Under siege?
UPI scams like phishing, impersonation, and fake apps highlight the need for swift action, robust legal frameworks, and proactive measures to protect users and prevent financial losses

UPI and various other scams through e-modes have come to light over time. These include voice phishing, a very common type of fraud wherein a scammer calls pretending to be a bank or other representative. The scammer provides fake information and a sense of urgency to obtain UPI details or PIN numbers. Impersonation is another method, where fraudsters disguise themselves as genuine sellers. When approached for a product or service, they take the money but fail to deliver.
Other scams include fake UPI payments, where fraudsters generate fake UPI QR codes. Scammers also create fake UPI apps or websites that mimic legitimate ones, tricking users into using them. Screen monitoring scams involve applications that record personal and banking details without the user’s knowledge; criminals find ways to install such apps secretly.
There are also UPI frauds via collection requests, where fraudsters send a collection request and claim payments for debit reversals or refunds. They may use high-pressure tactics to compel users to make payments. Similarly, QR code scams involve scammers sending users a QR code under the pretence of transferring money. When users scan the code, it instead transfers a payment from their account. Fraudsters may also use misleading UPI handles, employing tactics like offering attractive deals to lure individuals into making payments to fraudulent UPI IDs. Cases of irregularities in foreign exchange transactions have also been reported. These are just some of the common scams.
Several provisions in the erstwhile Indian Penal Code, as well as the current Bhartiya Nyaya Sanhita, 2023, address such illegalities. Common provisions include those related to cheating, impersonation, theft, misappropriation, criminal breach of trust, fraud, forgery, the use of forged instruments, manipulation of accounts or fictitious accounts, and falsification of records. The applicable provisions depend on the specific crime committed. Punishments include imprisonment and fines.
The provisions of the Information Technology Act, 2000, may also apply. For instance, Section 66C refers to fraudulently or dishonestly using another person’s electronic signature, password, or unique identification feature. Section 66B deals with the punishment for dishonestly receiving stolen computer resources or communication devices, while Section 66D pertains to punishment for cheating by impersonation using a computer resource. In some cases, Section 66 read with Section 43 of the Act may be relevant. Violations under these sections also carry penalties, including imprisonment and fines.
Time is of the essence in such cases. There are various steps one can take immediately, depending on the type of fraud committed. These may include reporting to the UPI service provider, filing a complaint on the National Payments Corporation of India (NPCI) portal, reporting the fraud to the bank where the account is maintained, lodging a police complaint, and registering a complaint on the official cybercrime portal of India. Banking ombudsman services may also be approached. Additionally, steps like changing the PIN/password, monitoring transactions, blocking the account, and following other measures suggested by entities may be undertaken.
Government departments have been quite active and are exploring different ways to address such frauds. Apart from the NPCI portal, the Department of Telecommunications has launched the Digital Intelligence Platform. There are also call reminders warning citizens about potential scams. Further, the idea of conducting such transactions via video call could be considered—especially when dealing with individuals one does not regularly interact with, and at least for the first year of such interactions. Of course, guidelines regarding the timing of calls, obtaining permission before video calling, ensuring calls are made only from specified offices, or having an official from the workplace present on the call in work-from-home scenarios could be laid down. The PAN 2.0 project, which is expected to revolutionise compliance, could also be leveraged for e-transactions. Agents on video calls could be mandated to display the new-age digitised format, and modalities could be developed to help consumers verify genuineness on government sites. While these measures might be time-consuming, the money saved would make them worthwhile. A directory of authentic and non-authentic entities, along with their PAN numbers, could also be created.
Additionally, proactive steps by the police, similar to the way crimes against women have been controlled in some metropolitan cities—where police immediately reach out to women physically—could be implemented in cases of fraud. In such cases, authorities could reach out to victims either via video call or physically in more severe instances.
Proactiveness and precautionary steps can help control the loss of money, which can otherwise be used for nation-building and individual growth. While a lot is already being done, some extra steps are well worth considering.
The writer is a practising Advocate in Supreme Court and High Court of Delhi. Views expressed are personal