UPI or Unified Payment Interface has gained rapid popularity. It is convenient, fast and allows payments between bank accounts without the need to know one's account number. In January, 1.3 billion transactions worth Rs 2.16 trillion were made using UPI in India.
At present, private players like Google Pay, Paytm and PhonePe along with NPCI's BHIM are the most commonly used UPI platforms. News reports suggest that major companies like Reliance Jio and WhatsApp are also in their preliminary stages of offering payment services through the UPI mode.
As the usage and acceptance of this mode of payment expands, the risks of associated frauds also increase.
1. Beware of transfer requests
There is an option to request funds from another person over UPI-based apps like BHIM or Google Pay. Fraudsters posing as buyers online or offline may ask you to accept it as a payment by entering your PIN number.
It is important to note that receiving funds does not require you to enter the PIN.
A fraudster could confuse you into accepting the request and enter the PIN in haste. Considering it as a case of negligence, banks do not refund your money on reporting these frauds.
You have the option to reject a payment request you receive from an unknown number or even block the number and report it as Spam.
Over Google Pay, you are warned every time a number that is not on your contact list texts or sends a request on the app. If the number has been reported for spam previously, a "spam warning" is also issued. Be mindful when you use UPI apps.
2. Avoid social media exposure and be mindful of fake call centre calls
There could be delays or failure in transactions made over the UPI app due to internet connectivity/server issues. It is quite common for customers to resort to social media platforms to contact the brand.
There have been instances where information of such technical failure was shared over Twitter or Facebook pages of the brand that has millions of followers, only to be noticed by a fraudster that later contacts the person posing as the app's customer service.
It is, therefore, not wise to share details like your phone number on social media. All payment apps, as well as banks, have 24/7 helpline numbers that you can directly call and none of them will ask for your card details, CVV or OTP.
3. Do not download unsafe apps
Never download any unverified apps. Fraudsters may also ask you to download verified screen-sharing free apps like Anydesk, Teamviewer and Screenshare that help engineers fix technical issues through remote access to your device.
RBI in the past has received reports of cases where these screen-sharing apps were used to control phones and steal money from one's bank account linked to the phone number.
Do not click on links received via text messages or emails or over WhatsApp via unknown sources. It could download a fake app that will enable the fraudster to create a new virtual payment address (VPA) ID for your account and reset the PIN.
4. Secure your phone in layers
Set a strong or pattern or biometric password to your phone. Secondly, set unique PINs to open various UPI or payment apps. You can also differentiate the PIN entered to initiate a transaction.
Make sure your apps and phone software are updated to fix bugs. You can also go ahead and install good anti-virus software (ideally a paid one) to protect against unwanted downloads.
What to do if you lose your phone?
Contact your bank's customer care and block your account linked to the UPI app. Ideally, you should still be able to receive any payments to the account as there is no need to enter a PIN for receipt.