RBI issues guidelines for banks to prevent frauds through UPI

Digitalization has given a boost to fast-paced financial transactions in India making way for the Unified Payments Interface (UPI) to become a convenient and widely used method for digital transactions in the country. However, as its popularity grows, so does the risk of UPI fraud. 

In the fiscal year 2022-23, a staggering 95,000 cases of UPI fraud were reported, marking an increase from the previous year’s 84,000 cases, according to the Ministry of Finance. This data underscores the urgency of implementing protective measures to mitigate financial losses for both users and the overall economy.

Recognizing the need to address UPI-related frauds, the Reserve Bank of India (RBI), the apex bank of the country, has formed guidelines to curb such issues and protect the people from losing their hard earned money. These guidelines provide a framework for banks to follow in managing and preventing UPI frauds. Let’s explore some key aspects of these guidelines:

1. Banks must establish a dedicated framework that allows their customers to report cases of UPI fraud. This ensures that swift actions can be taken when fraudulent incidents occur.
2. Banks are required to promptly and accurately report all fraudulent activities associated with UPI transactions to the RBI. This reporting is crucial for tracking and managing fraudulent incidents.
3. Banks should concentrate on creating a “Fraud Prevention and Management Function” to initiate investigations into fraudulent activities. Collaborating with law enforcement agencies is also a crucial part of catching those responsible for these fraudulent acts.
4. The bank’s top leadership, including the CEO, audit committee, and a special committee, is tasked with overseeing all activities related to fraud protection and risk management.
5. Each bank must frame its internal policies for detecting and investigating frauds after obtaining approval from its board.
6. Banks are mandated to submit all Fraud Monitoring Returns (FMR) using the XBRL system. Furthermore, they must designate General Manager Designation personnel to manage this process.
7. Banks must actively engage in educating customers about the latest frauds and best practices for secure digital payments.

Refund Framework

RBI has established a clear framework for refunds in cases of fraudulent activities:

1. Full amount refund: Customers reporting fraudulent transactions within three days of the incident will bear zero liability, with the full amount refunded to their bank account.
2. Lower amount deduction: Reporting between 4 and 7 days after a fraudulent transaction will result in limited liability, ranging from INR 5,000 to INR 25,000, with the lower amount deducted before refunding the rest.
3. No refund: Failing to report unauthorized transactions within seven days absolves the bank of liability for refunding any amount.

Common UPI Scam Techniques:

With these regulatory guidelines in place, it’s essential to understand the common methods used by scammers to conduct UPI frauds:

Phishing Scams:

Phishing is one of the most common forms of UPI fraud. In these scams, fraudsters send fake payment links that closely resemble those from legitimate banks or merchants. These links lead to fraudulent UPI apps. When victims unwittingly enter their credentials and provide auto-debit permissions, their money is deducted from their accounts.

Screen Monitoring Tools:

Fraudsters often trick individuals into downloading screen monitoring apps under the guise of helping with remote work. These apps can extract data or even gain control of a victim’s device, resulting in financial losses.

Fake QR Codes:

Criminals send victims fake QR codes, instructing them to scan them for a transaction or to access exclusive information. Instead, these codes reveal the victim’s UPI details to the fraudsters, leading to unauthorized transactions.

Fake UPI Handles on Social Media:

Scammers impersonate sellers or customer support representatives on social media. Victims, thinking they’re communicating with a legitimate entity, end up sharing their banking information, falling prey to theft.

Collection Requests:

Perpetrators call victims, asking them to click on collection links under various pretexts, such as a refund or lottery claim. Clicking on these links and entering banking credentials leads to unauthorized debits.

Some of the other scam methods which are widely being used by the fraudsters include impersonating sellers, malware attacks, money mules, and web skimming.

Preventing UPI Frauds:

Here are some of the preventive measures to protect oneself from UPI frauds:

1. Enable two-factor authentication for UPI transactions.
2. Keep on changing your passwords regularly to enhance security.
3. Activate real-time transaction alerts to stay informed about all activities on your account.
4. Refrain from sharing personal and banking details with anyone, particularly over the phone.
5. Retrieve helpline numbers from official websites to ensure accuracy.
6. Always use verified apps and websites for digital transactions.