Digital payment is one of the safest mode of payment during COVID 19 epidemic. Google Pay, Paytm and other payment platforms on mobile have become the new target for fraudsters in India. Please go through security tips and best practices to use digital payment channels like Google Pay & Paytm safely and keep fraudsters and cybercriminals at bay.
You post a product listing on OLX, Quikr or a similar site. The fraudster spots your listing and gives you a call saying that are interested in buying the product. They also tell you that they’re unavailable to pay in-person and would like to make a money transfer using the PhonePe app. They might build on their credentials by telling you that they work for the Army, the Police, and the Government etc.
When you receive such calls or a call from an unknown number, be very alert. If they claim to be calling from your bank / retailer / insurance but YOU don’t recognise them, be suspicious. If the conversation turns to asking information about government IDs, documents, personal financial data like your PIN, bank account number, UPI ID, immediately disconnect! Remember: You are not required to ever, EVER, reveal these details to anyone, no matter how convincing they sound.
What you should never do when you get such calls or messages:
- Give in to requests for making an instant transaction, especially while on the call or while online, where the caller says they are standing by.
- Click on a link sent over SMS/email
- Download or install an app/file while on call. These app can monitor your activities and keystroke.
- Share your screen laptop or phone screen using a software or web link they send you.
- Reveal your government ID, PIN, UPI ID, or any bank details over the phone.
- Requests to fill an online form, even if it looks legitimate. Fraudsters often create fake web pages that appear familiar, with logos and designs that resemble your bank or app.
Debit Card and Point-of-Sale (POS) Security Tips
- Treat your card like cash. Always keep your card in a safe place. Memorize your PIN and never write it on your card or store it with your card. Never provide your debit or credit card number, PIN or any other personal information to any entity in response to an unsolicited e-mail or telephonic request. Prompt notice of lost or stolen cards will also limit your potential liability for unauthorized transactions.
- At POS , never allow the cashier or any other person to enter your PIN for you, even if they are assisting you with the transaction. Always keep your PIN a secret. Review your receipt before leaving. Always observe your surroundings especially when using an outdoor POS terminal. Verify your transaction either online or when you receive your statement.
Digital wallets, UPI, Google Pay and Net banking Security Tips
- Always verify and install the authentic app from the Google Play Store and Apple Store. Regularly update Paytm/ Google Pay App.
- Add your email and verify to get notified of any untoward or unauthorised action on your account. In the event you misplace or lose your phone, please get the SIM blocked immediately and log yourself out from web or customer care number.
- Digital wallets and UPI comes with two layers of protection. The first step unlocks the payment application and the second step (UPI pin) lets you complete the payment process. To keep the money in the wallet safe, you need to first set a password for your phone. To protect your phone, you must go to the phone’s Settings > Security > Screen Lock > Choose Screen Lock. Once you are done, you must open app and click on My Security Settings > Manage App Lock > Secure access to app.
- Check all official bank emails and transaction alerts sent via SMS and email for unauthorized transactions. Don’t transfer funds without due validation of who you are transferring funds to. Your transaction cannot be reversed. Never share your Paytm Payments Bank PIN, passcode, OTP and M-PIN with any one.
- You must use QR codes for accepting and making payments as they are unique and encrypted codes, which ensure secure payments. Never scan any QR code to accept payment. Be observant of incoming USSD requests
- Don’t keep too much money in your Paytm or other digital wallet, because if your wallet is hacked, you will lose money. It is good to load the wallet with a small amount of money.
- Always shop or make payments through trusted/reputed websites. Stay away from links you get in your mailbox. Do not enter your confidential account information such as your Paytm Digital RuPay Card Number, Expiry Date, CVV values, etc. with anyone, even if they claim to be from Paytm. Get your KYC done either online or at authorised KYC centre, don’t respond to any call/ email or SMS related to KYC. Never share OTP with any one, OTP is a temporary password which need to be kept secret same as mPIN.
- Always validate mobile money identifier and mobile number. Ensure that you change your PIN regularly
- Your UPI PIN is only needed to send money. Receiving needs no PIN. If someone asks you to enter a PIN, it means you are approving an outward payment.
- Never make a financial transaction — be it a recharge, bill payment, or anything else while distracted. And never do it under pressure with someone on the phone line.
- Always do it with a clear head and give it your full attention.
- Use net banking only from your mobile or computer, don’t use others or publically used/ usable computer.
- Use internet from your own source (your mobile, office network or home Wi-Fi), never use public/ free Wi-Fi for financial transaction.
- Type URL of bank’s internet banking site in browser, don’t believe on any link of email or SMS.
- To avoid any phishing or fraudulent attack, be vigilant while entering user ID and password.
- If you feel something suspicious, enter wrong password of net banking on first time, if you are at genuine bank’s page, it will throw error, then enter correct password. In case of fraudulent bank’s site, it will process wrong password and further ask you more personal and sensitive information.
Be safe, keep transacting!
About the author:
Manoj Kumar Shrivastava is an information and cyber security professional and into Information Technology field for about two decades. He is working as “Chief Information Security Officer” in one of largest general insurance company in India. His articles on cyber security and privacy are published on various platforms, he has been awarded by different forums in cybersecurity era for his professional works.