As UPI Expands, So Do Scams, Here’s How Users Can Stay Safe

As fraudsters adapt, financial institutions, fintech firms, and consumers must stay a step ahead. A secure digital payments ecosystem isn’t just about innovation—it’s about trust, awareness, and proactive defense against ever-evolving financial crimes

While UPI transactions hit a new record of a whopping 16.58 billion in October, amounting to Rs 23.50 lakh crore, this surge in digital payments is unfortunately accompanied by a concerning rise in fraudulent activities. According to Reserve Bank of India data, digital payment frauds witnessed a more than five-fold increase to Rs 14.57 billion in the fiscal year ending March 2024.

Talking to Bizz Buzz, Animesh Jha, Vice President - Fraud and Risk Management, Wibmo, a PayU company says, “As UPI continues to drive India's digital payment ecosystem, user vigilance remains crucial. While the technology offers unprecedented convenience, understanding and implementing security measures is essential. Financial institutions and regulatory bodies are continuously enhancing security frameworks, but user awareness and proactive prevention remain the first line of defence against UPI fraud.”

Evolving fraud techniques

In vishing and impersonation, fraudsters pose as bank representatives, conducting elaborate phone schemes to extract sensitive information like PINs and passwords. These scammers often use social engineering techniques to gain trust before requesting personal details.

Similarly, in QR code and payment manipulation, fraudsters use fake QR codes to redirect users to phishing sites or malicious apps. They also generate convincing fake payment receipts to deceive users.

In technical exploitation, fraudsters now employ SIM cloning techniques to intercept one-time passwords, effectively bypassing this critical security measure.

Coming on deceptive collection requests, scammers exploit the UPI collect feature, creating urgency to pressure victims into authorizing fraudulent transactions.

Strategies to deal with fraud

In case of immediate security measures, users must maintain strict confidentiality of their UPI PINs, passwords, and OTPs, understanding that these credentials should never be shared under any circumstances.

Also, users must go for digital hygiene practices. It means maintaining good digital hygiene is essential for long-term security. This involves regular monitoring of account activities to quickly identify any unauthorised transactions.

Moreover, users should carefully verify UPI IDs before initiating payments, maintaining a healthy skepticism toward unexpected collection requests, and taking the time to verify merchant legitimacy through official channels.

With the growth of digital payments globally, internet and card frauds have become increasingly sophisticated, requiring advanced security measures. A comprehensive approach to the evolving threats would be necessary for the protection of consumers and businesses alike.

New trends in frauds in 2025 include the emergence of synthetic identity fraud where fraudsters mix real and false information to generate new identities and increased attacks on mobile payment platforms due to weak security on devices. Phishing scams and account takeover fraud continue to target unsuspecting users by taking advantage of personal information.

Shikhar Aggarwal, Chairman of BLS E-Servcies said, “Technological advancement provides promising solutions in mitigating the risks involved. Advanced artificial intelligence and machine learning algorithms have revolutionized the detection of fraud by being able to recognize patterns and anomalies that are considered suspicious in real time. For instance, an AI-driven risk engine can look into transactional patterns and flag possibly fraudulent activities more accurately with lower false positives, thus enhancing user experience.”

Biometric authentication is increasingly considered a safe form of alternative against traditional passwords and PINs as it provides multi-layer security for digital transactions through facial recognition, fingerprint scanning, voice recognition, as well as tokenization, which replaced sensitive card data with unique tokens to ensure there is no original data exposure involved in payment process.

Collaboration between financial institutions, fintech companies, and regulatory bodies is essential to stay ahead of fraudsters. Sharing threat intelligence and standardizing best practices will foster a more secure payments ecosystem.

Consumers, too, must play a role by adopting security-conscious habits, such as enabling two-factor authentication, using secure connections, and regularly monitoring account activity.

The battle against internet and card fraud in 2025 will depend on the continuous innovation of security technologies and collective vigilance. Strengthening trust in digital payments requires a proactive, technology-driven approach that adapts to the dynamic landscape of financial crime

Kunal Varma, Co-Founder and CEO, Freo said, “Digital payments are multiplying, and so are the methods used by fraudsters. In 2025, we’re seeing new threats like synthetic identity fraud and AI-powered scams becoming more common.”

To combat these, the focus needs to be on real-time monitoring, advanced fraud detection systems, biometric authentication, and stronger user awareness. Building smarter, more secure payment ecosystems is the key to staying ahead of these evolving risks.