Digital Payment Fraud: Most Common Cases And How You Can Stay Away

Harsha Vinod, a marketing professional, is a regular user of digital payment platforms and other online businesses. He got a message offering him a chance to win attractive prices if he recharged his phone with a specific plan. The message seemed to be coming from a genuine source and he decided to click on the link to complete payment to acquire the plan. He was duped into doing a fraudulent transaction and ended up losing a couple of thousand rupees. This is a digital payment fraud.

While the proliferation of digital payment mechanisms has made the life of users easy, fraudsters and conmen are using these methods to confuse the unaware consumer into doing spurious transactions.

5 Most Common Cases Of Digital Payment Fraud

Using personal information to make you trust them

A frequently used modus operandi has been customers receiving calls from fraudsters stating they are from the RBI or an ecommerce site, requesting for your 16-digit card number and the CVV. Users give out these numbers assuming the call is authentic, post this an OTP is received which is shared with the fraudster leading to the deduction of money from the account.

Request to receive money

As a user, if you have posted a product listing on a website, the fraudsters get in touch with you by telling you that they are interested and unavailable to pay in-person and would like to make a transfer using a digital payment app. The fraudster will then send you a collect-call request for the same amount as your listing. They also put a message right above the ‘Pay’ button with instructions like ‘once you pay, you will receive money.’ This is a fraudulent message and you do not need to click on the ‘Pay’ button or enter your UPI pin to receive money.

Third-party apps

Fraudsters sometimes approach users and pretend to solve a problem they are facing either on their digital payment app or with a transaction. They ask users to download screen-sharing apps to solve an issue immediately. Instead of asking users to share their card, bank details, UPI PIN or OTP, fraudsters ask users to hold their debit/credit card in front of their phone’s camera so that the payment app’s verification system can scan the card details correctly. While users think they are being helped, fraudsters use the opportunity to record the user’s card number, CVV code and send an OTP for transferring funds into their own account through an SMS.

SIM swap fraud

Fraudsters get a new SIM issued for your phone number, using your personal details. The fraudster then calls the users pretending to be a representative from their mobile operator, and asks you to forward an SMS to upgrade their network. This SMS contains a 20 digit number from the back of a new SIM. This SMS deactivates your current SIM and activates a duplicate SIM that the fraudsters have illegally obtained. The fraudsters thus gain access to your phone number and SMSes and use your bank details to initiate a money transfer.

Merchant frauds

A merchant/seller sets up a fake website with goods to order. The company’s address, contact number, policies for cancellation, etc. for making transactions are all fake. Since payment gateways that the merchant has partnered with are expected to perform deep background checks, the merchant sets up a personal bank account for transferring money through NEFT or uses a personal QR code instead of a merchant QR code. This way the merchant imitates a legit payment gateway and all he has to do is promote his business on social media platforms and wait for customers to make transactions.

How Can You Stay Safe From Frauds

Consumers:

• Do not share your bank account details (card number, expiry date, PIN) or OTPs and any other codes you receive with anyone
• If you receive mail communications or SMSs claiming to be from your bank or mobile operator, verify if they have been sent from the official SMS handle/e-mail address
• Subscribe to e-mail & SMS alerts to keep track of transactions made from your account
• Regularly check your bank transaction history to monitor for irregularities
• Do not trust all shopping websites. Check for customer feedback, reviews and the website’s social media page (if available) before buying from there. Only buy from trusted shopping websites and platforms.
• You never have to ‘Pay’ or enter your UPI pin to receive money on a payment app. A genuine sender only requires your phone number to send you money
• In case you have been sent a fraudulent collect-call request, decline it and contact the customer support on the app
• Beware of fake helpline numbers. Always get customer support contact from the official website or social media handles of the respective organisation
• Check the sender domain of the email. If it is [XYZ]@gmail.com or any other email provider domain, ignore the mail. Ensure that the email domain matches the bank’s actual domain. All bank emails come from a secure https domain only.
• In case your card or account details get compromised, report it to the payment app’s customer executive team, let your bank know, approach nearest cyber-cell and file a police complaint

Businesses (Merchants):

• Partner with verified payment platforms
• Encrypt transactions and emails containing confidential information
• Ensure that tokens and login credentials are regularly changed
• Establish a policy regarding access to confidential information
• Constantly run security checks with antivirus software
• Require customers to log in to an individual account prior to making a purchase

With the rapid rise in digital transactions, fraudsters are bound to find new ways to defraud users. Creating awareness and educating users and merchants on the different kinds of digital payment frauds that can happen are the best way to prevent it from happening.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.