Amit Sanghvi, a 25-year-old from Mumbai, was cheated of Rs 20,000 while using a Unified Payments Interface (UPI) application. He had called a fake helpline number of the UPI developing company. Amit is from Udaipur, but moved to Mumbai, where he got a job, in March 2016. He used to transfer money to his family and friends using UPI applications such as Bharat Interface for Money (BHIM), Google Pay and PhonePe.
Fake app helplines
On 29 September, 2018, Amit initiated a transfer process to send Rs 20,000 to his father using BHIM (UPI app). But app displayed a message stating that the transaction had failed. However, he received an SMS from his bank stating that his account had been debited with the same amount.
He was stunned after reading the message from the bank, but decided to wait for a couple of hours as, often, such transactions get reversed and the amount returns to the savings account. But even after waiting for an entire day, there was no update from the bank about any reversal of the amount to the account linked with the UPI app.
So, he decided to connect with the call centre from a helpline number given on the twitter account of the app developing company that claimed to solve problems related to money transfers, cashback, KYC etc. on the UPI app. He realised that the call centre was a fake one.
Fraudsters had created a fake twitter account for BHIM and given a fake call centre number. So, consumers ended up complaining on this fake twitter handle or calling them for any complaints.
Amit was one of the victims to have given a call on this fake call centre number. The person (fraudster) claiming to be the app developing company’s representative on the call took his complaint of unsuccessful transfer. The call centre fraudster assured Amit that such technical glitches were common and that he did not worry. He further said that a few more notifications would be delivered to his mobile number and that he needed to accept them.
Amit did what he was instructed to do by the representative (fraudster) on the call. He started accepting all the notifications, expecting the reimbursement of the Rs 20,000 he had lost.
Amit says, “I accepted those notifications, entered the PIN while being in conversation on call with the fraudster and immediately Rs 20,000 got wiped off from my bank account linked with UPI app which I realised only after hanging up the call.”
Fraudsters are finding different ways to cheat consumers using technology.
Here is how you should seek redressal in such issues and the steps you need to take immediately after you realise that you have been defrauded.
Preserve transaction details
In case you observe any suspicious activity in your bank account linked with your UPI app or if you unfortunately are a victim of any fraudulent transactions on the UPI app, the first step to take is to make screenshots of the transaction suspected to be fraudulent. Jayant Saran, Partner at Deloitte India says, “You need to store important information associated with the UPI transaction such as transaction ID, and beneficiary bank account details. This information will be useful while complaining to the police, bank and UPI app companies at subsequent stages.”
Sajai Singh, Partner at J. Sagar Associates adds, “You should also change your password / PIN on UPI app immediately to curb fraudulent transactions in your bank account.”
Raise a flag with bank, UPI app company
In case any fraudulent transaction has been committed with your bank account linked to the UPI app, immediately register a complaint by giving a call or sending an email to your bank. Also, request your bank to block future UPI transactions associated with the account.
Generally, during the process of on-boarding in any UPI application, the app and banks send text messages (SMS) at various stages—registration, adding a bank account and while setting the UPI PIN. Praveena Rai, Chief Operating Officer at the National Payments Corporation of India says, “If you are not registered for UPI services on any app but happen to get an SMS regarding the on-boarding process having been initiated, then reach out to your bank immediately and lodge a complaint.”
You also need to lodge a complaint of fraudulent transaction with the UPI app developing company to investigate the issue. Dewang Neralla, CEO of payments solution company Atom Technologies says, “There are mechanisms in place to raise the issues in case of disputes with most of the UPI app developing companies. For instance, on Google Pay, there is a dispute option on each paid transaction to raise the complaint if you feel it’s suspicious / fraudulent.” One can also raise the issue with the National Payments Corporation of India (NPCI) for fraudulent transaction on BHIM by clearly giving the details of the incident.
The registered cases with the bank and UPI company will have to be resolved within 10 days of reporting the fraud.
Complain to the cyber-crime cell
After you notify your bank and the UPI app developing company, you should also file a written complaint with the nearest police station. Mukul Shrivastava, Partner, Forensic and Integrity Services at EY suggests, “You should file the first information report (FIR) with the local police station and request them to forward it to the cyber-crime cell in case the police station in your area doesn’t have this division. This is because cyber-crime cells have the expertise to investigate digital fraud cases.”
While filing the cyber-crime complaint, you need to provide your identity proof, contact details and address proof. You would also need to provide your last six months’ bank statement, details of the fraudulent transactions and a copy/screenshots of the messages received while making those transactions.
Take the issue to the ombudsman for digital payments
In January 2019, Reserve Bank of India (RBI) launched an ombudsman scheme for digital payments. The idea was to have the mechanism of ombudsman for redressal of complaints against deficiency in services related to digital transactions. The deficiencies identified and included are delays in payment/credit/refunds, unauthorized transfers, and failure to act on instructions given by the customer (example: stop payment).
Saran says, “The instructions regarding fraudulent transactions are not clearly articulated by the RBI to lodge a complaint with ombudsman; however, the complaint form does not bind the complainant to adhere to the above grounds and hence registering and getting the complaint acknowledged should be a priority in case of a fraud.”
You can file a complaint with the ombudsman and send it to the concerned office of the ombudsman by post/fax/hand delivery. You can also file it by email to the ombudsman for digital transactions. A complaint form is also available on RBI’s website, though it is not mandatory to use this format.
Singh says, “The complainant is required to give following details to ombudsman for reviewing a case: name and address proofs, the facts giving rise to the complaint supported by documents/screenshots/messages, the nature and extent of the loss and the name / contact number / address (any information that is available) against whom the complaint is made.”
Anuj Bhansali, Head of Fraud and Risk at PhonePe says, “Frauds such as the ‘request money’ ones typically don’t fall under the ombudsman scheme as they are incurred by fooling the user into doing a spurious transaction.”
Shrivastava suggests, “To prevent frauds arising due to ‘request money’ option, UPI developer companies should introduce a choice in the user interface to disable and enable this ‘request money’ for consumers. Given this choice to consumers may control fraudulent transactions arising out of it.”
Need for centralised body to streamline the process
Bhansali says, “There is a need for the Government to think about creating a centralised committee that includes banks, payment gateways, payment platforms, new age fintech players and law enforcement agencies. Today, these fraudsters are able to get away with such conning because of a lack of an official framework that leads to poor coordination between agencies causing the money trail to vanish before the law enforcement agency can act.”
For instance, if a customer’s bank account is in Rajasthan, and say he/she works in Bangalore, the fraudster is from Madhya Pradesh and the fraud money is withdrawn in West Bengal. Investigation in such a case this entails working with four states to actually source the information. No law enforcement agency will have the jurisdiction to cover all states unless it is moved to the central government. A centralised body can streamline this process and bring relief to users.
Digital app-based payment is only three years old. Experts are of the opinion that, with time, new regulations are expected to be rolled out. Such laws would protect the consumers.
But being extra careful while making app-based money transactions is the most important aspect to note. It is imperative for consumers to first verify the source of the request before proceeding with any transfer. RBI’s ombudsman scheme does not accept complaints in cases where, legitimately, the consumer has entered the PIN and transferred the amount using UPI apps. So, prevention is always better than cure.