Winning with defence: Stay sharp against rising digital payment frauds

Srivastav is just one example of the rising cases of digital fraud in India. According to data from the Reserve Bank of India (RBI), there were over 36,075 cases of financial fraud in FY24, with 29,082 cases involving digital payment methods, such as card or internet transactions. With the proliferation of online payments in India, the number of digital frauds, which was just 2,677 in FY19, has multiplied to over 36,000. The actual number could be much higher as many incidents go unreported.

“Rising digital fraud in India is a concern, with recent data showing a significant increase in online payment fraud. The RBI reported that digital payment frauds surged over fivefold to `1,457 crore ($175 million) in FY24. This alarming increase parallels the rapid growth of digital transactions, particularly through the unified payments interface (UPI), which experienced a 137% rise over the past two years,” says Ruchin Kumar, VP-South Asia of enterprise data security solutions provider Futurex.

As per a recent report by Kearney-Amazon Pay, retail digital payments in India surged to $3.6 trillion in FY24 from $500 billion in FY19—at a CAGR of 48.4%. With more and more people embracing digital payments in the country, “there is an urgent need for stronger cybersecurity measures to protect a largely non-tech-savvy population from evolving cyber threats to financial and personal data,” says Kumar.

Types of Frauds

While digital scams only made up 10% of all financial frauds in FY24 in terms of value, they constituted 81% of the total number of frauds. An increasing number of digital frauds shows that fraudsters are using newer methods to entrap victims. While one kind of recent fraud involves phone calls from a fake gas representative like with Srivastav, there are many other types of scams.

Other common types include phishing, in which unsolicited emails or messages trick you into divulging personal details, and vishing, in which fraudulent phone calls and text messages request sensitive information. In SIM swapping, fraudsters duplicate your SIM card to intercept one-time passwords (OTPs). Card fraud involves the unauthorised use of your credit or debit card, while identity theft means stealing your personal information to commit fraud. Account takeover happens when hackers gain access to your online accounts through malware to steal money or data. Understanding these types of digital fraud can help you stay safe online (see chart ‘Digital Deceptions’).

New technologies, such as AI, have simplified and accelerated many aspects of our lives, but they have also brought about a new danger. “This is especially true for the financial realm, where AI has been used to manipulate people and extract money from them fraudulently,” says Adhil Shetty, CEO of online financial services marketplace BankBazaar.com.

Deepfakes are among the most infamous forms of AI fraud; they entail imitating a person’s voice or picture to trick people—often targeting their loved ones or acquaintances. The common modus operandi of this scam is to create a deepfake audio or video of a person, portraying them as being in distress and urgently in need of money. “Hoax calls are made to unsuspecting victims demanding money. The biggest challenge posed by such scams is how difficult they can be to identify as they involve a fair bit of emotional manipulation,” says Shetty.

Given the prevalence of these scams, it’s important to exercise caution when receiving calls from unknown numbers. For example, in the case of a video deepfake, there is often a lag between the voice and video. Be mindful of any long pauses during the call. It is advisable to refrain from immediately responding to distress calls. “While it is emotionally distressing to find out your loved one is in trouble and needs immediate monetary help, always check with the concerned person. This can greatly reduce your chances of falling victim to such a scam,” says Shetty.

In order to maintain a robust security posture in today’s digital world, banks and fintech companies are deploying Hardware Security Modules (HSMs) both on-premises and in the cloud. HSMs secure digital keys for robust authentication and handle cryptographic data in accordance with the Digital Personal Data Protection Act. Banks also detect and prevent fraud by monitoring real-time transactions. AI-driven predictive modelling and behavioural analytics tools are being used to detect complex fraud strategies like deepfakes and other emerging threats, explains Kumar of Futurex.

Best Practices

If you become a victim of fraud, block your card first. Contact the call centre or block it online through the app. The bank will then issue you a replacement card with a different number. Reporting fraud quickly can reduce your liability and enhance the likelihood of reversing the transaction. The RBI has set guidelines that outline a customer’s liability in the event of fraud. For instance, there is no liability if you report the incident within three days.

However, there are instances in which cardholders might not be protected. If you don’t report an unauthorised transaction to the bank quickly, you may have to pay. If you unintentionally share your card PIN, OTP, or other sensitive information, then the liability is all yours. Additionally, the ‘Zero Liability’ policy may not provide coverage for business or prepaid cards, unlike regular consumer cards.

The most crucial step after blocking the card is to file a complaint with the local police and Cyber Crime Cell. The government has set up cyber crime cells in major cities to handle these complaints. You can also file your complaint online at Cybercrime.gov.in.

To lower the risk of fraud, first set the transaction limit on your card. Use your credit card’s built-in controls to limit the places and methods where you can use it, such as online, at point-of-sale terminals, or through tap & pay. Set transaction limits for various types of transactions to minimise liability for unauthorised use. Adjust these settings for domestic and international transactions if possible.

It is important to refrain from sharing any sensitive data such as credit card details, PINs, or login passwords with others; be careful when it comes to sharing personal information online and using public Wi-Fi. It is best to avoid entering sensitive banking information over unsecured networks.

To monitor usage, enable transaction alerts for all your cards. Regularly review your credit card and bank statements to detect unauthorised transactions. Moreover, when paying at restaurants or fuel stations, keep your card within sight. Use EMV chip cards to reduce skimming risks, and report any unusual activity with the card slot or point-of-sale device immediately.

“Most importantly, be discreet about what you upload on social media. Remember, your pictures or videos can be used to create visual or audio personas mimicking you. Ideally, keep your profile open only to friends and block unknown people. Stay updated on news about deepfake scams and how the technology is being misused. This can help identify such scams if you are ever targeted by one,” says Shetty.

@teena_kaushal