With an ever-increasing popularity of digital payments platforms, the UPI (Unified Payments Interface) frauds have also risen substantially.
A few days ago, Delhi's chief minister Arvind Kejriwal's daughter Harshita became a victim of online scam where she tried to sell an old sofa set on OLX but was, instead, conned of ₹34,000. These kinds of scams have lately become prevalent.
This is the modus operandi of fraudster: They would send a QR code to the customer who is selling a product on OLX. They even show an urgency by claiming that they don’t wish to miss out on the deal. They tell the user to scan the QR code or accept the payment request. The victims don't realise that they don’t need to do anything for receiving the payment. But upon scanning the QR code, the amount is transferred from their account to that of the fraudster.
At times, it happens through a phishing scam, while on other occasions, some fraudsters use a deceptive handle to give a wrong impression. There are times when some scamsters get access to a customer’s device either through a fraudulent app or by sending a malicious link.
Let us first explore which are the most common tactics through which fraudsters fleece customers.
There are some of the ways in which scamsters perpetrate UPI frauds:
1 Remote access: By downloading an unverified app, one can inadvertently give remote access to their device. This can be misused by fraudsters to steal money through UPI.
2. Phishing scams: They are common where some unauthorised payment links are sent via SMS. The link, when clicked, takes you to the UPI payment app on your phone. This would prompt you to select any of the apps for auto debit. Upon giving the permission, the amount would instantly get deducted from your account.
3. Scanning the QR code: As mentioned above, these scams have lately become common where a payment receiver is told to scan a QR code. This leads to the transfer of money from their account to those of scamsters.
4. Deceptive handles: Some smart hackers use names like BHIM or SBI on their UPI social page to give an impression that it’s a credible UPI platform. So, UPI users must be careful about these tactics.
5. Sharing OTP & PIN: Almost every bank and RBI often warn their customers against sharing their UPI PIN or OTP with anyone. Despite that, some fraudsters try to convince the customers to share the OTP received on their phone. When it is shared, the fraudsters can authenticate illegitimate transaction and steal the money.
The frauds related only to debit cards or internet related channel jumped from 1,866 in fiscal 2019 to 2,545 in fiscal 2021 amounting to ₹119 crore, as per a RBI report.
Total number of frauds amounting to ₹one lakh and above:
(Source: RBI’s Report - ‘Trend and Progress of Banking in India 2020-21’)
What to do when you are scammed?
To prevent yourself from an online fraud, customers must proactively call up the bank and get the UPI service or debit card blocked.
It is advised that users verify the name and UPI/ID of the person before making the payments. Also, it's an oft-repeated warning given by RBI as well as by commercial banks that one should never share any OTP or PIN number with anyone, not even with the bank staff. Even debit cards ought not to be meant to be handed over to a stranger since they might lead to card cloning.
However, if some fraud does take place, one can still get the money back. As per the RBI’s notification in July 2017, a customer can get the entire money back if the fraud takes place due to a negligence or deficiency on the part of the bank or even if it’s a third-party breach provided the aggrieved customer notifies the bank within three working days of such a fraud.
At times, frauds also happen through websites. To prevent some of these frauds, National Internet Exchange of India (NIXI) came up a regulation to control fraudulent websites with (.in) domain name. Now individuals would have a limit of up to two portals after which they would be able to open a third one only with a permission from the NIXI CEO.
Such and many more moves are imperative in the wake of growing instances of online frauds. It’s vital to be extra careful before clicking every link, message or URL.