In the last four years, Unified Payments Interface (UPI) transactions in India have increased 70 times, states a recent report by State Bank of India (SBI). With the growth of online transactions, frauds have also become more common.
What Is UPI?
UPI is a payment method that allows users to link more than one bank account with a single mobile app and make transactions without the Indian Financial System Code (IFSC) or account number.
A UPI ID can be created using the bank details and the mobile number associated with the bank account. An OTP (one-time password) will be sent to the user’s mobile number, which can be used to complete registration and set a PIN. Afterwards, transactions can be made using the mobile number or UPI ID.
“Users don’t need to remember recipients’ account number, account type, IFSC, and bank name. They can transfer money by simply using the mobile number registered with the bank or the UPI ID,” says Nilesh Sangoi, CTO and head of analytics division at Fincare Small Finance Bank.
Know The Risks And How To Avoid Them
UPI transactions are encrypted to ensure maximum security. “You can set up UPI ID on any application that supports UPI services. Generally, a UPI ID starts with your mobile number followed by ‘@’ symbol and ends with the application you are utilizing. Most banks, including new-age banks such as small finance banks, support UPI services,” says Nilesh Sangoi, CTO and head of analytics division at Fincare Small Finance Bank.
Even with the security measures in place, such transactions can be vulnerable to fraud. Risks associated with UPI include getting exposed to unauthorised payment links or fraudulent UPI handles, as well as fraudsters monitoring your screen.
“Fraudsters sometimes also pretend to be bank representatives to obtain users’ UPI PINs, stating they need it for verification purposes. Calling up unverified customer care numbers of banks and UPI platforms and installing unverified apps that could be screen mirroring apps can also result in leakage of sensitive information,” says Mohan Ramaswamy, founder and CEO, Rubix Data Sciences, a technology and analytics-based B2B risk management and monitoring platform.
You can minimize fraud by setting limits and blocking certain types of card transactions on your apps.
StashFin co-founder Shruti Aggarwal advises users to verify the person’s name and UPI ID before making UPI payments. “Figure out the ID from where you have received the email/SMS/WhatsApp of the payment link. One of the most important aspects is, never to share OTP and PIN numbers with any individual. Also, it is important to not give your card in the hands of others to avoid cloning,” says Aggarwal.
In the event of fraudulent activity, the customer must contact the bank immediately to raise a dispute and block the card linked to the UPI.
All e-commerce firms have been asked under the New Consumer Protection Act, 2019, to ensure that complaints related to UPI are acknowledged within 48 hours of receipt and resolved within one month. Those who don’t receive a satisfactory response from their bank or payment service provider within a month can also contact the Reserve Bank of India’s banking ombudsman.
“According to RBI’s July 2017 notification, a customer can get the full amount back if the fraud occurs due to negligence/deficiency on the part of the bank, or if it is a third-party breach, provided the customer notifies the bank within three working days. In cases where the loss is due to negligence by a customer, the customer will bear the entire loss until he reports the unauthorised transaction to the bank,” says Iti Pandey, principal associate, Sarthak Advocates and Solicitors, a Delhi-based law firm.