Guarding Your Wallet: UPI Scams & Mobile Payment Scams to Watch Out For

Introduction

Mobile & cashless payments bring huge convenience but also risks if proper security precautions aren’t taken. Fraudsters are adept at exploiting vulnerabilities in platforms like UPI, digital wallets & QR payments to steal funds. This guide will examine common mobile payment scams & provide tips to keep your money safe.

Rise of UPI Fraud in India

The Unified Payments Interface (UPI) has revolutionised digital payments in India through convenience, speed & universal interoperability. But as UPI adoption surged, especially during the pandemic, so did fraud targeting unsuspecting users through UPI Scams. 

Some alarming UPI scams statistics:

• UPI scams losses reached ₹392 INR crore in FY 21-22 according to NPCI data.
• ₹83 crore INR was lost to just one type of scam – know your customer (KYC) updation – from 2019 to 2022 according to CERT-IN.
• Reported incidents of UPI scams quintupled from around 13,000 in 2019-2020 to over 65,000 in 2020-2021.

Criminals exploit the ease of UPI apps to trick unwitting victims into sending money or exposing sensitive information. Stay vigilant against these fraud types.

Common Types of UPI Scams

Phishing Links

• Scammers send SMS or email links mimicking legitimate payment sites & UPI login pages to steal login credentials & OTPs. 
• Victims enter their details thinking they are on the real site, allowing criminals to siphon funds from bank accounts using UPI apps.

QR Code

• Fraudsters create malicious QR codes & switch legitimate ones (like on restaurant tables) to redirect payments into their accounts rather than the merchant.
• Unwitting users scan the codes believing them to be genuine & complete the payment without checking the recipient details.

KYC Scam

• Criminals call users pretending to be from the bank saying their KYC or SIM is pending verification, asking for confidential information or installing remote access apps.
• Once given access, they initiate transfers from the user’s account without consent.

Vishing – Voice Phishing

• Scammers call victims under pretences to obtain sensitive data like card numbers, CVVs & OTPs or trick them into sharing UPI PINs for “verification”. 
• The information is then used to either make fraudulent purchases online or transfers using UPI.

Staying vigilant against such social engineering tactics is key to avoiding falling prey to UPI scams.

Scam Potential of Other Payment Modes

While UPI fraud has seen major growth, all digital payments carry risks if proper care isn’t taken:

Debit/Credit Card

• Skimming: Criminals install overlay readers on ATM card slots, copying card data for cloning cards. Always check for suspicious devices before using any ATM.
• Contactless Frauds: cybercriminals use RFID readers to steal data from contactless cards in your wallet/purse remotely. Use contactless cards with built-in RFID signal blocking.

Mobile Wallets

• Account takeover: Hackers may compromise your wallet login credentials via phishing or malware. Use strong unique passwords & enable multi-factor authentication (MFA).
• Fake apps: Imposter wallet apps may trick users into entering confidential information used to steal funds or spy on transactions. Only download wallets from official stores like Google Play Store or Apple App Store. 

QR Payments 

• Malicious QR codes: Redirect payments away from intended merchants into criminal accounts, as highlighted above. Verify the recipient & amount before scanning any QR code.
• Merchant overcharging: Some rogue merchants have overcharged customers beyond the amount displayed on screens, pocketing the excess via QR payments. Remain vigilant of the final amount deducted.

Safety Tips for Digital Payments

Here are some best practices to securely use mobile & UPI payments:

• Avoid public WiFi for payments. Use mobile data instead. Public connections can be insecure.
• Check recipient details in UPI apps to verify legitimacy before entering UPI PIN to confirm transfers. 
• Use only the official apps provided by your bank. Avoid sideloading unofficial UPI apps with malware risks.
• Beware fake UPI IDs using display names copied from your contacts list. The UPI ID itself should be verified before accepting requests.
• Enable transaction limits & multi-factor authentication (MFA) in your bank & UPI apps. This restricts unauthorized payments.
• Check statements regularly to identify any unauthorised charges & report promptly. It limits financial liability.
• Assign unique UPI IDs to frequent recipients instead of relying on phone numbers alone. This prevents misdirection. 
• Avoid clicking links in messages. Manually log into your bank app or wallet, don’t follow unverified links claiming to be payment gateways.
• Do not share SMS/email OTPs, MPINs or UPI PINs with anyone. Legitimate companies will NEVER ask for confidential codes.
• Review permissions requested by apps. Only enable those strictly required for services.

Staying cautious regarding links, codes & unfamiliar payment requests limits risk exposure from digital payment scams. Alertness secures your hard-earned money.

Key Takeaways to Avoid Payment Fraud

• Verify legitimacy before entering any sensitive codes for recipient confirmation. 
• Don’t click phishing links or call numbers provided in messages/emails. Manually log into your verified bank app.
• Use two-factor authentication (2FA) & transaction limits to reduce unauthorised activity risks.
• Only download payment apps from official stores or linked from your bank’s website.
• Closely check recipient details & final amount before approving any payment.
• Limit permissions granted to payment apps & disable contact access if not required.
• Monitor account activity closely via statements & alerts to identify any malicious activity promptly.
• Avoid using payment apps on unsecured public WiFi. Favour mobile data instead.

Exercising caution, vigilance & common sense goes a long way in protecting your hard-earned money while enjoying the perks of digital payments. Stay alert against the latest scam tactics.

Frequently Asked Questions (FAQ)

What should you do if you suspect your payment app or account is compromised?

Immediately notify your bank, disable the app, change passwords, remove linked accounts, reset payment limits to the lowest levels & check statements for unauthorised activity. Enable extra security like multi-factor authentication (MFA) once re-secured.

How can banks improve security for mobile payments?

Banks can implement Artificial Intelligence (AI)/Machine Learning (ML) to better detect fraud, push real-time alerts for suspicious activity, conduct thorough security audits, follow secure architecture principles like tokenising data & educate customers on risks.

Is UPI still safe relative to alternatives like cards or mobile wallets?

UPI remains more secure than alternatives if users take precautions thanks to its double authentication requirements. But users should be vigilant as scammers actively target UPI apps seeking vulnerabilities.

What government initiatives help fight mobile payment fraud in India?

Jan Dhan-Aadhar-Mobile (JAM) linkage for verification, DigiLocker for documents, Nigeria sanctions monitoring for fraud transactions & the cybercrime volunteer program for reporting are all government initiatives enhancing security.

Which body regulates digital payments in India?

The Reserve Bank of India (RBI) regulates all forms of digital payments. They set security standards, require audits & issue guidelines to ensure safety & trust. 

India’s cashless economy thrives based on user trust. With caution & prudence by customers coupled with a security focus from regulators & service providers, digital payments have immense growth potential.