NEW DELHI : There is no end to the number of ways fraudsters can dupe you out of your money if you’re not careful. Hyderabad-based Sejuti Baral got a nasty surprise when an attempt to sell her old phone online ended in her losing almost six months’ worth of savings. “I put my old one up for sale on an e-commerce website. Someone from Visakhapatnam bought it and transferred the money through Google Pay, and all I had to do was send the parcel to the given address,” said the 30-year-old learning designer. Baral called a local DTDC courier service number she found listed online. The person on the line told her he would call up from another number. He then sent her a link to a Google form from the new number and asked her to fill in her details to request the pick-up. “I opened the form and entered my name and UPI ID. He asked me to enter the PIN, and clarified that it was part of the procedure. Unlike other payment gateways where the numbers turn into dots or asterisks as you type, the PIN was showing up on the form. I got suspicious and deleted the PIN immediately, but by then it was too late,” she said.
Baral’s State Bank of India account, which was linked to Google Pay, saw eight transactions of ₹9,999 each and one of ₹8,000, in quick succession. Baral lost about ₹88,000 within minutes or so. “I tried blocking my SBI account when I realized that this was an incident of fraud, but I couldn’t log into my account. The pop-up said it was a duplicate entry, which meant they were already accessing my account. All I could do was look at my screen helplessly as notifications of debit transactions kept popping up,” she said.
Incidents of fraud have become fairly common, but few know how they can seek recourse if they are defrauded on an e-wallet platform. We tell you what the rules are and how you can protect yourself.
In January 2019, the Reserve Bank of India (RBI) mandated that users of mobile wallets be provided the same safety as offered to regular credit or debit card holders. The rules bring in more clarity on what happens when unauthorized or fraudulent transactions take place on mobile wallets. RBI made it mandatory for all transaction SMSes that users receive from these platforms to have a contact number or email ID which can be used to report unauthorized transactions immediately, if necessary.
It also asked e-wallet companies to set up 24×7 customer care helplines to report fraud or any loss or theft, to ensure that customers are assisted and given full refund if a case of fraud occurred due to the negligence or deficiency on the part of the wallet provider. RBI mandated that if such cases are reported within three days, the entire amount be refunded. If the fraud is reported within four to seven days, the transaction value or ₹10,000, whichever is lower, be refunded. If the fraud is reported after seven days, the refund will be as per the RBI-approved policy of the e-wallet company.
However, there is a caveat here. According to the guidelines, a customer is liable for the loss due to unauthorized transactions if it is due to her negligence, such as where she has shared the payment credentials. In such cases, the customer will bear the entire loss until he reports the unauthorized transaction to the bank. Any loss occurring after the reporting of the unauthorized transaction shall be borne by the bank.
Baral informed the cyber crime cell within an hour of the incident and lodged a written complaint with the branch manager of her bank. She also followed up with the police, but nearly 15 days after the incident, she still hasn’t heard back from anyone. “I never mentioned my PIN to the scammers verbally. I suspect they had access to my mobile screen and could view anything I typed,” she said. Baral has decided to escalate the matter with various authorities until she gets a resolution.
Prevention is better, and in this case, much easier than the cure. In order to avoid being defrauded of your money and having to seek recourse, you can take a few measures to ensure that your online transactions are secure. Baral’s mistake was to type in her PIN on an unverified form. Never enter your PIN, CVV or OTP unless you are absolutely sure that you are on a secure payment gateway of platform.
“Avoid using public WiFi as they are a haven for criminals looking to intercept your connection and use it to steal passwords, banking or credit card information, and other personal data. Even if you are connected to a legitimate access point, make sure that the sites you are using are protected using SSL (secure sockets layer), or consider using a VPN to protect your transactions,” said Michael Joseph, director system engineering, India and Saarc, Fortinet, a cyber security solutions company.
Joseph also warns against duplicitous apps and websites which you might unwittingly access. This also applies to looking up phone numbers online, as anyone can list a fake number with the name of the service provider you are looking to connect with. Always look up the official website and call the number listed there. “Every browser supports secure transactions using SSL encryption. But to be safe, make sure your connection is secure before you make mobile payments. You can do this by looking at the URL bar of your browser and making sure that the address starts with https:// rather than http://. You can also look for the little lock icon on your browser. These will mean that your transaction is protected,” said Joseph.
It’s nearly impossible to predict what the next modus operandi is going to be. To safeguard your money, stick to a few cardinal rules like using only secure payment gateways and never sharing your PIN with anyone, and always be careful.