Summary of this article
UPI fraud losses rise sharply despite fewer cases
Scams move beyond OTP theft into social engineering
AI, merchant checks crucial in fraud prevention efforts
Unified Payments Interface, or UPI, has revolutionised India's digital transactions. But with its increasing growth, fraud cases have sharply risen. According to data published by the Ministry of Finance, during the first six months of the financial year 2024–25, more than 6.3 lakh frauds related to UPI were reported, causing losses of Rs 485 crore.
While the number of fraud cases notified fell to 23,953, the value defrauded went up to Rs 36,014 crore from Rs 12,230 crore in 2023–24. The Finance Ministry published the figures in the Lok Sabha. The figures reveal that while fewer individual cases were reported in some categories, the monetary scale of each fraud has substantially increased.
Various Types of UPI Scams
Previously, UPI scams used to be based mainly on OTP stealing to access bank accounts. Scammers now employ several means outside of OTP theft.
Fake payment success screenshots are one of the most common methods. Users are presented with a picture of a successful transfer, and it makes them pay the scammer.
Impersonation scams are also prevalent. The scammers pretend to be friends, relatives, or even bankers. They fabricate a fake crisis and compel victims to transfer money immediately.
Malicious QR codes are another technique. Scammers share QR codes that, on being scanned, lead users to spurious websites or applications in order to steal UPI credentials and personal information.
Small-value test transactions are becoming the norm. Fraudsters send a Rs 1 transaction or a small amount of rupees to the account of the victim first to ascertain whether the account is active or not, before even trying to make larger scams.
There are also fraud customer care calls or messages. Fraudsters call or message users saying there is an issue with their account or UPI app and try to extract sensitive information.
Delhi Police reports that 25,924 complaints regarding UPI fraud were made during the first half of 2024. Trust-based frauds like these are among the most frequently reported means.
MobiKwik Case
A recent stark example, on 17th September, was with the MobiKwik app. One software update temporarily disabled part of the security screening, and fraudsters could make unauthorised transactions of around Rs 40 crore.
The authorities have retrieved Rs 14 crore, and Rs 26 crore is still unaccounted for. This case indicates that even well-established websites could be vulnerable to massive fraud if technical weaknesses exist.
Beyond OTP Scams
Experts note that fraud prevention now goes beyond technical safeguards. Reeju Datta, co-founder of Cashfree Payments, said, "UPI scams have moved far beyond simple OTP theft. Today, fraudsters rely on social engineering, tricking users into authorising payments themselves through fake payment requests, impersonation of trusted entities, or urgent-sounding messages."
He added, "AI-driven fraud detection and stronger KYC are important tools. They can detect behavioural anomalies, identify synthetic identities, and create proactive user guardrails."
The RBI’s new Master Directions for Payment Aggregators, released earlier this week, stress stronger merchant governance, creating a more robust foundation for the ecosystem.
Savita Vashisht, the co-founder and executive director of NPST, a digital infrastructure provider, said, "Banks and fintechs are moving beyond static rules toward adaptive AI that learns in real time. Machine learning now processes vast volumes of transactional and behavioral data to establish baselines for normal activity across users and merchants. Any significant deviation is flagged instantly, enabling fraud prevention before losses occur."
She also explained that fraud is increasingly linked to merchant behaviour. "Fraud originates not from isolated rogue transactions but from merchants who misrepresent their business. While static measures such as Merchant Category Code blocking remain useful, sophisticated actors often disguise themselves as ‘retail’ merchants while conducting restricted activities," Vashisht added.
Nowadays, scams based on trust, and not technology, are increasing at a faster rate. Most of these cases include small but recurring transactions, yet the total loss can be substantial.
UPI scams in 2024–25 reveal a distinct trend from OTP-based frauds towards human-oriented tactics. Data from the Finance Ministry and Delhi Police reveal increasingly higher numbers of incidents and monetary loss. Scammers now blend digital methods with psychological approaches, so that detecting them has become challenging.
