Summarize

Simplifying... Inshort

Beware of fraudsters spamming UPI IDs with fake collect money or autopay requests, tricking users into paying for their subscriptions.
These scams often target UPI IDs linked to phone numbers, making them easy prey.
To protect yourself, avoid linking bank accounts directly to UPI IDs, use a wallet with limited balance, and stay vigilant.
Experts suggest adding a security layer for sending Autopay requests and altering UPI IDs to include names instead of mobile numbers for enhanced security.

Was a long read? Making it simpler...

Next Article

Users are tricked into approving an unknown UPI collect money/autopay request

Beware! Fraudsters are spamming UPI IDs with multiple collect requests

By Dwaipayan Roy

Aug 19, 2024

05:57 pm

What's the story

A new type of fraud is on the rise, targeting users of the Unified Payments Interface (UPI). Scammers are exploiting the platform's QR code and UPI ID system to flood unsuspecting users, with numerous 'collect money' or 'autopay' requests. If a user mistakenly approves such requests, they end up paying the fraudster who can then use their money for personal purchases.

Scam mechanics

How the fraud operates

The scam operates by deceiving users into approving an unknown UPI collect money/autopay request. It can be challenging for users to distinguish between a genuine request and a fraudulent one. For example, an autopay request for Netflix may appear legitimate but could be initiated by a fraudster using their own Netflix account. If approved mistakenly, the user ends up paying for the fraudster's subscription instead of their own.

ID vulnerability

An easy target for scammers

UPI IDs, typically formatted as phone numbers followed by the UPI provider extension, are often targeted by fraudsters. As Vikram Babbar from EY Forensic & Integrity Services - Financial Services explains, "Phone numbers and details are soft targets since phone numbers are shared often and are quoted at multiple places - e-shopping, restaurants, malls, parking places and so on." This makes it easier for scammers to exploit these IDs in their fraudulent activities.

Fraud encounter

User shares experience of receiving fraudulent UPI requests

A UPI user, who wished to remain anonymous, shared her experience of receiving numerous 'collect money' and 'autopay' requests from entities like Netflix and Google Pay in her Paytm account. However, she confirmed that none of these requests were initiated by someone she knows or services she uses. This incident highlights the ease with which scammers can generate fake IDs using phone numbers and bombard users with fraudulent requests.

Prevention measures

How to protect yourself from UPI fraud?

To prevent falling victim to such scams, Babbar suggests that senior citizens, who are often targeted by fraudsters, should avoid linking their bank accounts directly to their UPI ID. Instead, they should use a wallet with a limited balance. He also advises consulting family members in case of any suspicion, and emphasizes the importance of customer awareness initiatives by UPI service providers.

Security recommendations

Experts call for additional security measures

Shobhit Goyal, Founder & CEO of BeFiSc, suggests that the National Payments Corporation of India (NPCI) should introduce a security layer for sending Autopay requests, and consider altering the format of UPI IDs to include names or initials instead of mobile numbers. This could prevent auto-generation of UPI IDs and enhance user security.