The COVID-19 pandemic has accelerated the adoption of digital payments in India and at the same time there has been a significant surge in financial frauds. Experts have urged users to take precautionary measures to ensure safety of their financial transactions.
Recent surveys released by independent research firms have also pointed to the trend of increase in the number of financial frauds in digital payments. The financial frauds were mostly through phishing, followed by QR code/ UPI scams but consumers were also victims of card scams and skimming, according to a report by financial technology firm FIS.
V. Rajendran, chairman of Digital Security Association of India and a cyber advocate, said that the customers should not keep large balances in online payment apps and also should not have higher limits for credit card and net banking transactions. He also said customers should avoid having unnecessary apps on their mobile phones and must not blindly agree to the terms and conditions stated by the apps.
Internet banking fraud in which callers say KYC needs to be done immediately or your bank account will be blocked, credit card frauds, phishing and vishing are some of the categories which digital payment modes are vulnerable to.
Nelesh Kripalani, Chief Technology Officer, Clover Infotech, an IT services and consulting company, pointed out credit cards could be prone to attacks due to the facility to not use a PIN for transactions below a minimum limit.
“It would be ideal for credit card users to not enable automated transactions or transactions without an OTP validation on their credit card. Every swipe should be accompanied by a PIN to validate and authenticate the transaction and online transactions should only go through with an OTP-based validation that is received on the user’s mobile phone,” Mr. Kripalani suggested.
“Customers need to ensure that e-mails are from the right entity. Phishers would create identical URLs and design the pages almost identical to the entity they are trying to copy. The customer must be immensely prudent and observant. They must check if the link has an https prefix and if the URL is correct before sharing any information or making a transaction,” he pointed out.
Vishing, another type of fraud, involves calling users by claiming to be from a bank or a reputed company and then making the users share personal information such as card numbers and inducing them to do a transaction.
A user must also ensure that most of his transactions go through at least a two-factor authentication process – the second factor could be an OTP received on their mobile or a secret question to which only they know the answer, Mr. Kripalani said. Users must also refrain from using public networks or public Wi-Fi to make a transaction. They must use their Wi-Fi at home or office that is protected and secured, he added.