Transactions through the Unified Payments Interface (UPI) in India have increased 70 times in the last four years, says a recent report by the State Bank of India (SBI). However, as online transactions grow, the risk of frauds has also gone up manifold.
What Is UPI?
UPI is a payment method under which users can link more than one bank account with a single mobile app and make transactions without using the Indian Financial System Code (IFSC) or the account number.
The UPI ID can be set up using the bank details and the mobile number registered with the bank account. The application will send an OTP (one-time password) to the user’s mobile number, which can be used to complete the registration and set a PIN. Thereafter, transactions can be done using the mobile number or the UPI ID.
"Users don’t need to remember recipients’ account number, account type, IFSC, and bank name. They can transfer money by simply using the mobile number registered with the bank or the UPI ID," says Nilesh Sangoi, CTO and head of analytics division at Fincare Small Finance Bank.
Know The Risks And How To Avoid Them
UPI transactions use a secure encryption format to ensure maximum security. "You can set up UPI ID on any application that supports UPI services. Generally, a UPI ID starts with your mobile number followed by ‘@’ symbol and ends with the application you are utilizing. Most banks, including new-age banks such as small finance banks, support UPI services," says Nilesh Sangoi, CTO and head of analytics division at Fincare Small Finance Bank.
Despite the security measures, such transactions can be vulnerable to certain frauds. Some of the potential risks in UPI include getting exposed to unauthorised payment links or fraudulent UPI handles and screen monitoring by fraudsters.
“Fraudsters sometimes also pretend to be bank representatives to obtain users’ UPI PINs, stating they need it for verification purposes. Calling up unverified customer care numbers of banks and UPI platforms and installing unverified apps that could be screen mirroring apps can also result in leakage of sensitive information,” says Mohan Ramaswamy, founder and CEO, Rubix Data Sciences, a technology and analytics-based B2B risk management and monitoring platform.
Setting limits and blocking certain types of card transactions on your apps can minimize frauds.
Shruti Aggarwal, co-Founder, StashFin, suggests that users should verify the name/UPI ID of the person while making UPI payments. "Figure out the ID from where you have received the email/SMS/WhatsApp of the payment link. One of the most important aspects is, never to share OTP and PIN numbers with any individual. Also, it is important to not give your card in the hands of others to avoid cloning," says Aggarwal.
In case of any fraudulent activities, the customer should contact the bank or customer care immediately to raise a dispute and block the card linked with the UPI.
Under the New Consumer Protection Act, 2019, the government has asked all e-commerce firms to ensure that complaints related to UPI be acknowledged within 48 hours of receipt and redressed within a month. If users do not get a (satisfactory) response from their bank or payment service provider within a month, they can also approach the Reserve Bank of India’s banking ombudsman.
"According to RBI’s July 2017 notification, a customer can get the full amount back if the fraud occurs due to negligence/deficiency on the part of the bank, or if it is a third-party breach, provided the customer notifies the bank within three working days. In cases where the loss is due to negligence by a customer, the customer will bear the entire loss until he reports the unauthorised transaction to the bank," says Iti Pandey, principal associate, Sarthak Advocates and Solicitors, a Delhi-based law firm.