Drop your guard and lose money: RBI’s alert on digital payments

With a surge in usage of digital modes of payment in recent years, incidents of frauds in retail financial transactions have also gone up. The RBI has released a booklet titled ‘BE(A)WARE’, as a part of the public awareness initiative against these threats

There has been a surge in usage of digital modes of payment in recent years and it has gained further momentum during the Covid-19 induced lockdowns. While enhancing customer convenience, it also furthered the national objective of financial inclusion. However, as the speed and ease of doing financial transactions has improved, the number of frauds reported in retail financial transactions have also gone up. The Reserve Bank of India (RBI) on March 7, released a booklet on modus operandi of financial frauds, titled ‘BE(A)WARE’, as a part of the public awareness initiative by its Consumer Education and Protection Department.

Fraudsters have been using innovative methods to defraud the common and gullible people of their hard-earned money, especially the new entrants in the use of digital platforms who are not entirely familiar with the techno-financial eco-system. The RBI booklet has been compiled from various incidents of frauds reported as also from complaints received at the offices of RBI Ombudsman to provide maximum practical information of value, especially to those who are inexperienced, or not so experienced, in digital and electronic modes of financial transactions.  The Central bank says that this booklet is intended to create awareness among the members of public about the modus operandi adopted by fraudsters to defraud and mislead them, while also informing them about the precautions to be taken while carrying out financial transactions.

Yogesh Dayal, Chief General Manager, RBI emphasizes the need for keeping one’s personal information, particularly the financial information, confidential at all times and be-ware of unknown calls/emails/messages, practicing due diligence while performing financial transactions and changing the secure credentials/passwords from time to time. Dayal says this booklet is part of the public awareness initiative by the Consumer Education and Protection Department, Reserve Bank of India.

While informing about the precautions to be taken while carrying out financial transactions, the booklet says that fraudsters create a third-party website which looks like existing genuine website, such as bank’s website or e-commerce website or search engine, etc. These links are generally circulated by fraudsters through SMS/social media/email/Instant Messenger, etc. Most of the time, customers enter secure credentials by just having a glance and clicking at the link but not checking the detailed URL. The links are masked through authentic looking names of websites, but in reality, the customer gets redirected to phishing website.

When customers enter secure credentials on these websites, the same is captured and used by the fraudsters. Precaution One should not click unknown links and should delete the SMS/email immediately to avoid accessing them in future. Care should be taken to verify the website details especially where it requires entering financial credentials.

Imposters call or approach the customers through telephone call/social media as bankers/company executives/insurance agents/government officials, etc., and seek confirmation of the secure credentials by sharing few details such as name or date of birth to gain confidence. In some cases, the imposters pressurize/trick customers into urgently/immediately sharing confidential details citing emergency, details required to block transaction, payment required to stop penalty, get attractive discount, etc. These credentials are then used to defraud the customers.

Fraudsters pretend to be buyers on online selling platform and show interest in your product. Instead of paying money to you, they use “request money” option through UPI app and insist on approving the request to pull money from your bank account.  Fraudsters use MLM/Chain Marketing/Pyramid Structure schemes to promise easy or quick money upon enrolment/adding of members. The schemes not only assure high returns but also pay the first few instalments (EMIs) to gain confidence of gullible persons and attract more investors through word of mouth publicity. The schemes encourage the addition of more people to the chain/group. Commission is paid to the enroller for the number of people joining the scheme, rather than for the sale of products. This model becomes unsustainable after some time when the number of persons joining the scheme starts declining. Thereafter, the fraudsters close the scheme and disappear with the money invested by the people till then.


Do’s and don’ts

Do not click on unknown/unverified links and immediately delete such SMS/email sent by unknown sender to avoid accessing them by mistake in future. Unsubscribe the mails providing links to a bank/e-commerce/search engine website and block the sender’s e-mail ID, before deleting such emails.  Be wary of suspicious looking pop ups that appear during your browsing sessions on the internet. Always check for a secure payment gateway (https:// – URL with a padlock symbol) before making online payments / transactions. Keep the PIN (Personal Identification Number), password, and credit or debit card number, CVV, etc., private and do not share the confidential financial information with banks/financial institutions, friends or even family members. Avoid saving card details on websites/devices/ public laptop/desktops. Turn on two-factor authentication where such a facility is available. Never open/respond to emails from unknown sources as these may contain suspicious attachment or phishing links. Do not share copies of chequebook, KYC documents with strangers.

One should be careful while making financial transactions for online products. Always remember, to receive money there is no need to enter your PIN/password anywhere. If UPI or any other app asks you to enter your PIN to complete a transaction, it means you will end up sending money instead of receiving it. Many customers click on the link without checking the detailed Uniform Resource Locator (URL) and enter secure credentials such as Personal Identification Number (PIN), One Time Password (OTP), Password, etc., which are captured and used by the fraudsters.
Always go to the official website of your bank/service provider. Carefully verify the website details especially where it requires entering financial credentials. Check for the secure sign (https with a padlock symbol) on the website before entering secure credentials. Check URLs and domain names received in emails for spelling errors. In case of suspicion, inform the local police/cybercrime branch immediately.