Identity Theft, SIM Swap: How To Stay Safe From Payment Frauds?

Fraudsters attempt to get confidential details like user id, login / transaction password, OTP (one time password), debit / credit card details such as PIN, CVV, expiry date and other personal information.

Some of the typical modus operandi being used by fraudsters are –

Vishing – Phone calls pretending to be from bank / non-bank e-wallet providers / telecom service providers in order to lure customers into sharing confidential details in the pretext of KYC-update, unblocking of account / SIM-card, crediting debited amount, etc.

Phishing – Spoofed emails or SMSs designed to dupe customers into thinking that the communication has originated from their bank / e-wallet provider and contain links to extract confidential details. Scammers send fraudulent emails, messages or make calls to obtain personal and financial information, such as passwords, PINs, and bank account details, which can be used to steal money.

Remote Access – By luring customers to download an application on their mobile phone / computer which is able to access all the customers’ data on that customer device.

Misuse the ‘collect request’ feature of UPI by sending fake payment requests with messages like ‘Enter your UPI PIN’ to receive money.

Fake numbers of banks / e-wallet providers on webpages / social media and displayed by search engines, etc.

Identity Theft: Criminals steal someone’s identity and use it to create fake accounts, make purchases, and apply for loans.

SIM Swap Fraud: Fraudsters contact the victim’s telecom provider, pretending to be the victim, and get the SIM card blocked or transferred to another device. They then use the victim’s phone number to gain access to their bank account and carry out transactions.

Online Shopping Fraud: Fraudulent sellers on e-commerce platforms often lure customers into purchasing fake products or products that are not delivered, leading to financial loss.

Payment Gateway Fraud: Fraudsters create fake payment gateway pages or duplicate the original page to obtain the customer’s financial information during the transaction process.

To protect yourself from online payment frauds, follow the safety tips and be vigilant when making online transactions. Always verify the authenticity of the website or service provider before entering any personal or financial information. If you become a victim of online payment fraud, report it to the concerned authorities (your bank, police etc.) immediately.

As per the RBI’s safe digital banking practices guidelines, one can do the following to keep their money safe from frauds;

• Never share your account details such as account number, login ID, password, PIN, UPI-PIN, OTP, ATM / Debit card / credit card details with anyone, not even
  with bank officials, however genuine they might sound.
• Any phone call / email threatening the blocking of your account on the pretext of non-updation of KYC and suggestion to click a link for updating the same is a common modus operandi of fraudsters. Do not respond to offers for getting KYC updated / expedited. Always access the official website of your bank / NBFC / e-wallet provider or contact the branch.
• Do not download any unknown app on your phone / device. The app may access your confidential data secretly.
• Transactions involving receipt of money do not require scanning barcodes / QR codes or entering MPIN. Thus, exercise caution if asked to do so.
• Always access the official website of a bank / NBFC / e-wallet provider for contact details. Contact numbers on internet search engines may be fraudulent.
• Check URLs and domain names received in emails / SMSs for spelling errors. Use only verified, secured, and trusted websites / apps for online banking, that is, websites starting with ‘’https’’. In case of suspicion, notify the local police / cybercrime branch immediately.
• If you receive an OTP for debiting your account for a transaction not initiated by you, inform your bank / e-wallet provider immediately. If you receive a debit SMS for a transaction not done, inform your bank / e-wallet provider immediately and block all modes of debit, including UPI. If you suspect any fraudulent activity in your account, check for any addition to the beneficiary list enabled for internet / mobile banking.
• Do not share the password of your email linked to your bank / e-wallet account. Do not have common passwords for e-commerce / social media sites and your bank account / email linked to your bank account. Avoid banking through public, open or free networks.
• Do not set your email password as the word “password” while registering in any website / application with your email as user-id. The password used for accessing your email, especially if linked with your account, should be unique and used only for email access and not for accessing any other website / application.
• Do not be misled by advice intimating deposit of money on your behalf with RBI for foreign remittances, receipt of commission, or wins of lottery.
• Regularly check your email and phone messages for alerts from your financial service provider. Report any unauthorised transaction observed to your bank / NBFC / Service provider immediately for blocking the card / account / wallet, so as to prevent any further losses.
• Secure your cards and set daily limits for transactions. You may also set limits and activate / deactivate for domestic / international use. This can limit loss due to fraud.

Read all the Latest Business News here