How to Prevent Online Payment Fraud on UPI and E-Wallets

• Impostors send payment requests via fake UPI apps to steal money
• Avoid any financial transaction or engagement with random people
• Only install banking and UPI apps that are verified and RBI recognised

With the growing number of online transactions, e-wallet frauds and online payment frauds in India are becoming widespread. Being able to avoid online payment fraud while using e-wallets or UPI apps has become very critical. As per the data provided by the National Payments Corporation of India, the total number of Unified Payment Interface (UPI) transactions made in February 2021 were a whopping 2.29 billion. With people resorting more and more to make payments via UPI apps and e-wallets in India, it has only given rise to more online fraud incidences.

True fraud or identity theft

This is when scammers get access to your financial information to steal money from your account or make unauthorised purchases.
 

“Complete your ‘e-wallet name’ KYC or lose the money in your e-wallet account. Please call on 987******* and take action immediately.”
 

“Update your information to continue making transactions via the UPI app. Click on www.upd8UPIinfo.com and complete the verification details. If not done within 24 hours, your account will be deactivated, and you will not be able to carry out further transactions.”
 

These messages tend to cause panic and the fear of losing money makes people do irrational things such as clicking on the unverified link and following the respective directions. These are common ways used by fraudsters to trick oblivious customers. Either they send a payment request via their UPI app that requires a UPI PIN or OTP or QR code scan or they send these ‘update your details’ threats to eventually get unauthorised financial access.

Online payment frauds in India, especially e-wallet frauds and UPI app frauds, are becoming very sophisticated as cybercriminals are building new ways and figuring out new mechanisms to target people. With more people transacting online, unscrupulous people are stooping to any level to obtain sensitive information from people. They do this via the following common ways:
 

1. Phishing cons

Fraudsters send unauthorised payment links via text. These bogus bank URLs are eerily similar to the original website link making it easy for people to fall into this trap. Once permission is given to debit money, the amount gets deducted from the e-wallet or UPI app instantly.
 

2. Bank impostors

Scammers pretend to be bank officials and rip off people by using an app to get remote access to a person’s mobile phone screen. First, they give an excuse that the debit card is blocked or that the KYC is not up to date and then guide the gullible person, step-by-step and ask them to download an app on their phone. Since the screen has been shared, the scammer can monitor what the victim is doing, eventually gaining control of the device and stealing information.
 

3. Misleading UPI handles

Many scammers create UPI handles with a valid name in them such as @paymentsBHIM_best or @disputesNPCI and people fall prey to this because the words like NPCI or BHIM exist and hence, believe these handles to be authentic. Scammers make you disclose your account details via a fake UPI app and then compromise the accounts.
 

4. Frauds that involve OTP, PIN, UPI

When one transacts via a UPI app, an OTP or UPI PIN is required. Once either of the two is verified, the transaction is successful. This way to dupe people is one of the fraudsters’ favourites. They have the skills to convince people to share either the UPI pin or OTP over the phone with them and through that, they can validate transactions and steal money. Always remember legitimate banks never call to ask for this information.

There are a few tips and precautions that one can incorporate to prevent online payment fraud while using e-wallets and UPI. These include the following:
 

No engagement with strangers

The first and foremost step is to not deal with unknown people online – be it via text, email, or phone. Often people pretend to be officials of reputed companies such as Bajaj Finserv in the pretext of selling a loan, credit card, or updating KYC details. Keep in mind that Bajaj Finserv or any other legitimate bank will never ask you to disclose financial, personal or transactional details such as UPI PIN or OTP.
 

If you do receive any communication from a stranger, call the organisation they are impersonating and validate everything being said by them. Better still, do not reply to an unknown email address or unknown phone number to avoid getting caught in their tricks.
 

Do not share OTP with anyone

One-time passwords are used by banks and financial institutions to authenticate transactions and unfortunately these have become the main entry-points for fraudulent activities online.
 

Bajaj Finserv or any of its representatives never ask for PIN or OTP for processing any transaction. Sharing your PIN or OTP can lead to fraud and you must, in no circumstances, share such details.
 

Refrain from clicking on unknown links or accepting payment requests. Impostors very often send fake links that appear to be identical to the original links in order to obtain money unethically. One should under no circumstance click on a link sent by someone to proceed with a payment request unless it was initiated by you. Especially if you are supposed to receive money, you are not required to share your UPI pin.
 

Do not install counterfeit apps

Though operating systems such as Android and Apple try hard to get rid of bogus apps from their app stores, one may still notice phony UPI apps that should not be installed. They use a name similar to your financial providers trying to get you to install it. Always check the developer, registered website, and other such information that supports the legitimacy of the UPI app or e-wallet.
 

When in trouble, use official helpline contacts

When you Google a number on the internet, you may not receive the accurate and correct information always. Fraudsters have also created twitter helpline handles and other social media handles that appear to be legitimate as they may have the company name in it and they use this to communicate with you. Do not communicate with such handles even if you are in despair. Go to the official website, obtain the listed customer care or helpline numbers, and dial those.

All UPI apps and e-wallets have dedicated customer support helpline numbers listed on their websites. The same way financial providers such as banks and insurance companies also have their certified helpline numbers and social media accounts mentioned on their websites for you to report any fraudulent activities.
 

People may dissuade you from reporting cybercrimes but you must lodge a complaint and call the national helpline number - 155260 to report the online fraud and series of events. People can benefit from your experience.
 

Savdhaan Rahein. Safe Rahein.