Affordable connectivity and low costs of device ownership have immensely contributed to the growing number of internet users. According to estimates, just in the year 2019, the internet user base in the country has grown from 566 million to 627 million. On account of this growth, we have millions of users who have only very recently come online, and most of them without any kind of cyber safety sensitization – giving fraudsters a huge vulnerable pool of users. The increased utility of the internet and reliance on technology in day to day lives have opened up areas of opportunities for cyber fraudsters – often faster than the industry or regulators can react.
Propelled by the convenience and ease of access offered by mobile wallets and the UPI (unified payments interface), the latter overtook debit cards and recorded 1.31 billion transactions in December 2019. A rising affinity for such convenient modes of payment has allowed cyber criminals to exploit the system and defraud users of e-commerce, online classifieds, hyper local delivery, mobile wallets and banking services.
Here are some unsung, yet salient, ways for transacting safely online, especially in the context of emerging frauds.
Understanding QR codes and the UPI
The UPI offers a robust digital payment infrastructure, which has witnessed tremendous adoption. Given its novelty, users are still grappling with its functioning and, consequently, falling prey to fraudsters. For starters, it’s important to understand the various security features of the UPI and the points at which the platforms require a user to enter his/her security credentials. For example, one must be sure not to enter the PIN while receiving money. Users must examine QR codes thoroughly before making a payment.
Fraudsters often take the screenshot of a QR Code and crop out important details such as account holder’s name, amount, VPA details and the nature of the payment. Users must ensure that QR codes shared bear the right information. QR codes for debit or credit payments must be made explicitly legible before making a transaction. While making payments at public places, users must ensure that the UPI address belongs to the specific merchant. The UPI pin has to be shielded. Fraudsters can glean sensitive account details by indulging in “shoulder surfing,” akin to what happens in ATM queues and can view your UPI pin if a transaction is being conducted at a public place. Different banks have different password lengths for UPI transactions; hence, users must not use similar passwords/PIN across banks.
Leveraging technology for your cyber safety
These days, most of the modes of communication, payment and shopping apps come with a host of features built-in to prevent cyber frauds, with artificial intelligence and machine learning features working in real-time to erect barriers for cyber criminals. Most phones these days come with spam caller identifiers, email services with spam/spoof/phishing identifiers, text messaging/chatting apps with filters that weed out suspicious links/content while hiding sensitive information and payment apps with trust indicators that can flag malicious elements even before transactions have taken place. In the event that users get suspicious calls soliciting payments, KYC verification requests, social engineering attempts etc. to gain confidence and access to accounts, users must immediately verify the associated number or email to ascertain the authenticity of such requests. Email addresses are indispensable, yet receive the least amount of care when it comes to guarding our cyber safety.
Avoid ghosting your own bank accounts
Users often tend to skip the upkeep of their bank accounts and payment apps. These days, banks offer superior unparalleled user experience through net banking, apps and other modes; yet, users rarely explore the options designed to keep them safe. Users can set transaction limits on their bank accounts and mobile wallets or easily disable access to debit/credit cards to prevent any discretionary spending or unsupervised access to their monies. Enabling a two-step authentication process via an OTP is a no-brainer to ensure that suspicious logins are avoided while guarding your banking apps via biometric authentication procedures add a layer of security.
Legal and procedural recourse
The limitation of a customer’s liability from fraud is not applicable where the loss results because of his/her negligence – sharing payment credentials, PIN, etc. However, the customer is safeguarded from the loss after the customer informs the bank. Therefore, to mitigate losses, it is important for a user to report misuse or fraud to the bank/ financial institution as soon as the user becomes aware of the same. Given that time is of the essence, users must keep detailed account information, screenshots of the fraudulent activity and call transcripts ready in order to report the same to financial institutions.
In addition, a user should also proceed to immediately report of such instances to the law enforcement agencies. The National Cyber Crime reporting portal and local cyber-crime police stations offer excellent recourse to report any incidences or to seek assistance. In these agencies refuse to register an FIR, you may take recourse from the courts under section 156(3) of the Code of Criminal Procedure, 1973. Another reporting avenue available to a victim is the platforms concerned, which helps those entities to weed out fraudsters, preserve evidence for investigation by the law enforcement agencies and prevent other users from being defrauded.(The writer is Director & General Counsel of OLX India)