With the Digital India Mission gaining widespread momentum all over the country, Unified Payment Interface (UPI) payments having become the way to pay. People are reluctant to carry cash on them, and prefer to use apps such as PhonePay and Bhim UPI to make transactions. They consider these options as safer, since these are directly regulated by the RBI, and so, the interface must be secure, right? Well, that’s where most go wrong, by blindly trusting these apps, which, in reality, are the storehouse of frauds. UPI payments are the latest addition to the ever-growing list of the way one can be conned online.
How UPI Frauds Work
UPI Portals have an option which allows individuals or firms to set up a request for money, which the user can accept and or decline. If accepted, the transaction is carried out once the users enter their UPI Pin, which is like an ATM PIN, and not a uniquely generated OTP.
The most common tactic that fraudsters use is thus. to befuddle the victims into providing them (frauds) with their UPI PIN while pretending to ask for the UPI ID. As soon as the user clicks on ‘Accept’, the frauds gain access to the Pin, and by the time the user realizes what has been happening, the money is gone.
Another method involves the trickster calling the victim and pretending to be offering some sort of cash back via some platform. The user is nudged to enter the PIN through a collection request, and viola. The money gets debited from the account, going straight to the frauds. This technique is also used to con card users, though a slight variation, in the form of an OTP instead of the PIN, is used.
A third way in which the process happens is that frauds pose as customer care workers. If the care number is called, they extract sensitive data from the victim.
So what do frauds do after getting hold of the PIN? They make an online purchase using that PIN, and the owner gets the collection request. If the request is accepted, then, the owner has effectively paid for someone else’s purchase.
Can You Reclaim Your Money?
Once a person gets caught up in a scam, the banks are hardly any help. This is because both act of providing the PIN and setting up the transaction actually occur via the account owner. And so, banks don’t have the authority to reclaim money from someone else’s account, even if that someone is a fraud. This is a crucial difference from bank card frauds, as card fraud victims can still reclaim money through the bank charge-back policies. Moreover, in most cases, the victim, the fraud, the account holder, and the transaction are at different locations. This further complicates the scenario, as legal aid becomes time -consuming due to different jurisdictions.
Determining the owner of the UPI address is futile, since more often than not, frauds use the accounts of some other people. They actually pay these people for rights to use the account from time to time. After every fraud transaction, the withdraw the amount from the account. In other words, tracking the actual frauds is tough.
So how to steer clear of UPI frauds? One way would be to opt out of the ‘request money’ option. However, disabling this feature is currently not an option, though it may be introduced soon enough. The disabling option is undergoing discussion as of now, and nay soon be available on all UPI apps. Nevertheless, there are some other ways to prevent scams. One of these has the banks refrain from sending URLs via mail or text, and instead urging customers to visit their site directly. Another option that some banks offer is to block certain kinds of transactions through the account or card.
Online trade sites such as OLX maintain that they shut down lakhs of suspicious accounts each month, and have technology filters and site auditors. As for how secure these are, let’s just say that its better to keep one’s PIN number and account details private, and keep a watchful eye out.
Protect Yourself From Scams
Finally, here’s some practices to ensure a safe online transaction:
• Read Transaction messages and pop-ups carefully
• Be wary of some calls claiming to be providing a cash back/being from customer care
• Know the difference between PIN, UPI ID, and OTP
• Alert the service provider if suspecting scam
• Steer away from random links offering freebies
• Never share the PIN number, or other sensitive information