The shift to digital payment methods was clocking a robust growth even before the pandemic, but the number of people making digital payments for the first time grew exponentially through the last fiscal.
The outbreak of the COVID-19 pandemic, and the series of prolonged lockdowns, fundamentally changed the way we live. Be it work, learn, shop, or bank, life as we knew it shifted to the safe confines of our homes overnight.
The once-in-a-generation disruption led to a marked shift in consumer behaviour — with brick-and-mortar stores shut, people had no choice but to go online to buy everyday essentials like groceries, providing a fillip to digital transactions. Brands quickly adapted to the disruption, and most chose to bypass retailers and reach out to their customers directly. With ‘buy-now, pay-later’ services mushrooming, customers, facing pay cuts and job losses, could choose to make payments even for small purchases in monthly instalments.
The shift to digital payment methods was clocking a robust growth even before the pandemic, but the number of people making digital payments for the first time grew exponentially through the last fiscal. In India, the number of digital transactions logged a growth of 28%, even as it fell by 13% in terms of value. UPI (Unified Payment Interface) transactions alone rose by a staggering 92% to reach 41 lakh crore in 2020-21.
While the drop in value can largely be attributed to reduced activity on high-value payment systems like RTGS and cheques, an obvious outcome of the curtailed industrial and economic activity during the lockdowns, there is an incisive takeaway from the changes in the payments landscape. Armed with smartphones and empowered by affordable mobile data, consumers in Tier-2 and Tier-3 cities propelled the rise of digital payments, accounting for 90% of the growth.
As online payments became a way of life, even in the Indian hinterland, cybercriminals worked overtime to make the most of the situation. Like most of us, modern-day con artists have also adapted to the brave new world. From pretending to help with vaccination slots to collecting donations for food distribution and creating fake UPI handles for PM-CARES accounts to making false promises of sending an oxygen cylinder to patients, nothing is out of bounds for them.
In this landscape, the anxiety and vulnerability triggered by the pandemic resulted in nearly 120 million Indians have faced the threat of cyber-scams between February 2020 and 2021, a report issued by Norton Cyber Safety Insights Report by cybersecurity firm Norton LifeLock said. So, it should not come as a surprise that the threat of cyber-fraud has emerged as the biggest consumer concern when it comes to digital transactions. Almost 71% of the people surveyed said they are worried about online scams, while 42% were concerned about their transactions failing or not completing on time.
With the digital payment ecosystem expanding, the need for preventive measures and awareness to ensure the safety of digital transactions is more pronounced than ever before. An RBI Notification issued in June even urges payment service providers — banks and non-banks — to increase mass awareness about the safety and security of digital transactions.
In the interest of maximizing awareness, here are a couple of examples of people falling victim to payment fraud:
UPI Fraud Use Case: Raju uploads an ad on an online classifieds website to sell his old laptop for INR 25,000. Goga calls up Raju and says he will buy the laptop. He even pays INR 1,000 as a booking amount. Twenty minutes later, Goga calls Raju again and says he has to deal with an emergency and his brother will pick up the laptop. He offers to make a UPI payment for the remaining INR 24,000. Raju agrees and gets a notification on his phone. However, instead of making the payment, Goga has sent a PULL request for the money. Raju clicks on the notification and enters his secret PIN. He ends up losing Rs 24,000.
Simple Awareness Tip: Receiving a UPI payment does not require YOU to enter the PIN. So if someone asks you to enter a PIN to accept the money, you are being duped.
Remote Access Fraud: Savitri gets a call from Ramesh, who introduces himself as an employee of ABC Bank, where she has an account. The called ID on her phone also shows ‘ABC Bank KYC Center’. Ramesh cautions Savitri that her account will be frozen as she has not completed the mandatory KYC procedure. She also receives a mail from ‘ABC Bank’ asking her to complete the process. When Savitri is unable to access the link, Ramesh offers to help and asks her to download a screen-sharing app like Team Viewer or AnyDesk and takes control of her phone. He asks her to complete a transaction with a transfer of INR 1 to check if the KYC is completed and working fine. She was asked to ensure her screen does not go blank. After 10 minutes on the call, the caller says the process is complete and disconnects. Minutes later, Savitri gets multiple OTPs and transaction messages on her phone and realizes that Ramesh has made many transactions from her account.
Simple Awareness Tip: Do not install any app that has remote screen sharing, especially while you are on a call with someone.
KYC Fraud: Know Your Customer (KYC) is a mandatory process where banks and financial institutions are mandated by law to verify consumers’ identities to adhere to anti-money laundering and terrorist financing laws. Since the pandemic began, banks have allowed the KYC process to be done digitally in line with the RBI amendment dated May 10, 2021, on Video-based Customer Identification Process (V-CIP)”: an alternate method of customer identification with facial recognition. This allows fraudsters to use KYC as an entry point to gain access to the customer’s mobile phone via video call and send SMS text messages with links that install malware without the customer’s knowledge. At times they even instil panic of account closure due to non-compliance to RBI norms of black money etc.
Simple Awareness Tip: Do not click on SMS links, understand the KYC process, disconnect the call and check the link by moving the mouse over the link instead of clicking it and confirm if it is from the bank. Also, understand if there is a sense of urgency (like threats of bank account closure right now) created by the person at the other end, then it is clearly a fraud call.
These are just some of the many ways customers can be defrauded. However, the underlying guidelines are simple:
● Never share personal information like Aadhaar number or account number over phone calls.
● Never share your OTP with anyone.
● Never install unverified software or apps on your phone, especially with a sense of urgency. Instead, verify the rating and creator of the app and always download from official app stores.
Apart from this, banks and payment providers can also help by using a holistic and layered risk-based authentication software that can detect deviations from the customer’s normal behaviour and alert the bank. Only through the concerted efforts of industry players, government bodies, and customers, we can ensure a secure online payments landscape for all.
Source: Business World