Fuelled by internet and mobile penetration, digital payments have seen rapid growth in India, giving rise to multiple cashless payment applications and systems. According to the EY Global Fintech Adoption Index 2019, India is becoming a forerunner in global financial technology (fintech) adoption at 87 per cent, along with China. Data from the Reserve Bank of India (RBI) highlights that the total volume of digital payments increased nine times over the past five years.
The rise in digital payments has not only opened multiple avenues for businesses to explore online payment services, but also led customers to prefer this mode in almost all aspects of their daily lives—from small-value transactions to very large purchases. However, there are roadblocks to this frenzied adoption of digital payment. These include frauds and scams, data protection issues, security concerns, infrastructure requirements, and lack of awareness about the risks linked to the digital ecosystem. Papid growth in the digital payments data economy has led to increasing cyber-attacks, information leakage, data theft, as well as malware and ransomware attacks in recent times. Consumers have become vulnerable to newer and more complex frauds. In 2017-18, the RBI reportedly recorded over 2,000 cyber frauds at banks, amounting to over Rs 100 crore.
Below are some digital payment scams you need to look for to reduce the probability of falling prey to cyber crimes
1. The remote access mobile application scam
Fraudsters, who had listed fake numbers online under an NGO’s name, gained access to a Mumbai resident’s debit card details by asking her to download Anydesk, a remote desktop software tool, which provides a third party a complete view of the user’s screen. She wanted to transfer funds to the NGO to cremate her pet. Instead, her debit card details were compromised and Rs 30,000 was withdrawn from her bank account.
Lessons to learn
Do not seek help from strangers to complete payment transactions. Do not download apps, except official ones, recommended by seemingly-helpful people, even if they claim to be bank staff.
2. Trap for gullible insurance seekers
In this, scammers prey on an individual’s inability to spot the difference between the official and fake portals of the insurance regulator. A counterfeit portal going by the URL www.irdaionline. org managed to sell fake policies to insurance seekers until the Irdai issued an alert, and the URL was blocked.
Lessons to learn
Irdai does not sell insurance policies. Stay away from portals misusing domains that are akin to regulators’ offi cial ones to swindle funds.
3. Phishing smses promising income tax refund
A Mumbai-based private sector employee received a link, purportedly from the income tax department, regarding a tax refund he was eligible for. Once he clicked on the link, he was directed to a mobile application that got downloaded on his phone. Tricksters elicited his account access details and siphoned off money.
Lessons to learn
The income tax department directly credits the refund to the bank account mentioned in your I-T return form. Do not trust any messages, links, online forms or calls seeking additional account/card details.
4. The KYC update hoax
An IAS officer in Udaipur lost Rs 6 lakh when she clicked on a fraudulent link asking her to update her KYC. She was prompted to enter her account details and the OTP received, following which she received messages from her bank notifying her of debits worth Rs 6 lakh.
Lessons to learn
Do not click on links received through SMSes. Rely on official websites or bank branches to complete the process, if requir ..
5. Simpleto-crack passwords
Here, victims make hacking an effortless job for hackers. The United Kingdom’s National Cyber Security Centre (NCSC) recently released a list of ‘most hacked’ passwords. Over 23 million accounts worldwide were breached as they had 123456 as their passwords.
Lessons to learn
While the data pertains to the UK, it is a pointer to the hazards of using passwords and PINs that are easy to decode.
6. Fake UPI-based payment links
Fraudster asked the victim, a Pune-based trader, to transfer a nominal amount of Rs 10 to a mobile number from his digital wallet. It was presented as ‘registration fee’ to initiate the online purchase of a scooter. Subsequently, he received payment links where he had to enter his UPI ID and OTP received and send it back to the fraudster. The information was used to transfer Rs 1.53 lakh out of his accounts.
Lessons to learn
Transact only through the offi cial BHIM or bank UPI apps. Do not use links sent by unknown entities, even if they seem authentic.
7. Fraudulent NPCI/UPI/BHIM handles and portals
Myriad Twitter handles masquerading as @NPCI_BHIM official helpline handle have mushroomed on the micro-blogging site. The fake accounts trick customers looking for help to reveal their account, wallet or card details.
Lessons to learn
Look for verified-by-twitter blue ticks while interacting with National Payments Corporation of India (NPCI), bank or payment wallet helplines.
8. Lack of awareness of UPI pay options
A Pune resident who wished to sell his air-cooler was tricked by a prospective buyer who agreed to pay `9,000 through a UPI-based app. However, the latter sent a ‘pay’ request to the former, who promptly authorised it without realising that the amount would be debited from, not credited to, his account.
Lessons to learn
Use of newer technologies calls for additional caution. Since UPI-based apps enable push (pay/send) and pull (receive/collect) transactions, newer users could get confused. Understand the processes thoroughly before rushing to use them.
9. Request Money Fraud
The ‘Request’ feature on any digital payment app allows a person to send you a payment request where the amount is filled in by the requester. You can pay by just clicking on the ‘Pay’ button and entering the UPI PIN.You can also ‘Decline’ the request, in which case the request stands invalid. Before declining, you can block the requester as well — this will prevent all future payment requests being raised to you by that person.
You post a product listing on OLX, Quikr or a similar site. The fraudster spots your listing and gives you a call saying that are interested in buying the product. They also tell you that they’re unavailable to pay in-person and would like to make a money transfer using the digital payment app. They might build on their credentials by telling you that they work for the Army, the Police, the Government etc.
The fraudster will then ask you to open your digital payment app while you are on the call, and send you a collect-call request for the same amount as your listing. A lot of times the fraudsters use the digital payment logo as their profile picture, which you can see in the collect call request. They also put a message right above the ‘Pay’ button with instructions like ‘Once you pay, you will receive money.’
Lessons to learn
This is a fraudulent message. You never need to click on the ‘Pay’ button or enter your UPI pin to receive money.
“It takes years to build your wealth and few minutes of cyber-incident to ruin it.”