Unified Payments Interface or UPI is a system that powers multiple bank accounts merging several banking features into a single mobile application providing seamless fund routing and merchant payments. The feature was introduced to make digital payments easier and while it has done that successfully, unfortunately, fraudsters have found a new way of looting customers. They are taking unauthorized access of innocent people's mobile devices to carry out fraudulent transactions via UPI using third party apps on smartphones. One of India's leading lenders - HDFC Bank - recently warned its customers on how these scams are pulled off and what you should do to stay safe.

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

The email attributed to HDFC Bank sent to account holders said that you may receive a phone call from a fraudster who will claim to be a representative from a tech company or bank offering to fix issues in your smartphone or mobile banking apps. The caller may even pose as a Complaint Manager calling you to fix your genuine registered complaint which you may have with respect to the Online or Mobile Banking.

How fraudsters get your number?

It's not too difficult. Anyone can access your phone number from social media or from the complaint desk. They might use this number to send you an SMS and advise you to forward it to a specific mobile number from your phone. They might lure you to download third party apps from Google Play store or Apple Store.

WATCH Zee Business TV LIVE Streaming Online -

Why is it dangerous?

If you opt to forward the SMS, the fraudster is able to link, register your mobile number or account with UPI on his own mobile device. "The fraudster subsequently seeks confidential account related credentials like Debit Card number, PIN, expiry date, OTP and sets the MPIN which is then used to authenticate transactions," the mail said.

Similarly, they will ask you share a a few digit code that is generated when you install the app. Once granted, fraudster will get control of your mobile device.

Are there other ways to loot money?

Yes. Fraudsters can vish Mobile Banking credentials and PIN to carry out financial transactions from your mobile app which was already installed. They may also send 'Collect request' to your VPA and ask you to approve it. Assuming that you will get refund in your account, you end up entering MPIN and losing all your money. The customers need to keep in mind that UPI PIN is not required to be entered to receive payment from anyone.

How to stay safe?

- Be alert to fraudulent calls (vishing) that ask you to download third party apps or share confidential information (disconnect such calls immediately).
- In case you have already downloaded any remote access app and it is no longer required, uninstall it.
- Please enable app-lock on your payment or mobile banking related apps.
- Report any suspicious activity at your nearest Bank Branch / authorized customer care number only

What you should not do?

- Do not share your banking passwords or store them in your mobile handset.
- Do not share your other sensitive financial details on call such as UPI PIN / MPIN, Debit / Credit Card, CVV, expiry date, OTP, ATM PIN, bank account details, etc.
- Don't allow a stranger to guide you to install a mobile app through App Store / Play store, or instruct you to change a setting of your mobile.
- Do not rely on customer service numbers of various merchants / entities / banks etc. retrieved via Google search, since they can be fake.
- Do not forward any unsolicited SMS received on a request of so called representative from a tech company/ bank.
- Do not carelessly share your private details such as mobile number, address, DOB, identity details, etc. on the social forums.