Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label UPI. Show all posts
UPI
AI AI Fraud AI Techniques Artifical Intelligence Cyberfrauds Cybersecurity CyberThreat Digital Threat Technology UPI

AI Fraud Emerges as a Growing Threat to Consumer Technology


 

With the advent of generative AI, a paradigm shift has been ushered in the field of cybersecurity, transforming the tactics, techniques, and procedures that malicious actors have been using for a very long time. As threat actors no longer need to spend large amounts of money and time on extensive resources, they are now utilising generative AI to launch sophisticated attacks at an unprecedented pace and efficiency. 

With these tools, cybercriminals can scale their operations to a large level, while simultaneously lowering the technical and financial barriers of entry as they craft highly convincing phishing emails and automate malware development. The rapid growth of the cyber world is posing a serious challenge to cybersecurity professionals. 

The old defence mechanisms and threat models may no longer be sufficient in an environment where attackers are continuously adapting to their environment with AI-driven precision. Therefore, security teams need to keep up with current trends in AI-enabled threats as well as understand historical attack patterns and extract actionable insights from them in order to stay ahead of the curve in order to stay competitive.

By learning from previous incidents and anticipating the next use of generative artificial intelligence, organisations can improve their readiness to detect, defend against, and respond to intelligent cyber threats of a new breed. There has never been a more urgent time to implement proactive, AI-aware cybersecurity strategies than now. With the rapid growth of India's digital economy in recent years, supported by platforms like UPI for seamless payment and Digital India for accessible e-governance, cyber threats have become increasingly complex, which has fueled cybercrime. 

Aside from providing significant conveniences and economic opportunities, these technological advances have also exposed users to the threat of a new generation of cyber-related risks caused by artificial intelligence (AI). Previously, AI was used as a tool to drive innovation and efficiency. Today, cybercriminals use AI to carry out incredibly customized, scalable, and deceptive attacks based on artificial intelligence. 

A threat enabled by artificial intelligence, on the other hand, is capable of mimicking human behaviour, producing realistic messages, and adapting to targets in real time as opposed to traditional scams. A malicious actor is able to create phishing emails that mimic official correspondence very closely, use deepfakes to fool the public, and alarmingly automate large-scale scams by taking advantage of these capabilities. 

In India, where millions of users, many of whom are first-time internet users, may not have the awareness or tools required to detect such sophisticated attacks, the impact is particularly severe. As a global cybercrime loss is expected to reach trillions of dollars in the next decade, India’s digitally active population is becoming increasingly attractive as a target. 

Due to the rapid adoption of technology and the lack of digital literacy present in the country, AI-powered fraud is becoming increasingly common. This means that it is becoming increasingly imperative that government agencies, private businesses, and individuals coordinate efforts to identify the evolving threat landscape and develop robust cybersecurity strategies that take into account AI. 

Affectionately known as AI, Artificial Intelligence can be defined as the branch of computer science concerned with developing products capable of performing tasks that are typically generated by human intelligence, such as reasoning, learning, problem-solving, perception, and language understanding, all of which are traditionally performed by humans. In its simplest form, AI involves the development of algorithms and computational models that are capable of processing huge amounts of data, identifying meaningful patterns, adapting to new inputs, and making decisions with minimal human intervention, all of which are crucial to the overall success of AI. 

As an example, AI helps machines emulate cognitive functions such as recognising speech, interpreting images, comprehending natural language, and predicting outcomes, enabling them to automate, improve efficiency, and solve complex problems in the real world. The applications of artificial intelligence are extending into a wide variety of industries, from healthcare to finance to manufacturing to autonomous vehicles to cybersecurity. As part of the broader field of Artificial Intelligence, Machine Learning (ML) serves as a crucial subset that enables systems to learn and improve from experience without having to be explicitly programmed for every scenario possible. 

Data is analysed, patterns are identified, and these algorithms are refined over time in response to feedback, thus becoming more accurate as time passes. A more advanced subset of machine learning is Deep Learning (DL), which uses layered neural networks that are modelled after the human brain to process high-level data. Deep learning excels at processing unstructured data like images, audio, and natural language and is able to handle it efficiently. As a result, technologies like facial recognition systems, autonomous driving, and conversational AI models are powered by deep learning. 

ChatGPT is one of the best examples of deep learning in action since it uses large-scale language models to understand and respond to user queries as though they were made by humans. With the continuing evolution of these technologies, their impact across sectors is increasing rapidly and offering immense benefits. However, these technologies also present new vulnerabilities that cybercriminals are increasingly hoping to exploit in order to make a profit. 

A significant change has occurred in the fraud landscape as a result of the rise of generative AI technologies, especially large language models (LLMs), providing both powerful tools for defending against fraud as well as new opportunities for exploitation. While these technologies enhance the ability of security teams to detect and mitigate threats, they also allow cybercriminals to devise sophisticated fraud schemes that bypass conventional safeguards in order to conceal their true identity. 

As fraudsters increasingly use generative artificial intelligence to craft attacks that are more persuasive as well as harder to detect, they are making attacks that are increasingly convincing. There has been a significant increase in phishing attacks utilising artificial intelligence. In these attacks, language models are used to generate emails and messages that mimic the tone, structure, and branding of legitimate communications, eliminating any obvious telltale signs of poor grammar or suspicious formatting that used to be a sign of scams. 

A similar development is the deployment of deepfake technology, including voice cloning and video manipulation, to impersonate trusted individuals, enabling social engineering attacks that are both persuasive and difficult to dismiss. In addition, attackers have now been able to automate at scale, utilising generative artificial intelligence, in real time, to target multiple victims simultaneously, customise messages, and tweak their tactics. 

It is with this scalability that fraudulent campaigns become more effective and more widespread. Furthermore, AI also enables bad actors to use sophisticated evasion techniques, enabling them to create synthetic identities, manipulate behavioural biometrics, and adapt rapidly to new defences, thus making it difficult for them to be detected. The same artificial intelligence technologies that fraudsters utilise are also used by cybersecurity professionals to enhance the defences against potential threats.

As a result, security teams are utilising generative models to identify anomalies in real time, by establishing dynamic baselines of normal behaviour, to flag deviations—potential signs of fraud—more effectively. Furthermore, synthetic data generation allows the creation of realistic, anonymous datasets that can be used to train more accurate and robust fraud detection systems, particularly for identifying unusual or emerging fraud patterns in real time. 

A key application of artificial intelligence to the investigative process is the fact that it makes it possible for analysts to rapidly sift through massive data sets and find critical connections, patterns, and outliers that otherwise may go undetected. Also, the development of adaptive defence systems- AI-driven platforms that learn and evolve in response to new threat intelligence- ensures that fraud prevention strategies remain resilient and responsive even when threat tactics are constantly changing. In recent years, generative artificial intelligence has been integrated into both the offensive and defensive aspects of fraud, ushering in a revolutionary shift in digital risk management. 

It is becoming increasingly clear that as technology advances, fraud prevention efforts will increasingly be based upon organisations utilising and understanding artificial intelligence, not only in order to anticipate emerging threats, but also in order to stay several steps ahead of those looking to exploit them. Even though artificial intelligence is becoming more and more incorporated into our daily lives and business operations, it is imperative that people do not ignore the potential risks resulting from its misuse or vulnerability. 

As AI technologies continue to evolve, both individuals and organisations should adopt a comprehensive and proactive cybersecurity strategy tailored specifically to the unique challenges they may face. Auditing AI systems regularly is a fundamental step towards navigating this evolving landscape securely. Organisations must evaluate the trustworthiness, security posture and privacy implications of these technologies, whether they are using third-party platforms or internally developed models. 

In order to find weaknesses and minimize potential threats, organizations should conduct periodic system reviews, penetration tests, and vulnerability assessments in cooperation with cybersecurity and artificial intelligence specialists, in order to identify weaknesses and minimize potential threats. In addition, sensitive and personal information must be handled responsibly. A growing number of individuals are unintentionally sharing confidential information with artificial intelligence platforms without understanding the ramifications of this.

In the past, several corporations have submitted proprietary information to tools such as ChatGPT that are powered by artificial intelligence, or healthcare professionals have disclosed patient information. Both cases raise serious concerns regarding data privacy and compliance with regulations. The AI interactions will be recorded so that system improvements can be made, so it is important for users to avoid sharing any personal, confidential, or regulated information on such platforms. 

Secured data is another important aspect of AI modelling. The integrity of the training data is a vital component of the functionality of AI, and any manipulation, referred to as "data poisoning", can negatively impact outputs and lead to detrimental consequences for users. There are several ways to mitigate the risk of data loss and corruption, including implementing strong policies for data governance, deploying robust encryption methods, enforcing access controls, and using comprehensive backup solutions. 

Further strengthening the system's resilience involves the use of firewalls, intrusion detection systems, and secure password protocols. Additionally, it is important to adhere to the best practices in software maintenance in order to maintain the software correctly. With the latest security patches installed on AI frameworks, applications, and supporting infrastructure, you can significantly reduce the probability of exploitation. It is also important to deploy advanced antivirus and endpoint protection tools to help protect against AI-driven malware as well as other sophisticated threats.

In an attempt to improve AI models, adversarial training is one of the more advanced methods of training them, as it involves training them with simulated attacks as well as data inputs that are unpredictable. It is our belief that this approach will increase the robustness of the model in order for it to better deal with adversarial manipulations in real-world environments, thereby making it more resilient. As well as technological safeguards, employee awareness and preparedness are crucial. 

Employees need to be taught to recognise artificial intelligence-generated phishing attacks, avoid unsafe software downloads, and respond effectively to changing threats as they arise. As part of the AI risk management process, AI experts can be consulted to ensure that training programs are up-to-date and aligned with the latest threat intelligence. 

A second important practice is AI-specific vulnerability management, which involves identifying, assessing, and remediating security vulnerabilities within the AI systems continuously. By reducing the attack surface of an organisation, organisations can reduce the likelihood of breaches that will exploit the complex architecture of artificial intelligence. Last but not least, even with robust defences, incidents can still occur; therefore, there must be a clear set of plans for dealing with AI incidents. 

A good AI incident response plan should include containment protocols, investigation procedures, communication strategies, and recovery efforts, so that damage is minimised and operations are maintained as soon as possible following a cyber incident caused by artificial intelligence. It is critical that businesses adopt these multilayered security practices in order to maintain the trust of their users, ensure compliance, and safeguard against the sophisticated threats emerging in the AI-driven cyber landscape, especially at a time when AI is both a transformative force and a potential risk vector. 

As artificial intelligence is continuing to reshape the technological landscape, all stakeholders must address the risks associated with it. In order to develop comprehensive governance frameworks that balance innovation with security, it is important to work together in concert with business leaders, policymakers, and cybersecurity experts. In addition, cultivating a culture of continuous learning and vigilance among users will greatly reduce the vulnerabilities that can be exploited by increasingly sophisticated artificial intelligence-driven attacks in the future.

It will be imperative to invest in adaptive technologies that will evolve as threats arise, while maintaining ethical standards and ensuring transparency, to build resilient cyber defences. The goal of securing the benefits of AI ultimately depends upon embracing a forward-looking, integrated approach that embraces both technological advancement and rigorous risk management in order to protect digital ecosystems today and in the future, to be effective.
Read more »
UPI
AI Artificial Intelligence Cyber Security CyberCrime Cyberfraud CyberThreat Global Attacks Tech Support UPI

India’s Cyber Scams Create International Turmoil

 


It has been reported that the number of high-value cyber fraud cases in India has increased dramatically in the financial year 2024, which has increased more than fourfold and has resulted in losses totalling more than $20 million, according to government reports. An increase of almost fourfold demonstrates the escalating threat cybercrime is posing in one of the fastest-growing economies of the world today. 

The rapid digitisation of Indian society has resulted in hundreds of millions of financial transactions taking place every day through mobile apps, UPI platforms, and online banking systems, making India an ideal target for sophisticated fraud networks. There are alarming signs that these scams are rapidly expanding in size and complexity, outpacing traditional enforcement and security measures at an alarming rate, according to experts. 

Even though the country has increasingly embraced digital finance, cyber infrastructure vulnerabilities pose a growing threat, not only to domestic users but also to the global cybersecurity community. In the year 2024, cybercrime is expected to undergo a major change, marked by an unprecedented surge in online scams fueled by the rapid integration of artificial intelligence (AI) into criminal operations, causing a dramatic rise in the number of cybercrime incidents in the next decade. 

It is becoming increasingly evident that the level of technology-enabled fraud has reached alarming levels, eroded public confidence in digital systems, and caused substantial financial damage to individuals across the country, indicating that the Indian Cyber Crime Coordination Centre (I4C) paints a grim picture for India — just in the first six months of this year, Indians lost more than $11,000 crore to cyber fraud. 

There are a staggering number of cybercrime complaints filed on the National Cyber Crime Reporting Portal every day, suggesting that the scale of the problem is even larger than what appears at first glance. According to these figures, daily losses of approximately $60 crore are being sustained, signalling a greater focus on cybersecurity enforcement and awareness among the general public. These scams have become more sophisticated and harder to detect as a result of the integration of artificial intelligence, making it much more urgent to implement systemic measures to safeguard digital financial ecosystems. 

The digital economy of India, now considered the world's largest in terms of value, is experiencing a troubling increase in cybercrime, as high-value fraud cases increased dramatically during fiscal year 2024. Data from the official government indicates that cyber fraud has resulted in financial losses exceeding $177 crore (approximately $20.3 million), which is a more than twofold increase from the previous fiscal year. 

An equally alarming trend is the sharp increase in the number of significant fraud cases, which are those involving a lakh or more, which has increased from 6,699 in FY 2023 to 29,082 in FY 2024. With this steep increase in digital financial transactions occurring in the millions of cases each day, this demonstrates that India is experiencing increasing vulnerabilities in the digital space. The rapid transformation of India has been driven by affordable internet access, which costs just $11 per hour (about $0.13 per hour) for data packages. 

A $1 trillion mobile payments market has been developed as a result of this affordability, which has been dominated by platforms like Paytm, Google Pay, and the Walmart-backed PhonePe. It is important to note, however, that the growth of this market has outpaced the level of cyber literacy in this country, leaving millions vulnerable to increasingly sophisticated fraud schemes. The cybercriminals now employ an array of advanced techniques that include artificial intelligence tools and deepfake technologies, as well as impersonating authorities, manipulating voice calls, and crafting deceptive messages designed to exploit unsuspecting individuals. 

Increasing digital access and cybersecurity awareness continue to pose a serious threat to individuals and financial institutions alike, raising concerns about consumer safety and long-term digital trust. This is a striking example of how India is becoming more and more involved in cybercrime worldwide. In February 2024, a federal court in Montana, United States, sentenced a 24-year-old Haryanaan to four years in prison, in a case that has become increasingly controversial. In his role as the head of a sophisticated fraud operation, he swindled over $1.2 million from elderly Americans, including a staggering $150,000 from one individual. 

Through deceptive pop-ups that claimed to offer tech support, the scam took advantage of victims' trust by tricking them into granting remote access to their computers. Once the fraudsters gained control of the victim's computer, they manipulated the victim into handing over large amounts of money, which were then collected by coordinated in-person pickups throughout the U.S. This case is indicative of a deeper trend in India's changing digital landscape, which can be observed across many sectors. 

It is widely believed that India’s technology sector was once regarded as a world-class provider of IT support services. However, the industry is facing a profound shift due to a combination of automation, job saturation, and economic pressures, exacerbated by the COVID-19 pandemic. Due to these challenges, a shadow cybercrime economy has emerged that is a mirror image of the formal outsourcing industry in terms of structure, technical sophistication, and international reach, just like the formal outsourcing industry. 

It has become evident over the years that these illicit networks have turned India into one of the key nodes in the global cyber fraud chain by using call centers, messaging platforms, and AI-powered scams – raising serious questions about how technology-enabled crime is being regulated, accountable, and what socio-economic factors are contributing to its growth. A rise in the sophistication of online scams in 2024 has been attributed to the misuse of artificial intelligence (AI), resulting in a dramatic expansion of both their scale and psychological impact as a result of this advancement. 

Fraudsters are now utilising AI-driven tools to create highly convincing content that is designed to deceive and exploit unsuspecting victims by using a variety of methods, from manipulating voices and cloning audio clips to realistic images and deepfake videos. It has been troubling to see the rise of artificial intelligence-assisted voice cloning, a method of fabricating emergency scenarios and extorting money by using the voices of family members, close acquaintances, and others as their voices.

A remarkable amount of accuracy has been achieved with these synthetic voices, allowing emotional manipulation to be effected more easily and more effectively than ever before. It was found in one high-profile case that scammers impersonated Sunil Mittal's voice so that they could mislead company executives into transferring money. It is also becoming increasingly common for deepfake technology to be used to create videos of celebrities and business leaders that have been made up using artificial intelligence. 

These AI tools have made it possible to spread fraudulent content online and are often free of charge. It was reported that prominent personalities like Anant Ambani, Virat Kohli, and MS Dhoni were targeted with deepfake videos being circulated to promote a fake betting application, misinforming thousands of people and damaging public trust through their actions. 

Increasing accessibility and misuse of artificial intelligence tools demonstrate that cybercrime tactics have shifted dangerously, as traditional scams are evolving into emotionally manipulative, convincing operations that use a visual appeal to manipulate the user. As a result of the rise of artificial intelligence-generated deception, law enforcement agencies and tech platforms are challenged to adapt quickly to counter these emerging threats as a result of the wave of deception generated by AI.

During the last few years, the face of online fraud has undergone a radical evolution. Cybercriminals are no longer relying solely on poorly written messages or easily identifiable hoaxes, as they have developed techniques that are near perfection now. A majority of malicious links being circulated today are polished and technically sound, often embedded within well-designed websites with a realistic login interface that is very much like a legitimate platform's, along with HTTPS encryption.

In the past, these threats were relatively easy to identify, but they have become increasingly insidious and difficult to detect even for the digitally literate user. There is an astonishing amount of exposure to these threats. Virtually every person with a cell phone or internet access receives scam messages almost daily. It's important to note that some users can avoid these sophisticated schemes, but others fall victim to these sophisticated schemes, particularly those who are elderly, who are unfamiliar with digital technology, or who are caught unaware. 

There are many devastating effects of such frauds, including the significant financial toll, as well as the emotional distress, which can be long-lasting. Based on projections, there will be a dramatic 75% increase in the amount of revenue lost to cybercrime in India by 2025, a dramatic 75% increase from 2023. This alarming trend points to the need for systemic reform and a collaborative intervention strategy. The most effective way of addressing this challenge is to change a fundamental mindset: cyber fraud is not a single issue affecting others; rather, it is a collective threat affecting all stakeholders in the digital ecosystem.

To respond effectively, telecom operators, financial institutions, government agencies, social media platforms, and over-the-top (OTT) service providers must all cooperate actively to coordinate the response. There is no escaping the fact that cybercrimes are becoming more sophisticated and more prevalent. Experts believe that four key actions can be taken to dismantle the infrastructure that supports digital fraud. 

First, there should be a centralised fraud intelligence bureau where all players in the ecosystem can report and exchange real-time information about cybercriminals so that swift and collective responses are possible. Furthermore, each digital platform should develop and deploy tailored technologies to counter fraud, sharing these solutions across industries to protect users against fraud. Thirdly, an ongoing public awareness campaign should focus on educating users about digital hygiene, as well as common fraud tactics. 

Lastly, there is a need to broaden the regulatory framework to include all digital service providers as well. There are strict regulations in place for telecommunication companies, but OTT platforms remain almost completely unregulated, creating loopholes for fraudsters. As a result, Indian citizens will be able to begin to reclaim the integrity of their digital landscape as well as protect themselves from cybercrime that is escalating, through a strong combination of regulation, innovation, and education, as well as by working together with cross-sectoral collaboration. 

In today's digitally accelerated and cyber-vulnerable India, it is imperative to develop a strategy for combating online fraud that is forward-looking and cohesive. It is no longer appropriate to simply respond to cyber incidents that have already occurred. Instead, a proactive approach must be taken to combat cybersecurity threats, where technology, policy, and public engagement all work in tandem to build cyber resilience. As a result of this, security must be built into digital platforms, continuous threat intelligence is invested in, and targeted education campaigns are implemented to cultivate a national culture of cyber awareness. 

To prevent fraud and safeguard user data, governments must accelerate the implementation of robust regulatory frameworks that hold all providers of digital services accountable. This includes all digital service providers, regardless of size or sector. While the companies must prioritise cybersecurity not simply as a compliance checkbox, but as a business-critical pillar supported by dedicated infrastructure and real-time monitoring systems, they should not overlook it as just another compliance checkbox. 

To anticipate the changes in the cybercrime playbook, there must be a collective will across industries, institutions, and individuals to be able to adapt. To achieve the very promise of India's digital economy, users must transform cybersecurity from a reactive measure into a national imperative. This is a way to ensure that trust is maintained, innovations are protected, and the future of a truly digital Bharat is secured.
Read more »
UPI
Call Merging CyberCrime Cyberhackers Cybersecurity CyberThreat Mobile Security NPCI OTP personal verification Scammers UPI

Call Merging Scams and Financial Security Risks with Prevention Strategies

 


It is not uncommon for fraudsters to develop innovative tactics to deceive their targets, with one of the latest scams being the called merging scam in which the scammers attempt to gain unauthorized access to the victim's accounts to defraud them. In many cases, the victims suffer substantial financial losses due to this scheme. 

There has been a warning issued by the Indian authorities in regards to a new scam that involves individuals being manipulated into merging their calls by scammers, who then subsequently reveal One-Time Passwords (OTPs) unknowingly. Using this deceptive tactic, fraudsters can gain access to victims' financial accounts, which will enable them to carry out fraudulent activities. 

NPCI's Unified Payments Interface (UPI), an initiative that was developed by the National Payments Corporation of India (NPCI), has expressed concern about this emerging threat. As a precautionary measure, UPI cautioned users on its X account of the risks involved in call merging scams and stressed that call merging scams pose a serious threat to users. 

As part of the advisory, individuals were advised to remain vigilant, stating, Fraudsters are using call merging tactics to deceive users into giving out OTPs. As part of its role to oversee the Unified Payments Interface (UPI), NPCI has expressed significant concerns about the growing cyber fraud epidemic. 

The goal of social engineering scammers is to deceive unsuspecting victims into disclosing their sensitive banking credentials to take control of the situation. In most cases, the scam begins with the fraudster contacting the target, falsely claiming to have obtained their phone number through a mutual acquaintance. 

The fraudster will then try to convince the target to combine the call with a similar call from a different number. It is true that in this second call, the victim is being connected to an official OTP verification call from their bank. Therefore, the victim does not know they are being deceived, and unwittingly allows someone to access their banking details. 

It uses social engineering techniques to manipulate individuals to unknowingly divulge their One-Time Password (OTP), an important security feature used for financial transactions, through their manipulation techniques. 

It is quite common for victims to receive a phone call from a trusted source offering lucrative opportunities or a message from one of their trusted contacts recommending what seems a beneficial scheme to them. 

A significant security risk can be posed by engaging with such communications without due diligence as a result of the growing prevalence of such fraud activities. As a result, financial institutions and regulatory agencies are cautioning individuals to remain vigilant when receiving unexpected phone calls and to refrain from sharing OTPs or merging calls without verifying the identity of the callers before doing so. 

It has become increasingly common for these frauds to occur, and so the Unified Payments Interface (UPI) has issued an urgent advisory that warns users about the dangers of call merging scams. To avoid being victimized by such deceptive tactics, individuals need to be vigilant and take strict security measures to protect their financial information. 

There is a deceptive technique known as the Call Merging Scam, which is used by fraudsters to trick people into divulging sensitive information such as One-Time Passwords (OTPs), unknowingly. In this manner, scammers can gain unauthorized access to victims' bank accounts and other secured platforms by exploiting this technique to commit financial fraud on the victims. 

Modus Operandi of the Scam


It is quite common for fraudsters to make deceptive telephone calls, falsely stating that they have obtained the recipient's phone number from an acquaintance or source that is reliable. 

There are many scams out there that involve victims being persuaded to merge calls with another individual. This is often accomplished by presenting another individual as a friend or a bank representative, depending on the scam. 

There is an automatic OTP verification call that they will be connected to without their knowledge. The automated call will direct them to a bank site that activates a mobile OTP verification system for verification. 

As a scammer, the victim is deceitfully manipulated into believing that sharing the OTP for their financial accounts to be accessed is necessary because sharing it is required for authentication. 

Preventive Measures to Safeguard Against Fraud 


To avoid the merging of calls between unknown callers, decline the request right away. Be careful about authenticating the identity of a caller: Whenever users receive an email from someone who claims to represent a financial institution, they should contact the bank directly through their official customer support phone number. Recognize Fraudulent Requests: Banks never ask customers for an OTP over the phone. 

A request of this nature should be viewed as an indication of a potential fraud and reported promptly. Ift an unsolicited OTP or suspected fraudulent activity occurs, individuals should notify their bank immediately and call 1930 (the national cybercrime helpline), so the incident can be investigated further. 

Considering the increasing number of scams like these, it has become imperative that one remains vigilant and adopts strict security practices as a precautionary measure to avoid financial loss. Many viral videos and discussions on social media emphasize a single aspect of fraudulent transactions — receiving an OTP via a merged call as opposed to a text message. 

Despite this, they often overlook the important point: an OTP is not sufficient for authorization of a transaction by itself. A fraudster needs to obtain essential banking details such as a card number, a card verification value, or a UPI Personal Identification Number (PIN) before he or she can use an OTP as a final step in committing an unauthorized transaction. 

To mitigate such risks, the Reserve Bank of India (RBI) has implemented strict security protocols to minimize them. To complete electronic transactions, financial institutions and payment service providers must implement multi-factor authentication (MFA) as of 2021 so that user authentication can be verified by more than one factor. This level of protection is achieved by implementing multiple authentication measures in combination with a combination of vital characteristics, including OTP verification, mobile device authentication, biometric identification, and hardware security tokens, which together provide a high level of security against unauthorized access. 

Digital transactions are typically protected by multiple layers of security, each requiring a combination of authentication factors to ensure their integrity. There are three types of authentication: manual, which includes everything the user possesses, such as their credentials, card numbers, and UPI IDs; known, such as their password, CVV, or PIN; and dynamic, such as their OTP, biometric authentication, or device authentication. 

To achieve the highest level of security, all three levels are necessary for most online banking and card transactions. However, a UPI transaction with a value up to a lakh does not require an OTP and can be authorized with only a UPI ID and PIN, without the need for an OTP. As a result of this multi-layered approach, financial fraud risks are greatly reduced and the security of digital payments is greatly strengthened.
Read more »
UPI
Advanced Technology Biometric Cash Contactless Payment CyberCrime CyberThreat Cyersecurity Digital Payment Online Payments Privacy UPI

The Future of Payment Authentication: How Biometrics Are Revolutionizing Transactions

 



As business operates at an unprecedented pace, consumers are demanding quick, simple, and secure payment options. The future of payment authentication is here — and it’s centered around biometrics. Biometric payment companies are set to join established players in the credit card industry, revolutionizing the payment process. Biometric technology not only offers advanced security but also enables seamless, rapid transactions.

In today’s world, technologies like voice recognition and fingerprint sensors are often viewed as intrusions in the payment ecosystem. However, in the broader context of fintech’s evolution, fingerprint payments represent a significant advancement in payment processing.

Just 70 years ago, plastic credit and debit cards didn’t exist. The introduction of these cards drastically transformed retail shopping behaviors. The earliest credit card lacked a magnetic strip or EMV chip and captured information using carbon copy paper through embossed numbers.

In 1950, Frank McNamara, after repeatedly forgetting his wallet, introduced the first "modern" credit card—the Diners Club Card. McNamara paid off his balance monthly, and at that time, he was one of only three people with a credit card. Security wasn’t a major concern, as credit card fraud wasn’t prevalent. Today, according to the Consumer Financial Protection Bureau’s 2023 credit card report, over 190 million adults in the U.S. own a credit card.

Biometric payment systems identify users and authorize fund deductions based on physical characteristics. Fingerprint payments are a common form of biometric authentication. This typically involves two-factor authentication, where a finger scan replaces the card swipe, and the user enters their personal identification number (PIN) as usual.

Biometric technology verifies identity using biological traits such as facial recognition, fingerprints, or iris scans. These methods enhance two-step authentication, offering heightened security. Airports, hospitals, and law enforcement agencies have widely adopted this technology for identity verification.

Beyond security, biometrics are now integral to unlocking smartphones, laptops, and secure apps. During the authentication process, devices create a secure template of biometric data, such as a fingerprint, for future verification. This data is stored safely on the device, ensuring accurate and private access control.

By 2026, global digital payment transactions are expected to reach $10 trillion, significantly driven by contactless payments, according to Juniper Research. Mobile wallets like Google Pay and Apple Pay are gaining popularity worldwide, with 48% of businesses now accepting mobile wallet payments.

India exemplifies this shift with its Unified Payments Interface (UPI), processing over 8 billion transactions monthly as of 2023. This demonstrates the country’s full embrace of digital payment technologies.

The Role of Governments and Businesses in Cashless Economies

Globally, governments and businesses are collaborating to offer cashless payment options, promoting convenience and interoperability. Initially, biometric applications were limited to high-security areas and law enforcement. Technologies like DNA analysis and fingerprint scanning reduced uncertainties in criminal investigations and helped verify authorized individuals in sensitive environments.

These early applications proved biometrics' precision and security. However, the idea of using biometrics for consumer payments was once limited to futuristic visions due to high costs and slow data processing capabilities.

Technological advancements and improved hardware have transformed the biometrics landscape. Today, biometrics are integrated into everyday devices like smartphones, making the technology more consumer-centric and accessible.

Privacy and Security Concerns

Despite its benefits, the rise of biometric payment systems has sparked privacy and security debates. Fingerprint scanning, traditionally linked to law enforcement, raises concerns about potential misuse of biometric data. Many fear that government agencies might gain unauthorized access to sensitive information.

Biometric payment providers, however, clarify that they do not store actual fingerprints. Instead, they capture precise measurements of a fingerprint's unique features and convert this into encrypted data for identity verification. This ensures that the original fingerprint isn't directly used in the verification process.

Yet, the security of biometric systems ultimately depends on robust databases and secure transaction mechanisms. Like any system handling sensitive data, protecting this information is paramount.

Biometric payment systems are redefining the future of financial transactions by offering unmatched security and convenience. As technology advances and adoption grows, addressing privacy concerns and ensuring data security will be critical for the widespread success of biometric authentication in the payment industry.
Read more »
UPI
Banking Digital Arrest Jumped Deposit Scam SBI Scam Technology UPI

Banking Fraud: Jumped Deposit Scam Targets UPI Users


Users of the unified payments interface (UPI) are the victims of a recent cyber fraud known as the "jumped deposit scam." First, scammers persuade victims by making a modest, unsolicited deposit into their bank accounts. 

How does it operate? 

A scammer uses UPI to transfer a tiny sum to the victim's bank account. After that, they ask for a larger withdrawal right away. The victim might quickly verify their bank account amount due to this sudden deposit. The victim must input their personal identification number (PIN) to access their bank details, and the stolen withdrawal is authorized. The difference money is stolen by fraudsters.

The Hindu reports, “Scammers exploit the recipient’s curiosity over an unsolicited deposit to access their funds.”

The public was previously warned by the Tamil Nadu Cyber Crime Police to exercise caution when dealing with such unforeseen deposits. It noted that the latest scam was the subject of numerous complaints to the National Cyber Crime Reporting Portal.

What to do?

There are two methods UPI customers can use to guard against jumped deposit scams. 

Since withdrawal requests expire after a certain amount of time, wait 15 to 30 minutes after noticing an unexpected transaction in your bank account before checking your balance. Try carefully entering an incorrect PIN number to reject the prior transaction if you don't have time to wait a few minutes. 

Additionally, to confirm the legitimacy, notify your bank if you discover an unexpected or sudden credit in your account. Scam victims need to file a complaint with the cybercrime portal or the closest police station.

Banking attacks on the rise

The State Bank of India recently highlighted several cybercrimes, including digital arrests and fake customs claims, in light of the rise in cybercrimes. To safeguard themselves, the bank advised its clients to report shady calls and confirm any unexpected financial requests. 

It explained scams like "digital arrests," where scammers pretend to be law enforcement officers and threaten to question you about fictitious criminal conduct. For easy chores, some scammers may offer large quantities of money as payment. After that, they might request a security deposit.
Read more »
Vulnerabilities and Exploits
MFA online transactions OTP UPI Vulnerabilities and Exploits

Cybercriminals Target UPI Payments: How to Stay Safe

 



The Unified Payments Interface (UPI) has transformed the infrastructure of digital transactions in India, providing a fast, easy, and secure method for payments. However, its rapid adoption has also attracted the attention of cybercriminals. This article delves into the tactics used by fraudsters and the measures users can take to protect themselves.

Cybercriminals employ a variety of deceptive methods to exploit UPI users. Vishal Salvi, CEO of Quick Heal Technologies Ltd., explains that these criminals often impersonate familiar contacts or trusted services to trick users into making quick, unverified money transfers. One prevalent technique is phishing, where fraudsters send emails that appear to be from legitimate banks or UPI service providers, prompting users to reveal sensitive information.

Malware and spyware are also common tools in the cybercriminal's arsenal. These malicious programs can infiltrate devices to steal personal information, including UPI details, or even take control of the device to initiate unauthorised transactions. Social engineering tactics, where fraudsters pose as customer service representatives, are another method. They manipulate users into sharing confidential information by pretending to resolve a payment issue.

Protecting oneself from UPI payment fraud is crucial and can be achieved through vigilance and caution. Financial institutions have implemented multi-factor authentication (MFA) and financial literacy programs to enhance security, but users must also take proactive steps. It is essential never to share your UPI PIN or OTP with anyone. Always verify the authenticity of transactions and use official apps or websites. Ensuring a secure connection (https) before entering any information is another critical step. Regularly updating your app and enabling transaction alerts can help monitor for any suspicious activity.

In the event of a fraudulent transaction, immediate action is vital. The moment you suspect fraud, report the incident to your bank and the UPI platform. Blocking your account can prevent further unauthorised transactions. Filing a complaint with the bank's ombudsman, including all relevant details, and reporting the fraud to local cybercrime authorities are crucial steps. Quick and decisive actions can significantly increase the chances of recovering lost funds.

While UPI has revolutionised digital payments, users must remain vigilant against cyber threats. By following these safety measures and responding to any signs of fraud, users can enjoy the benefits of UPI while mminimising the risks.


Read more »
X
Cyber Security HDFC Network Banking SBI Transactions Twitter UPI X

Nationwide Banking Crisis: Servers Down, UPI Transactions in Jeopardy

 


Several bank servers have been reported to have been down on Tuesday, affecting Unified Payments Interface (UPI) transactions throughout the country. Several users took to social media platforms and reported that they encountered issues while making UPI transactions. They took to X (formerly Twitter) to complain about not being able to complete the transaction. It was confirmed in a tweet that the National Payments Corporation of India had suffered from an outage which led to the failure of UPI transactions in some banks. 

A website monitoring service with issues received reports that the UPI service was not working for Kotak Mahindra Bank, HDFC Bank, State Bank of India (SBI), and others, according to Downdetector, a website monitoring service. According to reports on social media platforms, hundreds of bank servers have experienced widespread outages nationwide, impacting the Unified Payments Interface (UPI) transactions. 

Users were flooding social media platforms with details of these disruptions. As well, Downdetector, a company providing website monitoring services, received reports of ongoing outages affecting UPI as well as Kotak Mahindra Bank, HDFC Bank, State Bank of India (SBI) and others. The outage seems to affect UPI transactions made using several banks as well. 

In some cases, users have reported experiencing server problems when making UPI payments with HDFC Bank, Baroda Bank, Mumbai Bank, State Bank of India (SBI), and Kotak Mahindra Bank, among other banks. In addition to reporting UPI, Kotak Mahindra Bank and HDFC Bank's ongoing outage on Downdetector, a website that keeps an eye on outages and issues across the entire business landscape, Downdetector has also received reports of ongoing outages from users. 

Several users have reported having difficulty with the “Fund Transfer” process within their respective banks due to technical difficulties. A new high was reached by UPI transactions in January, with a value of Rs 18.41 trillion, up marginally by 1 per cent from Rs 18.23 trillion in December. During November, the number of transactions increased by 1.5%, reaching 12.20 billion, which is up by 1.5 per cent from 12.02 billion in October. 

In November, the number of transactions was 11.4 billion, resulting in a value of Rs 17.4 trillion. The NPCI data shows that the volume of transactions in January was 52 per cent higher and the value was 42 per cent higher than the same month of the previous financial year, according to NPCI data. 

Earlier in November 2023, a report stating that the government was considering implementing a minimum time constraint within the initial interaction between two individuals who are carrying out transactions exceeding an adjustable amount was published. 

The Indian Express reported that, according to government sources, the proposed plan would dictate a four-hour timeframe to be imposed on the first digital payment between two users, particularly for transactions exceeding Rs 2,000, based on inputs that were received from the government.
Read more »
WhatsApp updates
Data Transfer legal and regulatory issues Meta Technology UPI WhatsApp WhatsApp Pay WhatsApp updates

Mata: Challenges in Data Transfer Between Countries May Affect Services


Meta, in a recent report, stated how its inability to transfer data "between countries and regions," where the company operates, may alter its ability to provide services to its users. The company added that this issue may further affect its financial results.

Apparently, Meta has been facing lawsuits in Europe and India, along with other jurisdictions for its 2016 and 2021 updates on WhatsApp on the basis of its service and privacy policy.

In a statement provided on Wednesday, Meta wrote, "If we are unable to transfer data between and among countries and regions in which we operate, or if we are restricted from sharing data among our products and services, it could affect our ability to provide our services, the manner in which we provide our services or our ability to target ads, which could adversely affect our financial results."

The multinational conglomerate further noted that countries like India and Turkey are apparently considering enacting legislation that requires local data storage and processing or is considering doing so already.

These legislative laws “could increase the cost and complexity of delivering our services, cause us to cease the offering of our products and services in certain countries, or result in fines or other penalties," the company said in Form 10-K.

The company has been under continuous legal and regulatory issues in a number of jurisdictions, one being India.

The Competition Commission of India is currently looking into the issue, investigating Meta for its alleged anti-competitive practices. Adding to this, the company is also facing lawsuits in regard to its unified payments interface (UPI) service WhatsApp Pay.

Amidst the ongoing investigations and legal actions, Amrita Mukherjee, Director, Legal, India operations, was purportedly fired by the corporation as part of a recent series of layoffs. The layoff has been a component of Meta's downsizing strategy, which was disclosed in March and will affect some 10,000 employees worldwide.

The issue is especially significant for Meta, since it has a weighty presence in India, with more than half a billion users utilizing its services.

The company's daily active users (DAUs) grew by 4% to 2 billion on average through December 2022 from the previous year, according to its annual report. The top three countries for DAU growth during that time were Bangladesh, the Philippines, and India.  

Read more »
User Privacy
Cyber Security Digital Currency. Finance Indian Bank Indian Rupee RBI UPI User Privacy

Indian Digital Currency Era – A Quick Look

Compared to more conventional forms of money like cash notes or coins, electronic money stored in bank accounts, mobile banking applications, and credit cards is quickly replacing the public's perception of finance.

The popularity of UPI demonstrates the preference for digital money systems. India has been pushing hard to become cashless, starting with the decision to implement demonetization in 2016. That same year also saw the launch of the real-time payments system known as the Unified Payments Interface (UPI). The paradox in the existing system is that although digital transactions are becoming more common, cash is still very popular in India.

In terms of transaction value, UPI executed 7.3 billion transactions in October, totaling Rs. 12.11 lakh crore, a record high. While volumes increased 73.3 percent during the same period, transaction values increased by 56.6 percent year over year.

Cryptocurrencies vs. Digital Rupee

A CBDC, as defined by the RBI, is "a legal tender issued by a central bank in digital form. It can be exchanged one-to-one for fiat money and is equivalent to it. All that has changed is its form. "

However, it is impossible to directly compare a CBDC to a cryptocurrency.

"A CBDC is not a commodity or a claim on a commodity or a digital asset, unlike cryptocurrencies. They are not money definitely not a currency in the sense that the term has historically been used, "according to the RBI's release.

According to the tracker maintained by the Atlantic Council, 98 nations are currently investigating CBDCs. Of these, 11 nations have started CBDCs. In light of this situation, the RBI is acting in a calibrated way to start CBDCs. It is currently looking into the possibility of implementing wholesale CBDCs based on accounts and retail CBDCs based on tokens.

"When something new enters the market, the old need to adapt, and the new need to control the change", says Nikhil Kamath, co-founder of Zerodha. "While many have been critical of #CBDC, we might be overlooking the big picture, remittances, unbanked economy, and minimizing subsidy leakage."

The increasing use of cryptocurrency stablecoins, which tie their value to another currency or asset, has also alarmed a number of central banks. According to a Press Trust of India report, RBI officials informed a parliamentary finance committee in 2022 that the 'dollarization' of a portion of the economy by cryptocurrencies could be detrimental to the nation's interests.

Money transfers via cell phones would be quick and easy, according to Sathvik Vishwanath, co-founder, and CEO of Unocoin, a rival cryptocurrency exchange. The digital rupee will most importantly aid in the eradication of problems with counterfeit money.

According to FIS's Cheema, adoption of the CBDC in the wholesale sector (CBDC-W) has large benefits and substantially fewer dangers than in the more complicated domain of retail CBDC (CBDC-R). In the future, CBDC-R will supplement existing payment structures, not replace them.

The digital rupee will therefore be available for use by all Indian citizens whenever the RBI begins to print it.




Read more »
UPI
Cyber Fraud Data Digital Payment Safety Security Transactions UPI

UPI Frauds led to 15.3% Rise in Cybercrime Complaints Between Q1, Q2 in 2022: MHA

 

The unified payments interface (UPI) was a huge success. On the other hand, people are increasingly being cheated when conducting online transactions. UPI frauds contributed significantly to a 15.3% increase in the overall number of complaints reported on the National Cybercrime Reporting Portal (NCRP) between the first and second quarters of 2022, according to data from the Ministry of Home Affairs.

While the total number of registered complaints in the first quarter of 2022 was 206,198, it increased by 15.3 percent to 237,658 in the second quarter. The number of 'UPI fraud complaints,' a cyber crime category under NCRP, increased from 62,350 in Q1 2022 to 84,145 in Q2 2022.

When compared to other NCRP cyber crime categories such as debit/credit card fraud, internet banking-related fraud, and others, this represents a 34% increase.
These overall figures correspond to an increase in the number of cybercrime complaints registered on the NCRP portal since 2021.

This rise can be attributed to the expansion of digital payment systems since the Covid-19 pandemic, which has allowed small businesses to enter the ecosystem. UPI payments increased by more than 1,200 percent in the six months ending in September, according to an RBI report.

According to the MHA report, "Online financial fraud, a cyber crime category under NCRP is the most prevalent among others, as 67.9 percent of the total reported cyber crime were 'online financial frauds. However, no actual figures for this category were provided in the report.

Debit/credit card/sim swap fraud increased from Q1 to Q2 of 2022, which falls under financial fraud. In Q2, the figures were 26,793 compared to 24,270 in Q1. Nevertheless, complaints about internet banking decreased in the second quarter of 2022. While the figure was 20,443 in the first quarter of 2022, it fell to 19,267 in the second quarter.

UPI transactions are increasing

Unified Payments Interface (UPI) transactions hit a new high of Rs 12,11 lakh crore in October, six months after surpassing Rs 10 lakh crore in May.

This figure is expected to rise, with the RBI's Payment Vision 2025 projecting that UPI will grow by 50% on an annualized basis. This increased adoption of UPI will unintentionally contribute to an increase in UPI fraud.

In response, the National Payments Corporation of India (NPCI) launched 'UPI-Help' on the Bharat Interface for Money (BHIM) UPI last year to provide a simple grievance resolution mechanism.

One can view their transaction history in the BHIM UPI application by selecting the 'raise a complaint option. The user can then choose which transaction requires a complaint to be filed. They can raise a concern by clicking "raise concern," describing the issue in an online complaint and submitting it.

NPCI also launched the Safety Shield campaign earlier this year to assist users with online payments via UPI.

Read more »
Visa
Amazon Cloud Security Attack Cyber Security Indian Bank RBI SBI Tokens UPI User Privacy Visa

RBI Employs Tokenization to Combat Breaches

 

The RBI, the central bank of India, is now prepared to impose card tokenization in India after permitting customers to link credit cards with UPI. In the midst of all of this, many users are perplexed as to what card tokenization actually is and why applications and websites advise users to safeguard their credit and debit cards following the RBI's new rules.
 
What is tokenization? 

Tokenization is the process of replacing actual card information with a special alternate code called a 'token,' which must be different for each card, token requester, and device, i.e. the organization that accepts customer requests for card tokenization and forwards them to the card network to produce a corresponding token.

Researchers are still quite aware of the data exposures from MobiKwik and Domino's India. As users can see, the data becomes vulnerable to data breaches and leaks if you store your private card information on the cloud servers of numerous such online apps and websites.

Although some websites might have the highest levels of security in place to protect user credit card information, others may not be adhering to international security requirements. Having credit card information being dispersed over several servers with varying levels of security gives hackers more access points. The RBI now wants to alter the current state of digital payments and standardize 'tokenization' to increase the security of all online card transactions.

In September 2021, the RBI ordered that card-on-file (CoF) tokenization be used instead of retailers holding client card information on their systems beginning January 1, 2022. In addition, businesses such as apps, websites, payment processors like RazorPay, or banks will no longer be responsible for safeguarding your card information. Tokenization is a technique the RBI developed to protect domestic card transactions by employing random strings of tokens rather than disclosing the user's personal card information.

Since the regulation on tokenization was published, according to Deputy Governor Sankar, the central bank has been in close contact with all stakeholders to guarantee a smooth transition to the tokenization policy.

How does tokenization work? 

The process of tokenizing cards is straightforward. When a card is chosen to be tokenized, the card network such as Visa, MasterCard, etc. issues the token with the bank's approval and gives it to the retailer. For example, when you save an SBI Visa debit card on Paytm by RBI's requirements, Visa will create the token with SBI's permission and share it with Paytm.

If you decide to save the identical credit or debit card on some other app, let's say Amazon, a new token will be issued and shared with Amazon. The token will vary based on the merchant and device, even if it's the same card. From a security standpoint, it implies the tokens are unique and discrete, which is beneficial.

Potential effects of tokenization

The RBI was forced to develop card tokenization as a result of the constant data leaks, thefts, and breaches that occur in the digital age. Not to add that the various security standards used by apps, websites, payment processors, and other middlemen compromise users' online security.

Tokenization has very little of an effect on the customer. Customers simply need to submit their card information once to receive a token. The process of tokenization will then be initiated by the merchant at no further cost or customer effort.

According to experts, there are no drawbacks to card tokenization from the perspective of the end-user. The RBI standards must be implemented by merchants and payment systems, but aside from that, consumers benefit.

Read more »
UPI
Crypto Exchange cryptocurrency Indian Government Technology UPI

Indian Crypto Exchanges Disables Deposits Via UPI System

 

Multiple Indian crypto exchanges have disabled rupee deposits using the Unified Payments Interface (UPI) system, which is the most widely used retail payment method. This comes after the National Payments Corporation of India (NPCI) said last week that it was unaware of any crypto exchange using UPI. 

The Indian government has spent years working on a law to ban or regulate cryptocurrencies, with a ban backed by the central bank over risks to financial stability. However, recently the government has taken a decision to put a tax on the income from cryptocurrency and other digital assets. 

Crypto exchange Wazirx is not offering UPI support. The exchange tweeted on Wednesday, “Currently, UPI is not available,” and advised users to do P2P payments instead, which have zero fees. The platform also added that it has no estimated time limit to address the issue with UPI deposits. Coindcx is also not supporting payments by UPI, saying on Twitter Monday, “UPI is temporarily unavailable.”

Coinswitch Kuber, with over 15 million users went one step ahead and reportedly suspended all INR deposit services, including UPI and bank transfers via NEFT, RTGS, and IMPS. The Nasdaq-listed crypto exchange Coinbase, which recently launched in India, has also disabled all purchase options, including the UPI. 

Last month, multiple reports suggested that Coinbase has begun rolling out UPI and IMPS support for its users in India after users noticed the inclusion of the two payment systems (UPI & IMPS) on Coinbase’s app. The company acknowledged the same at its launch event on 7th April. 

“We are aware of the recent statement published by NPCI regarding the use of UPI by cryptocurrency exchanges. We are committed to working with NPCI and other relevant authorities to ensure we are aligned with local expectations and industry norms,” the exchange clarified. 

An industry source with direct knowledge of the matter said the NPCI was caught between a rock and a hard place when Coinbase claimed to launch with UPI support. “Once the launch of Coinbase happened in India and they announced the usage of UPI as a payment option, NPCI realized it needed to put a clarification out there,” the person said. 

Earlier this month, popular payment service Mobikwik also disabled offering services to crypto exchanges. Meanwhile, crypto exchanges have been declining in India after the 30% tax on crypto income went into effect without allowing loss offsets or deductions on April 1. From July 1st, a 1% tax deducted at source (TDS), will also be applicable on crypto transactions. 

There are no official data available on the size of India's crypto market, but industry experts believe the number of investors ranges from 15 million to 20 million, with a holding of about Rs 40,000 crore ($5.25 billion).
Read more »
UPI
Digital payment system Technology UPI

UPI Turns Webless

 

While UPI has grown in popularity since its inception in 2016, it has yet to reach rural areas where smartphone ownership is low and internet access is spotty. Volumes should increase as more low-cost handsets connect to the UPI system, promoting financial inclusion. 

This could be India's Unified Payments Interface's next great step (UPI). Governor of the Reserve Bank of India Shaktikanta Das introduced UPI123Pay, a digital software that allows users of feature phones to send money, on Tuesday. They will be equipped to do almost everything that smartphone users can on this payment platform, with the exception of scan-and-pay. There is no need for an internet connection. 

All that is required is a feature phone connected to a bank account, and funds can be transmitted to any other UPI user without the usage of a credit card. This should significantly boost the use of India's proprietary platform for cashless transactions. 

UPI transfers have already increased as a result of the pandemic, with over 4.5 billion worth over $8.3 trillion reported in February, up from just over 1.3 billion worth 2.2 trillion two years ago. The tally is expected to rise.
Read more »
User Security
Bank fraud Bank Information Security RBI remote access UPI User Privacy User Security

RBI AnyDesk Warning; here's how Scammers Use it to Steal Money



In February, Reserve Bank of India (RBI) issued warning regarding a remote desktop app known as 'AnyDesk', which was employed by scammers to carry out unauthorized transactions from bank accounts of the customers via mobile or laptop.

In the wake of RBI's warning, various other banks such as HDFC Bank, ICICI Bank and Axis Bank along with a few others, also issued an advisory to make their customers aware about AnyDesk's fraudulent potential and how it can be used by the hackers to steal money via Unified Payments Interface (UPI).

However, it is important to notice that Anydesk app is not infectious, in fact, on the contrary, it is a screen-sharing platform of extreme value to the IT professionals which allows users to connect to various systems and mobiles remotely over the internet.

 How the Scam Takes Places? 

When a customer needs some help from the customer care, he gets in touch via a call and if he gets on line with a scammer, he would ask him to download AnyDesk app or a similar app known as TeamViewer QuickSupport on his smartphone.

Then, he would ask for a remote desk code of 9-digit which he requires to view the customer's screen live on his computer. He can also record everything that is been shown on the screen. Subsequently, whenever the victim enters the ID and password of his UPI app, the scammer records it.

Users are advised not to download AnyDesk or any other remote desktop applications without fully understanding their functioning.

You should also be highly skeptical of the additional apps that customer support executives may ask you to download as besides fraudsters, no one asks for codes, passwords or any other sensitive information.

Read more »
UPI
Bank fraud Security News UPI

Fraudsters Gaining Access to Users Mobile Devices to Commit Bank Fraud


With the advent of Unified Payment Services (UPI), the idea of sending money from one bank account to the other without having to top up the sum in the mobile wallet has become a reality. However, with new means of transactions coming up and widening of the horizon of banking operations, there is an even enhanced possibility of bank frauds. Hackers have been continuously coming up with new ways of bypassing security.
ICICI Bank reported that in order to gain remote access of smartphones of various users, cybercriminals trick users into downloading ‘AnyDesk’, an application available on App Store as well as Play Store.
Once the user downloads the app, a nine-digit app code is generated on his mobile device which they are then asked to share with the criminals. After receiving the code, fraudster enters the code onto his mobile and then asks the user to grant him certain permissions. Now, once the criminal gets the permissions, he can access the user’s device with ease.
Users are advised to verify and then install the original UPI app and payment wallets from Apple Store and Google Play Store owned by authenticated companies. Avoid downloading applications from suspicious or unknown sources and consider reading reviews prior to going for the download.
Furthermore, while granting permissions on making the download, one should be highly alert and pay extra attention to the details. Banks suggest having your e-mail ID registered and verified in order to be notified of any illegal action taken on your account.
Other safety tips include getting your SIM card blocked instantly if you happen to misplace your mobile device and logging out of your bank account from the web browser. Lastly, customers should always keep a track of their banking transactions which are sent through SMS, it will allow them to take note of any fraudulent transaction and report it to the bank.  


Read more »
Subscribe to: Posts (Atom)