How to Stay away from On the web Payment Fraud While Working with UPI Apps, E-Wallets

Averting on-line payment fraud although employing UPI applications or e-wallets is getting significantly complicated with the increasing volume of on line transaction in India. Complete selection of transactions manufactured by way of the Unified Payments Interface (UPI) in February 2021 was 2.29 billion, according to details delivered by the Nationwide Payments Company of India (NPCI). And as far more persons make payments applying UPI applications and e-wallets in the country, the incidences of on the web fraud develop. Scammers proceed to locate new means to steal the really hard-earned income of people. A lot of these victims have posted about their ordeals on social media.

The checklist of victims of on the internet payment fraud not only features the persons who are living in rural areas and are new to the world of electronic payments, but also a lot of people dwelling in urban locations and applying UPI apps and e-wallets routinely. In a recent circumstance, Delhi Chief Minister Arvind Kejriwal’s daughter Harshita Kejriwal was also allegedly duped of Rs. 34,000 while seeking to promote a sofa on the web. A guy posing as a consumer contacted Kejriwal and instructed her that he would mail a small sum to confirm her financial institution account. He in the beginning despatched her Rs. 2 and questioned her for affirmation, according to media reviews. But soon after that, he reportedly despatched her a QR code that enabled him to withdraw payments from her bank.

This is a typical way of fraudsters trick folks by sending them a payment request on their UPI application. That ask for allows them to quickly transfer the income. But alongside with sending payment requests, criminals use social engineering to dupe individuals.

“Social engineering can be uncovered in many varieties, and we use numerous names to it these types of as phishing and smishing,” Vikram Jeet Singh, Director, Possibility Consulting – IT Advisory, KPMG, told Devices 360 in an previously interview.

At the time the payment request is acknowledged, the UPI app asks for the PIN, which is the final phase to finish the transaction. This suggests that you’ll shed the revenue the moment you enter your UPI PIN, which you shouldn’t.

“When it arrives to a client, it boils down to frequent feeling,” stated Ram Movva, President and Co-Founder of Tamil Nadu-based cybersecurity providers business Cyber Security Works.

Most of the leading industrial banking institutions operate different on the web and offline strategies to inform their buyers about frauds taking place as a result of UPI applications and e-wallets. The NPCI also educates folks by its social media channels. Having said that, some specialists think that frauds could be minimised by bringing stringent policies and policies.


“With no data standards… outlined by the governing administration — and neither by the Reserve Financial institution of India nor by CERT-In — people have been remaining aside from the security issue,” stated Sateesh Kumar Peddoju, Affiliate Professor, Indian Institute of Know-how – Roorkee.

The expansion in on the internet payment frauds have created it pretty difficult for firms to safeguard buyers as cybercriminals go on to develop new means and mechanisms to goal harmless people.

“Far more and extra of us have come to be accustomed to accomplishing much more and far more transactions on line, particularly due to the fact the COVID-19 pandemic strike last 12 months, and it is quick to fail to remember that there are people out there who will do just about anything to get hold of money or own details by deception,” info safety agency Sophos said in a statement.

Owning stated that, you can get sure actions to continue to be safe and sound from on the web frauds when earning payments via a UPI application or e-wallet.

Stay away from engaging with strangers

1 of the very first methods that can assist you keep guarded versus online frauds is to steer clear of participating with strangers as a result of any medium. It is crucial that you are not speaking with unidentified persons about a mobile phone connect with or concept — unless it really is some thing really urgent and unavoidable. Banking institutions also inform their clients to not disclose particular or transactional aspects these types of as UPI PIN or OTP even to men and women saying to be banking officers making contact with them via email or cellular phone.

“There are tens of millions of pretend e-mail that are becoming despatched day-to-day by hackers,” claimed Karmesh Gupta, CEO of network protection organization WiJungle. “They commonly pose that they belong to an authentic organisation or platform to trick and inquire you for the wished-for details. Right before performing on any electronic mail, make confident that you extensively look at and validate the e-mail deal with.”

By not speaking with fraudsters, you can avoid receiving caught in social engineering methods that fraudsters usually use to steal funds from folks.

In circumstance you need to have to engage with a person you really don’t know, possibly for promoting a family merchandise (like in Harshita Kejriwal’s circumstance), you should really be extremely watchful of the communication you make and have to never ever share your financial institution specifics. You must also not share OTP or any other transactional facts you get on your cellphone while conversing to a person you you should not know individually.

“Fraudsters keep track of social media accounts and can approach the user under the guise of providing aid,” explained Damon Madden, Principal Fraud Consultant— Fraud & Risk Administration, ACI Around the world.

PhonePe experienced also observed in a web site publish that fraudsters typically build on their qualifications by telling people that they do the job for the armed forces, law enforcement, or the authorities. But you should really be mindful and not belief any particular person just since they show up to characterize a reputed organisation.

Gupta pointed out that in some situations, bad actors test to hook up with men and women by pretending to provide them major reductions, presents, and promotions from on-line browsing platforms. “This is a single of the most generally applied and trending methods of looting men and women as a result of on the net channels,” he reported.

You need to, for that reason, be utmost thorough though taking any actions on emails or messages declaring to give you price reduction features and promotions.

Do not share OTP with everyone

A person-time password (OTP) is what banks and economical institutions mail to validate transactions in India. But sadly, OTPs have also turn into the entry-place for most frauds presently.

“Banks commonly don’t question for personalized details on SMS, so if you obtain a textual content inquiring about your monetary details, it is normally a pink flag,” reported Madden of ACI Around the globe.

Gupta of WiJungle explained that OTP frauds ended up one particular of the most common because of to which a lot of individuals dropped accessibility to their critical info or even lakhs of rupees. “It is usually the absence of recognition that folks share their OTP (one-time-password) considering that it has occur from the lender or any formal authority. So, it is vital to consider treatment in advance of sharing the OTP to any unknown,” he said.

You ought to never ever share the OTP you are going to get on your telephone with any individual in excess of a contact or information. It is also essential to take note that you should not be moving into your banking specifics or login qualifications to your financial institution account on a computer or machine that is portion of a shared community, as it would allow anyone know your information and facts from the backend.

Fraudsters often send out doctored backlinks to obtain cash from your account. UPI apps this kind of as BHIM and Google Fork out have also manufactured it easier for scammers to make fraudulent transactions by sending payment requests. Nonetheless, Movva of Cyber Safety Is effective explained that no make any difference you really should under no circumstances simply click on a link you obtain or commence with a transaction request except you initiated it your self via a UPI app or your bank’s web page.

Google Fork out shows a blocker warning display screen for superior price QR/ payment hyperlink transactions to alert users about fraudulent payments and be certain they approve transactions following owing deliberation. But many men and women still grow to be victims, primarily when a fraudster tries to choose aspect payments from their account instead of obtaining the total income out in a single transaction.

Very similar to Google Spend, PhonePe also asks customers to not react to any random payment requests. “Always remember you do not have to ‘Pay’ or enter your UPI PIN to obtain cash on PhonePe,” the firm wrote in a different blog site article that information the variety of on line frauds that take place whilst employing UPI applications.

“Receiving dollars requires no PIN,” Citibank also wrote in a specific assistance website page about UPI frauds.

Remain absent from counterfeit apps

While Apple and Google attempt challenging to take out copy and false apps from their application suppliers, you may perhaps nonetheless occur across counterfeit UPI applications even though downloading other applications. It is, consequently, critical that you need to not install people on your mobile phone.

“Users need to verify the name, developer, registered site and email address of an application prior to installing it on their mobile phone,” stated ACI Worldwide’s Madden.

Alongside counterfeit UPI apps, you will discover quite a few apps that surface to be linked with your bank when they in fact usually are not. It is, for that reason, your accountability to put in only authenticated and official banking applications on your devices.

Fraudsters these days consider to connect with folks by way of pretend helpline accounts on social media. In some scenarios, fraudulent cell phone quantities also show up on look for engines. Platforms like Google Pay out and PhonePe, however, propose consumers to join with their help workforce immediately. You can attain out to Google Fork out by using its toll-free amount 18004190157 or by heading as a result of the Get hold of Us part in the application. PhonePe also has devoted buyer guidance on its web page. In the same way, most industrial banks have their formal helpline numbers and social media accounts that you should get to in circumstance of a query or for reporting a fraud.


Specialists consider that it is important to allow others know if you’ve got caught in a fraudulent exercise to assistance them beware of related activities. You need to also hear about the incidents occurred with some others to be cautious at your conclusion.

“Report frauds if you can. It may possibly not really feel as nevertheless you are undertaking considerably to support, but if quite a few people supply some proof, there is a least a possibility of carrying out anything about it. On the other hand, if no a person states nearly anything, then practically nothing will or can be finished,” Sophos said.

Does WhatsApp’s new privacy plan spell the conclusion for your privateness? We reviewed this on Orbital, our weekly know-how podcast, which you can subscribe to by using Apple Podcasts, Google Podcasts, or RSS, down load the episode, or just strike the engage in button below.