Types of digital payment frauds and how to avoid them

With the proliferation of payment apps and their ability to send money, pay bills, receive money, recharges and instant payments, the dependence on cash is gradually waning. Individuals can now resolve their money needs in a fraction of seconds using the digital modes.

The sudden surge in digital payments has, however, also amplified the risk of cyber theft. Too much online involvement have increased the probabilities of different kinds of a cyber attack.

According to a recent IANS report, a Thane resident lost a little over Rs 1 lakh in an online fraud involving popular payment gateways. The complainant, a resident of Patlipada, wanted to sell his furniture and posted an ad on Facebook, according to a PTI report.

On December 24, he received a call from one Rajendra Sharma who offered to buy the furniture and wanted to transfer the amount through payment gateways. However, instead of the money getting credited to his account, the complainant found that Rs 1.01 lakh were debited from him during three transactions on two payment gateways.

In another case of juice jacking (a type of fraud that involves charging port), one Amit Mishra was at the airport when he noticed his phone battery had nearly drained and was extremely low and needed recharge. He plugged his phone into a nearby USB power charging station at the airport.

After a few hours, Amit received an authorised debit SMS of Rs 80,000 in his account.  On investigation, it was found that the said charging ports were neither monitored nor checked and being in surveillance less condition, the fraudsters easily tampered the cord. The cord contained an extra chip that deployed hidden malware which provided access to all the information stored in Amit's phone to the fraudster.

There are several other cases of online fraud where individuals or groups have been attacked and sensitive information have been stolen.

Fraudsters have become savvy at illegally obtaining information online.  These hackers pose as an authentic representative and contact card owners asking for sensitive information, then use it to steal personal data.

A popular form of cyberattack- phishing- might come in the form of emails or texts or while visiting untrusted websites. Email may look like it is from a legitimate company, and the victim might be asked to click on a link or an attachment to save money on gifts. But on clicking the link, the data could get stolen via malware.

Another form of cyber theft, 'vishing' uses fake caller ID to call or send messages claiming to be from a bank. The fraudster, in this case, may ask the victim to dial a phone number followed by the account number and PIN.

There are a number of ways to protect oneself against fraudulent payments.

According to PhonePe, one should never share confidential details like card number, expiry date, PIN, OTP etc with anyone. "On being asked to give such details by anyone pretending to be an official representative from the bank or any third-party mobile app, tell them to send an official email (do not share your email id as the bank or third party apps would already have your email ID in their records)," it said.  Respond only to emails from the official domain of the  bank or the third-party app.

There are various payments related apps that warns about spam numbers. "If you are receiving a payment request from an unknown account, keep an eye out on the spam warnings. If you spot any suspicious account, make sure to report it to your bank and mark that account as spam," explains National Payments Corporation of India (NPCI).

It is advisable to buy products from reputed online merchants and marketplaces only. Transactions on trusted e-commerce platforms ensure the payments are safe.  It is essential to read the privacy policy to ensure the financial data isn’t being tampered, according to NPCI.

Carefully check every message, popups or requests receive on payments app while dealing with a transaction.

"Pay attention to receiving messages from the bank. Know the difference between a password, PIN and an OTP and carefully examine the message to stay protected. Keep a note of all the messages from the bank," explains NPCI.

According to Karmesh Gupta, CO founder , WiJungle, an Indian Cyber Security company,  one should install firewall/antivirus/defender on their system and smartphones.

"Always use HTTPS website and enable two-factor authentication across all online platforms. Also, enable internet security pack and ad blocker," he said.

One should even avoid charging smartphones/laptops in public places to stay extra safe.

According to PhonePe, in case of an online attack, the victim should immediately report the incident to the nearest cyber crime center and lodge an FIR providing relevant details to the police.