Unified Payment Interface (UPI) frauds are the most prevalent online financial frauds reported between January 2020 and June 2023, according to a report by IIT-Kanpur-incubated start-up, Future Crime Research Foundation (FCRF). The report, titled ‘A deep Dive into Cybercrimes Trends Impacting India’, shows that during this period, almost half (47.25 per cent) of the cybercrimes reported were UPI-related.

UPI fraud involves attackers exploiting vulnerabilities in India’s widely used real-time payment system to conduct unauthorised transactions, the report said. It further stated that the substantial percentage signifies UPI fraud as the most prevalent form of online financial fraud during the analysed period.

UPI was developed by the National Payments Corporation of India (NPCI), launched in 2016. Seven years post-introduction, it has become an inevitable part of our everyday lives. From shopping malls to roadside vendors, all businesses offer UPI payment options for customers.

Popular option

Over the years, UPI’s popularity has grown tremendously. In FY21, transactions worth ₹41.03-lakh crore were carried out using UPI. This rose to ₹84.17-lakh crore in FY22 and further to ₹139.14-lakh crore in FY23, according to the data from the National Payments Corporation of India (NPCI).

According to NPCI’s monthly data, the value of UPI transactions was ₹12.99-lakh crore in January 2023, and in August 2023 it grew to ₹15.18-lakh crore.

However, along with increased usage, scams also rose. In FY21, 77,299 cases of UPI fraud were reported in India, according to the Finance Ministry data. The number climbed to 84,274 cases in FY22 and 95,402 in FY23.

Different scams

According to consulting firm Praxis Global Alliance’s ‘Anatomy of Fraud Report 2023’, phishing, vishing, malware and using deceptive UPI handles are the most prevalent kinds of UPI scams.

Under phishing, fraudsters send bogus e-mails to access sensitive information, such as passwords or PINs, from the victim. Malware is used to extract and copy data from an infected device. When fraudsters call, claiming to be bank employees and ask for the UPI PIN, it is vishing.

Fraudsters also create fake UPI handles on social media to trick people into revealing account details. Sometimes, they also go to the extent of cloning SIM cards to get the required details.

Nandakishore Harikumar, founder and CEO of cyber security start-up Technisanct, said the usability of UPI is so high and that explains the increased number of frauds. 

Enhancing safety

Nandakishore said securing from these kinds of fraud begins with human awareness. “Enabling multi-factor authentication, updating apps regularly, verifying the authenticity of the app before downloading, and checking app permissions are some of the things to keep in mind. Also, do not click on links that one receives on WhatsApp and the Internet. Most importantly, do not provide details like passwords and PINs to third parties,” said Nandakishore.