Tips to use UPI safely and transact with ease

7 MinsJanuary 10, 2020

In April 2016, the Reserve Bank of India introduced the Unified Payments Interface or UPI. In the three years since then, banks and third-party platforms have implemented it for their customers as a payment solution. The usefulness of UPI has been felt by a large number of people, both for merchant payments and peer-to-peer transactions. All leading banks, such as Axis Bank, today offer UPI for carrying out regular payments and transactions. Click to know more about Axis Bank’s UPI service.

upi safely

We have listed down some of the best practices you need to follow while using UPI.

Check the transaction type

Some of the most common errors on the UPI platform are caused due to customers being confused among collect requests and payment requests. Since many users are new to UPI and UPI apps, they’re unable to tell the difference between the two and end up paying for something they were supposed to receive money for. This is particularly common on websites where individuals transact directly with other individuals for goods and services. You should follow these three simple steps to always keep yourself safe from this:

1. Remember that you will never have to enter your PIN to receive money via UPI.

2. Always check the type of transaction (whether funds are to be sent or received, you need to check the name of the payee initiating the transaction, the VPA etc).. If the interface has been designed properly, the transaction type should be evident. On apps like Axis Pay, there’s little scope for you to mistake the type of transaction. Apps should also make it evident in the notification you receive when such a request is generated.

3. When in doubt, reject. If you suspect fraud or see an incorrect amount for a collect request you were expecting, reject the request. You can always ask the sender to resend it, post verification.

Do not install malicious apps

Such a fraud is less common and more complicated. However, it leaves a user even more helpless than the first. In this, a malicious actor poses as a customer care executive/ employee of a certain company or bank. They call the user under the false pretext of a technical error to get the users to cooperate.

Also Read: [Tips to ensure Mobile Security]

After some fake questions about verifying personal details to appear legitimate, they get the user to install a fake version of a UPI app, or even a screen-sharing or remote control application which, at the very least, gives them the user’s PIN. In the worst case, it even gives them complete control of the user’s device. This allows them to transact on the user’s UPI apps from their phone.

  • Don’t engage. Your bank will never discuss sensitive information, such as confidential account-related information, over a phone call.
  • Be wary of malicious apps. Always look for the developer account that uploaded the app, user reviews, and ratings, as well as the number of downloads. For a fake app, this data will be sufficiently different from the genuine app to raise a red flag.
  • Never open emails or click on SMS links without checking authenticity. Most email clients today already highlight suspicious emails but it pays for you to stay vigilant as well.

Do not forward anything on someone else’s request

In addition to users being victimised due to sharing their PIN, one may also fall prey to a particular type of scam which involves “generating a device binding message”. This is a 35 digit unique code sent to the user’s mobile device.user is asked to forward a message to the designated bank number whose UPI app is being defrauded.By doing so, the user’s device/app can be linked to another mobile number. This allows the scammer to link the target’s bank accounts/data to their phone via a UPI platform. Enabling them to transact any amount, once they have the PIN and fetch details of one’s linked bank accounts.. If you’re not paying attention to messages from your bank, it might be a while before you notice something is wrong.

The simplest way to is to avoid this, is to avoid forwarding any unknown message to an unknown number.

Other best practices

There are some other tips you can follow while using UPI to keep your money protected:

  • Pay attention to spam warnings: Third-party apps today highlight suspicious UPI requests from an unknown account with a spam warning.
  • Follow security practices: Implement biometric security for your UPI apps. Never share your device PIN or your UPI PIN in any form.
  • Check your account regularly: There might be minor red flags that you’re missing, which might be caught using this method.
  • Avoid open Wi-Fi: Check for trustworthy Wi-Fi before connecting.
  • Be sceptical of freebies: When someone calls you up for free gifts or cashbacks, it is best to avoid that call.
  • In case anything goes wrong, call official customer care numbers from within the app you’re using.

Despite being a relatively new payment method, UPI has already attracted a lot of attention from all corners of the payments ecosystem, as well as some unwanted targeting from malicious actors. However, if you stick to the practices mentioned above, you should be protected against the current, and perhaps even some of the future UPI frauds that might come your way. Stay safe, bank safer!

Disclaimer: This article has been authored by Siddharth Parwatay, a Mumbai based independent tech-journalist, editor, and content-creator. Axis Bank doesn't influence any views of the author in any way. Axis Bank and/or the author shall not be responsible for any direct / indirect loss or liability incurred by the reader for taking any financial decisions based on the contents and information. Please consult your financial advisor before making any financial decision.