Instant Payments, Instant Fraud? How The Rules Of Financial Crime Are Changing

The rise of instant digital payments has transformed the way people transfer money, and has also changed how financial frauds are carried out. A report by Thoughtworks has now shown that fraud is moving away from technical attacks on banking systems to tactics that manipulate consumers into authorising payments themselves.

It said that since money moves within seconds through instant payment systems, detecting suspicious transactions before they are authorised has become more important than reviewing them after the transfer is complete. The disappearance of transaction review windows has made fraud recovery more difficult, it said.

The report, titled Five Key Trends Shaping the Future of Payments and Global Money Movement, also cited experience shared by actor Rituparna Sengupta about how these scams are evolving. Ahead of a family gathering during Diwali, she searched online for a familiar neighbourhood store from which she had made purchases earlier. She found what appeared to be the store’s website and called the listed number. The callers spoke confidently, discussed product availability and accepted two digital payments totalling Rs 58,000. When the promised delivery did not arrive, she visited the store and discovered that the website and contact number belonged to fraudsters who had similarly deceived several other customers.

"It didn't strike me to cross-check because I was in a hurry. They sounded familiar, spoke about product availability and made everything seem genuine. It was only when they stopped answering my calls and I went to the store that I realised I had been scammed," Sengupta said.

Fraud Is Targeting Human Behaviour

This type of fraud is known as authorised push payment (APP) fraud, where victims unknowingly approve the payment themselves after being persuaded by fraudsters.

“The most important shift to understand is this: fraud has moved from the technical layer to the human layer. Fraudsters are no longer trying to hack into banking systems. They are hacking people,” said Muralikrishnan Puthanveedu, head of banking, financial services and insurance practice, India and the Middle East, Thoughtworks.

These scams commonly involve impersonation. Fraudsters may pose as bank officials, government agencies, courier companies, customer care executives or even family members. They often create a sense of urgency by claiming an account will be blocked, a parcel is being held or an immediate payment is needed.

The report has identified APP fraud as one of the fastest-growing threats in instant payments because the transaction appears legitimate after the customer authorises it.

Another common method involves fake refund requests and QR codes. Consumers may be told to scan a QR code to receive money, even though scanning a QR code on UPI always initiates a payment rather than credits funds to the account.

Why Recovery Becomes Difficult

The report said that once money reaches the fraudster's account, it is often transferred through multiple intermediary or “mule” accounts within minutes. This makes tracing and recovering funds significantly harder.

“Once a UPI payment completes, there is no automatic reversal. The first sixty minutes matter more than everything that follows combined,” Puthanveedu said.

He advised victims to immediately call the National Cybercrime Helpline, 1930, raise a dispute through their UPI application, and inform their bank. Acting quickly increases the possibility of freezing funds before they are transferred further.

AI Poses New Challenges

The report said that artificial intelligence (AI) is creating new challenges for digital payment security. Deepfake voice and video technology can now imitate family members, company executives or bank representatives, making fraudulent requests appear more convincing.

Another emerging risk is known as “agentic fraud”, where AI-powered software agents can start initiating payments on behalf of users. If such systems are compromised or manipulated, fraudulent transactions may resemble legitimate authorised payments, making detection more complex.

To mitigate such threats, banks and payment platforms are adopting behavioural analytics, device binding, SIM swap detection, biometric authentication and remote access detection to detect any suspicious transactions, even before they are completed.

Separately, the Reserve Bank of India (RBI) has proposed measures, such as a one-hour cooling period for certain high-value digital transactions in its discussion paper on curbing payment frauds. The RBI has also announced a digital fraud compensation framework, scheduled to be introduced as a pilot from January 1, 2027, to strengthen customer protection in eligible cases.

“The answer is not to stop trusting the system. It is to build the habit of verification into every transaction involving money you cannot afford to lose,” Puthanveedu said.