UPI – payments made easier or more fraudulent?

Bangalore City

By Riya Sharma

Bengaluru is leading the charge in one of the UPI-enabled frauds which are sweeping the nation. The rising use and familiarity of UPI payment apps such as GPay, PhonePe, Paytm, etc. are being used to mislead the average users to transfer money from their accounts to other bank accounts.

 Several thefts of this nature have been reported in Bengaluru in the last few months, according to Sunil, Head Constable at the cyber crime police station. 

 The fraud employs the ‘Collect Flow’ of the UPI framework, which allows a UPI user to ‘request’ payment from another user, inputting only their virtual private address (VPA) or UPI ID.

“These gullible users are then called by the fraudster, who then convinces them to ‘allow’ the request they got and validate their identity by entering their UPI PIN. Once that is done, the money moves to the account which requested the transaction”, explained Gaurav Sharma, Product Manager at a financial savings (fintech) application. 

Madhura, a content writer, fell victim to a similar UPI-enabled fraud in June 2018.

“I, unfortunately, accepted a collect request by mistake and lost eighteen lakh rupees in a span of one month,” she said.

Madhura has been making rounds of the cybercrime police station for a year.

“I visit the police station once every three months but I have not gotten any updates about the case since the incident”, she added.

 Anushka, an employee at a corporate firm, got a similar call from someone posing as a PhonePe employee, who promised a mega scratch card if she accepted the request sent to her device by someone posing as a fintech app. 

 The fraudsters usually route the request from other third-party apps such as OLX and PhonePe (which have submitted a lot of complaints to NPCI, the governing body for payments and UPI).

Manik, an employee at one such fintech startup, wants NPCI (National Payments Corporation of India) to take action immediately otherwise the people might lose faith in the emerging payments ecosystem. 

“NPCI should reanalyse the UPI framework and look into user-behaviour to make it more fraud-resistant”, Gaurav said.

The Softcopy found that after a series of fraud incidents occurred this year, NPCI has been conducting various workshops and training sessions to support member banks in understanding the requirements of fraud risk monitoring and management.

Gaurav believes that misinformation is the primary cause of these frauds and this can be managed only with more knowledge and usage, which he said, happens over a period of time, call it the adjustment period. 

“The rate of car accidents was highest in the first few years of use since nobody knew how to drive them!” he said.