Unified Payments Interface (UPI) has transformed the digital payment system in India with instant transfers, integrated mobile ease, and broad reach. UPI processes billions of transactions monthly as of 2025, demonstrating a huge transformation in how Indians transact their daily lives. But with popularity comes increased risk, especially fraud.
Indians have lost a staggering Rs 2,145 crore to UPI-related frauds across 27 lakh reported incidents since the financial year 2022–23, as presented by the Ministry of Finance in the Lok Sabha. These aren't isolated events. They are part of a rising trend that exposes serious vulnerabilities in the way digital transactions are conducted and monitored.
Advertisement
A Rising Wave of Complaints
During the first six months of the financial year 2024–25, the government reported 6.3 lakh fraud cases related to UPI transactions, and the losses incurred were Rs 485 crore. The previous year, FY2023–24, had recorded more than 95,000 grievances in a single quarter (Q4), a sharp increase from 43,000 cases reported during the corresponding quarter of the previous financial year.
Concurrently, the overall number of UPI transactions keeps increasing at a fast pace. During FY2024–25, UPI saw about 185 billion transactions. Although this is an enormous count by international standards, it was still short of the 200 billion UPI transactions target set by the Indian government for the year. The figures underscore the extent to which UPI has become entrenched in India's payment ecosystem—despite the potential for scams to erode confidence in the system.
Advertisement
How UPI Scams Really Work
These statistics are troubling, but even more disturbing is the ease with which UPI scams can take place. In contrast to regular bank fraud that takes more sophisticated approaches, UPI scams tend to be implemented through simple mind games, social engineering, and mobile technology.
Most of the times, scammers pose as customer service representatives or officials from banks and dupe users into sharing sensitive details like UPI PINs or OTPs. Other scammers use technical loopholes—phishing links that replicate authentic payment gateways, tricking victims into submitting their credentials on fake websites.
There are also scams in which scammers ask for money in the name of an incorrect payment and send a forged screenshot as 'evidence' of a refund. No money is actually credited to the victim's account, but a reverse transfer is done on the basis of false trust. Another popular technique includes forged QR codes or payment request links that, when scanned or approved, deduct money rather than receive it.
Advertisement
Gaps in Awareness and Infrastructure
In spite of several rounds of awareness programs, numerous consumers—particularly one-time digital users—still have no idea. This is mostly in Tier 2 and Tier 3 cities where financial technology adoption may be ahead of awareness about the associated risks.
In response, the Ministry of Finance has mentioned that various operational and regulatory controls are in place. UPI transactions already have two-factor authentication and there are per-day limits on transactions to prevent large-scale theft. The National Payments Corporation of India (NPCI), operating UPI, also has fraud detection and risk avoidance systems based on artificial intelligence and machine learning.
Why Immediate Reporting Matters
However, as statistics indicate, these provisions are anything but foolproof. The government claims that customers who are victimised in unauthorised digital transactions can lodge their complaints in the cybercrime helpline (1930) and report the incident on the National Cybercrime Reporting Portal. Banks are required to investigate the case if it is brought to their notice in time and, in certain circumstances, compensate the customer.
Advertisement
But the initial 24 hours are most important. If the experience is not reported right away, victims can find it hard to establish fraudster negligence. This makes user caution not only imperative—but crucial.
Steps to Stay Safe
To remain secure, users must never give away their UPI PINs or their personal banking information over the phone or on social media, regardless of how authentic the caller appears. Links that come via SMS or WhatsApp must never be clicked if not from reputable sources. Also, it's advisable to never install unfamiliar apps—particularly screen sharing apps—at someone's request.
The Bigger Picture
The increase in UPI fraud suggests an underlying problem: while India has embraced digital payments rapidly, the mechanisms for securing them and user training to enable safe use have not always kept up. The information published by the government clearly indicates that UPI fraud is not an esoteric problem—it is a mass problem hitting average people.
Lacking more robust structural deterrents, users are still the front line of defence. Understanding how these scams work, being able to spot red flags, and acting fast could be the difference between a safe payment and a lost bank balance.
