your mobile/device and have no other choice but to install a screen-sharing app, first deactivate/log out of all payment-related apps on your mobile/device. Then, remove the screen-sharing app from your device after the work is finished.
Undoubtedly, UPI has simplified cashless transactions, but it has also opened up new avenues for scammers to generate revenue by circumventing security measures. Fraudsters succeed in duping users by instilling fear of having their account/credit card blocked/losing access to their account due to outdated KYC. In addition, greed for cashback/refunds/exclusive deals when shopping from e-commerce websites. With the increasing transaction volume of UPI, it becomes imperative to stay vigilant and wary of the mechanisms commonly used by fraudsters to hoodwink users.
Do money transfers via UPI occur only during banking hours and on working days only?
All payments are instant and available 24 hours a day, seven days a week, regardless of your Bank’s operating hours.
What if you enter the wrong UPI-PIN during a transaction?
The transaction will fail if you enter the inappropriate UPI PIN. If you repeatedly use an incorrect UPI PIN, the Bank may temporarily prohibit you from sending money using UPI from your account (this differs from Bank to Bank).
What is the procedure for reporting UPI or online money fraud?
In case of UPI frauds in India, you must report the fraudulent charge to the company or Bank issuing the credit/debit card. Then you can file a police report, freeze your account, file a complaint with your Bank using the Bank’s fraud reporting procedures, and request a refund.
What happens when there is a delay beyond seven days in reporting UPI frauds in India?
If the customer misses the reporting deadline of four to seven days, the liability shall be decided per the Bank’s approved policy.