<p>In recent times, Unified Payment Interface (UPI) has been the preferred mode of transaction for all types of payments – from buying a cup of tea to groceries ever since demonetisation and the Covid-19 pandemic.</p>.<p>The UPI clocked the milestone of Rs 10 lakh crore worth of transactions in May. There is a continuous push from the government and the Reserve Bank of India to create an indigenous payment eco-system, which will enhance customer experience with the highest level of security. RBI has recently announced the launch of cardless cash withdrawals at ATMs via UPI, which will bring in another era in digital and cardless banking.</p>.<p>UPI works on an architecture that ensures a robust security framework where money cannot be misused unless authenticated and authorised by the customer themself. However, the rise in digital payments has also provided an attractive playground for criminals leading to cyber frauds. While it is almost impossible for fraudsters to break into UPI’s security wall, cyber-criminals have been using various social engineering techniques to defraud customers. Here, human vulnerability is being exploited by the fraudsters, who are luring the customers on the pretext of attractive offers, prizes, amazing deals, etc.</p>.<p>Fraudsters have devised new ways to steal the second-factor authentication details from customers. They are creating fake websites and asking customers to click and fill in their credentials (customer ID, password, OTP, etc), which are then used to do unauthorised transactions and defraud the customers. Hence, consumers need to be more careful while transacting digitally.</p>.<p>Customers need to stay vigilant while clicking any link which is sent by any unknown person/number and should ideally refrain from submitting their secret codes/information on the sites which are opened through such links.</p>.<p>Some of the top techniques adopted by fraudsters:</p>.<p class="CrossHead"><strong>Online marketplace</strong></p>.<p>Fraudsters pose themselves as genuine buyers and instead of paying money to the seller of the goods, they use the “request money” option through a UPI app and insist that the seller approve the request by entering the UPI PIN. Once the seller enters the PIN, money is transferred to the fraudsters’ account.</p>.<p class="CrossHead"><strong>Fake helpline number</strong></p>.<p>Customers go online to a search engine to fetch a helpline number of their banks and utility service providers. Fraudsters optimise the search engines to display links with fake helpline numbers. Unknowingly, when a customer calls the fraudster, he pretends to be a representative of the customer’s bank/service provider and gains access to the customer’s mobile device/laptop/desktop on the pretext of resolving his problem. They lure the customer to authenticate payment from their phone or trick him to download legitimate screen-sharing apps through which they gain access to the customer’s device and steal his confidential banking credentials. </p>.<p class="CrossHead"><strong>Fake offers on social media sites</strong></p>.<p>Customers fall prey to lucrative offers on social networking sites for goods and services including paying guest (PG) accommodations, buying and selling cars, selling branded electronic items at low prices and other household products.</p>.<p><strong>How can customers protect themselves from such cyber frauds?</strong></p>.<p>Be alert to fraudulent calls asking you to download third-party apps for the resolution of complaints. Visit only the official website of the company for helpline numbers. Do not respond to or click unverified links sent by unknown persons/institutions through SMS/WhatsApp</p>.<p>Do not share your sensitive banking details such as UPI PIN, debit/credit card number, CVV, expiry date, OTP, ATM PIN, etc with anyone.</p>.<p>Report unauthorised transactions to your bank, immediately, and to the National Cyber Crime Helpline number by calling 1930.</p>.<p><em><span class="italic">(The writer is Head – Credit Intelligence and Control, HDFC Bank)</span></em></p>
<p>In recent times, Unified Payment Interface (UPI) has been the preferred mode of transaction for all types of payments – from buying a cup of tea to groceries ever since demonetisation and the Covid-19 pandemic.</p>.<p>The UPI clocked the milestone of Rs 10 lakh crore worth of transactions in May. There is a continuous push from the government and the Reserve Bank of India to create an indigenous payment eco-system, which will enhance customer experience with the highest level of security. RBI has recently announced the launch of cardless cash withdrawals at ATMs via UPI, which will bring in another era in digital and cardless banking.</p>.<p>UPI works on an architecture that ensures a robust security framework where money cannot be misused unless authenticated and authorised by the customer themself. However, the rise in digital payments has also provided an attractive playground for criminals leading to cyber frauds. While it is almost impossible for fraudsters to break into UPI’s security wall, cyber-criminals have been using various social engineering techniques to defraud customers. Here, human vulnerability is being exploited by the fraudsters, who are luring the customers on the pretext of attractive offers, prizes, amazing deals, etc.</p>.<p>Fraudsters have devised new ways to steal the second-factor authentication details from customers. They are creating fake websites and asking customers to click and fill in their credentials (customer ID, password, OTP, etc), which are then used to do unauthorised transactions and defraud the customers. Hence, consumers need to be more careful while transacting digitally.</p>.<p>Customers need to stay vigilant while clicking any link which is sent by any unknown person/number and should ideally refrain from submitting their secret codes/information on the sites which are opened through such links.</p>.<p>Some of the top techniques adopted by fraudsters:</p>.<p class="CrossHead"><strong>Online marketplace</strong></p>.<p>Fraudsters pose themselves as genuine buyers and instead of paying money to the seller of the goods, they use the “request money” option through a UPI app and insist that the seller approve the request by entering the UPI PIN. Once the seller enters the PIN, money is transferred to the fraudsters’ account.</p>.<p class="CrossHead"><strong>Fake helpline number</strong></p>.<p>Customers go online to a search engine to fetch a helpline number of their banks and utility service providers. Fraudsters optimise the search engines to display links with fake helpline numbers. Unknowingly, when a customer calls the fraudster, he pretends to be a representative of the customer’s bank/service provider and gains access to the customer’s mobile device/laptop/desktop on the pretext of resolving his problem. They lure the customer to authenticate payment from their phone or trick him to download legitimate screen-sharing apps through which they gain access to the customer’s device and steal his confidential banking credentials. </p>.<p class="CrossHead"><strong>Fake offers on social media sites</strong></p>.<p>Customers fall prey to lucrative offers on social networking sites for goods and services including paying guest (PG) accommodations, buying and selling cars, selling branded electronic items at low prices and other household products.</p>.<p><strong>How can customers protect themselves from such cyber frauds?</strong></p>.<p>Be alert to fraudulent calls asking you to download third-party apps for the resolution of complaints. Visit only the official website of the company for helpline numbers. Do not respond to or click unverified links sent by unknown persons/institutions through SMS/WhatsApp</p>.<p>Do not share your sensitive banking details such as UPI PIN, debit/credit card number, CVV, expiry date, OTP, ATM PIN, etc with anyone.</p>.<p>Report unauthorised transactions to your bank, immediately, and to the National Cyber Crime Helpline number by calling 1930.</p>.<p><em><span class="italic">(The writer is Head – Credit Intelligence and Control, HDFC Bank)</span></em></p>