Mobile phone-based payment transactions have recorded a sudden surge in India since the beginning of the pandemic outbreak, so have online payment frauds. Fraudsters are now devising innovative ways to dupe customers, and have kept banks and financial institutions guessing with their novel methods.
Over the last few months of lockdown, several people have lost huge amounts of money in fraudulent transactions. Senior bankers say that most frauds are a result of customers compromising on security. They cite negligence and lack of awareness among customers as a major reason.
Which are the leading mobile phone-based payment platforms?
Over the last couple of years, online payments services have grown by leaps and bounds in the country, thanks to the government's 'Digital India' push. But recently, we have seen a steady increase in mobile phone-based transactions, which are done using payment services such as Google Pay and PhonePe; e-wallets such as Paytm and Amazon Pay; and banking apps such as SBI Yono, HDFC Payzapp, ICICI iMobile and Kotak Open811, among others. The Unified Payments Interface (UPI), a digital payment platform that facilitates cashless, real-time transactions via mobile phones, developed by National Payment Corporation of India (NPCI), has made it easy for customers to undertake inter-bank transactions using the mobile phone.
Indians are increasingly using their smart-phones to make payments and transfer funds. According to the latest Reserve Bank of India (RBI) data, June 2020 has broken all previous records. A total of 1.7 billion transactions worth nearly Rs 6 lakh crore were processed by various mobile-based banking and payment applications in June after most bank branches were either shut or operating with reduced strength. The previous record for most mobile banking transactions in a month was in July 2019, when 1.2 billion transactions worth a little over Rs 5 lakh crore were processed.
Are banks responsible for your money lost in online payment frauds?
As instructed by the RBI, banks will return the money lost in frauds only in such cases where unauthorized transactions occur in the following events:
1) Contributory fraud / negligence / deficiency on banks part once it is established.
2) Third party breach where the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system, and you notify the bank within three working days of receiving the communication from the bank regarding the unauthorised transaction.
If the delay in reporting is between three to seven days, the customer will get the transaction value or the amount specified by the RBI, whichever is lower. If the delay is beyond 7 working days, the customer liability will be determined as per the bank's board approved policy.
On being notified by the customer, the bank will credit (called shadow reversal) the amount involved in the unauthorised transaction to the customer's account within 10 working days from the date of such notification by the customer (without waiting for settlement of insurance claim, if any).
In cases where the loss is due to the negligence of the customer, he/she will have to bear the entire loss. Any loss occurring after the unauthorised transaction was reported to the bank will be borne by the bank.
Every digital transaction goes through various intermediary platforms such as the payer bank, the payee bank and the payment gateway. The encrypted data is transferred through intermediaries and never stored with either of them. Most frauds happen using a bank account fraudulently opened by the scamster. The bank may be pulled up by the regulator or ombudsman for not doing proper KYC on the customer. In such cases, the defrauded customer may get his money back after a long legal battle.
There are many cases where fraudsters use bank accounts of innocent victims who are duped into laundering stolen or illegal money via their bank accounts (called `Money Mule' or 'Smurfer' in banking parlance) with the promise of a commission for using their barely-used account and cheque books. In such cases, the regulator or ombudsman may query the bank why it didn't red-flag such huge money transactions that did not match the customer's profile. And the customer may get some respite if he/she takes up a legal fight.
Banks are in fact facing enormous pressure from the increasing number of fraudulent transactions. This is because the onus to prove that the customer has compromised the security and that he/she was not careful enough lies with the bank now. Since the number of fraud cases is on a steady rise, most banks ignore the cases involving smaller amounts and immediately pay up the customer with the help of insurance to avoid hassles of taking them up legally. In those cases involving big sums, the court cases may turn out to be a long-drawn process.
If you have become a victim of an online financial fraud, you are supposed to approach your bank immediately without any delay. If the bank is having a holiday, then you should approach their call centre, lodge a complaint through the website or through e-mail and report the fraud. You may need to file an FIR at the local police station because the bank may later ask you for an FIR copy.
What are the common fraudulent ways used to scam common people in mobile banking?
Most frauds can be clubbed into three types -- sharing of info such as PIN/Password, etc; unauthorized screen-sharing assisted by the customer, and phishing/ vishing scams.
The old-fashioned `phishing' and `vishing' have taken a new avatar in the mobile banking era. Phishing involves the use of emails to trick you into providing your personal details on unverified mobile apps. Vishing is very similar to phishing, but involves a fraudulent phone banker or a `voice' directing you to share your personal details on the app. These are age-old techniques employed by fraudsters to illegally procure personal info such as account numbers and net banking passwords, among others. These fake links may look identical to the original bank link. If you click on the link, it will direct you to the UPI payment app installed on your phone and will ask you to select any of the apps for auto-debit. And the moment you give permission, the amount will be debited immediately.
Customers should be alert while downloading payment apps and avoid downloading unverified apps. Some illegal apps are designed such a way that they can easily dig out your personal data. Also, ensure that you do not share any personal identity number (PIN) and one-time password (OTP). When you make a transaction through your chosen UPI app, you are either required to enter the OTP or UPI PIN. For authentication, your bank sends you an OTP through SMS on your mobile number registered with the bank. One should never share these passwords or PIN.
A recent fraud involved fraudster sending links to the customer promising huge amounts of money. But when the customer clicked on the link and authorized the transaction, the amount in fact got deducted from the account. Apparently, the platforms for pre-owned goods such as OLX and Quikr are notorious for these kinds of frauds.
Is the government / RBI doing anything to curb the increase in frauds?
What we need today is a massive awareness campaign to spread the hygienic ways of using mobile phone-based transactions. For instance, many users are not aware of the "Request for money" option where
the seller/recipient can initiate the transaction process and money can be debited at a simple authorization by the account holder. This is one route that is being misused maximum by miscreants, according to bankers.
At present, the government is in the process of putting in place National Cyber Security Strategy 2020 (NCSS 2020) which envisions the safe and secured cyberspace for the country. Inter-ministerial deliberations are already over and approval by the cabinet is awaited for NCSS 2020, according to Rajesh Pant, National Cyber Security Coordinator.
Financial frauds have seen exponential increase due to greater dependence on digital payment platforms, says Ajit Doval, national security adviser (NSA). According to him, there was an increase of 500% in cyber crimes due to the limited awareness and lack of cyber hygiene. He believes NCSS 2020 will help the customer.