— Aditya Narang, Co-Founder and CBO, SafeHouse Tech
From the time when Covid-19 hit India in 2020 till date, there has been an exponential increase in digital payments frauds owing to the increased adoption of this technology. Digitization saw a huge spike given most people preferred this channel for online shopping/ payments due to the risk of infection through people or shared surfaces like cash or cards. The subsequent lockdowns also accelerated the usage of digital payments and fueled the digital payment industry as a whole in India.
Since a large number of people are going digital, fraudsters are using innovative ways to dupe vulnerable consumers. Many consumers are falling prey to these scams leading to disclosing their sensitive information and stealing their hard-earned money. Cybercrimes like Phishing, Malware, OTP frauds, Fake UPI links, and several others are witnessing a surge as more people are using contactless payments. The Minister for Electronics and Information Technology has also quoted that the number of phishing incidents in India has more than doubled in 2021.
Additionally, Government’s cybercrime department’s data stipulates that in May 2022 there were at least 61,100 complaints of digital payments fraud received by the government. More than 50% of these complaints were related to UPI frauds. Adding onto it, as per recent industry estimates, around 80,000 frauds worth Rs 200 crore are committed through UPI every month. Needless to say, with the burgeoning digital payments, hackers are fooling users into inadvertently transferring money.
While the digital payment sector is booming, so are the risks for all of us using it. There’s a dire need for mobile security since most of the apps and our private data like photos, banking apps, emails, and messages are on our mobile phones. Hence, it becomes imperative for users to take additional precautions to secure their online transactions and private information. Although mobile phones face the same threats or rather are more prone to cyber-attacks but we don’t really tend to take mobile security seriously as traditional computers or laptops. For instance, you may not secure your mobile devices with any security application or solution as you do your personal or work computer/ laptop.
Not following cybersecurity best practices can also expose you to threats when you make digital payments at online or offline merchant stores. Remember malware and ransomware are just as likely to attack your phone as your computer if you don’t have any kind of data protection enabled on your device.
Here are some threats you have to be aware of and protected against while using digital payment options:
Mobile malware: It is malicious software made to target the operating systems of smartphones. It causes the operating system to collapse and leaks private data stored on the phone. Fraudsters can access your banking details through the banking apps on your phone or other data that you may have saved elsewhere on the phone. They can conduct transactions using your financial information, leading you to lose all your money. Mobile malware is becoming a challenge to the cyber security industry as attacks increase in frequency and strength.
Phishing: It’s an attack designed to make the user reveal confidential/sensitive data. For instance, an SMS or email saying you’ve won a reward or lottery. When you respond to this SMS or email or click on any link claiming the prize, the attacker asks for critical information such as your banking PIN or login information. Once they have secured access to your bank account, your money will be gone before you know it!
Physical theft: Through theft, thieves gain physical access to your ATM/debit/credit cards, other documents that can be used to verify your identity, or even the smartphone you use for banking. The thieves can steal any of these items and misuse your financial information which can lead to financial loss. It’s crucial not to keep any written PINs and login credentials along with your cards and other documents.
Data extraction: Fraudsters are constantly coming up with new ways to extract your data from the digital payment ecosystem. That means without strong cybersecurity measures and robust malware protection software, your data is always at a risk of being stolen. All your digital devices that connect to the internet must have anti-virus and anti-malware software installed to safeguard any data you may save in them.
Duplicating SIM cards: If the attacker has stolen your mobile device, they can easily duplicate your SIM card. You will not receive calls and messages anymore, but all the data on your SIM is copied to the duplicate SIM. The duplicate sim “emulates” the exact behavior of your original SIM, meaning the attacker can conduct transactions involving the use of data stored on your SIM cards.
Debit/credit card frauds: The same way scamsters or hackers can cause internet banking frauds, they can also make unauthorized transactions using your ATM, debit, or credit cards. As a user, we can take the required measures to keep ourselves away from these frauds. Simple steps like never saving ATM PIN or other passwords on your phone and memorise your CVV and scratching it off the card to avoid misuse.
Yes, while these attacks and methods are quite surprising, here is what you can do to secure yourself and your device:
Avoid using public networks: All digital payments require you to be connected to the internet to process transactions. Avoid using public networks such as open Wi-Fi connections in a café or an unknown open network since they are more vulnerable to fraudulent activities. It’s best to use your mobile data when you’re out or on your personal home Wi-Fi. However, ensure that your Wi-Fi connection has a password protection system enabled.
Two-Factor Authentication (2FA): 2FA is a dual-factor authentication ensuring two layers of protection to keep your sensitive data safe. This authentication requires an additional credential like OTP beyond just the username and password, making it impossible for hackers to access the account.
Never save or share banking details: Avoid saving your card details or passwords on your phone or other devices connected to the internet. Just like you won’t save the details digitally, you must never ever share the details with anyone. Remember, legitimate companies don’t ask for your passwords, OTPs, or any information that’s supposed to be private.
Beware of fraudulent links and apps: Do not open links from unknown sources or ads, and do not download apps that seem fraudulent. You can identify them from the lack of a ‘verified’ badge, bad reviews, and a low number of downloads.
Other things you can do: Enable passwords for your devices, create unique passwords for digital wallets, always install the latest system updates, use the remote lock or data-wipe system on your phone, and learn the process of reporting and resolving a fraudulent transaction if it still happens.