Social engineering tactics are a huge problem, and sometimes scammers use manipulation strategies to fool victims into giving out their credentials. Google Pay fraud is a type of real-time fraud where the attacker gets users to click on malicious links and leak sensitive details. You can use Google Pay to send money to your friends and family, but there is a slight chance attackers could pose as your loved ones. This guide will cover what Google payment fraud is, how to protect yourself from unauthorised transactions, and steps you can take to file UPI fraud complaints.
Did you know? Google Pay was initially launched as Tez in September 2017.
What is Google Pay Fraud?
Google Pay fraud can be classified as any scam that fraudsters lure or manipulate victims into making money transfers through the app. The COVID-19 pandemic has changed the way businesses operate, with many owners choosing to transition to digital modes of payment. Mobile wallet apps have garnered attention over the past two years, and Google Pay transactions are processed through regular credit/debit cards. Over 50,000 websites online accept Google Pay UPI as a mode of payment which means scammers have plenty of opportunities to trick users and steal their money. As mobile wallet usage has increased, customers need to understand how these wallets work, including the step they need to take to ensure their accounts stay secure and not get breached.
Also Read: How to detect fraud activities in fintech?
How Does Google Pay Work?
Google Pay works by letting users link their bank account numbers to the UPI via credit and debit card details. It lets users initiate online payments at POS terminals by simply scanning the QR code during purchases and approving transactions. The app uses near-field communications technology for making contactless payments, and it lets customers make payments wirelessly without having to sign any papers or documents at the merchant's terminal.
Users can add multiple bank accounts to their Google Pay UPI, and the app generates a virtual account number that users can share to authorise digital payments to other users. For receiving payments, all a user has to do is share their UPI handle. And when money is transferred, they have to review the payment. However, people can send money transfer requests to users and ask for payments. Users need to authorise them through the app, and once done, these payments get automatically processed. The transaction history lets users view a complete list of their Google Pay payments made to others via the app.
Is Google Pay secure?
Google Pay is secure by design since all payment details are stored on private servers. When shared, the virtual number prevents the need to disclose bank details to others. Google Pay has a screen lock mechanism and a PIN lock option which adds an extra layer of security for those trying to access the app.
The UPI PIN has to be entered before the money is transferred to and from accounts. If the user's phone is lost or stolen, the app offers a 'Google Find My Device' option to lock it from any remote location. Users can forcefully log out from their Google account and erase their data to prevent attackers from further compromising their security. All payments made via the app are fully encrypted.
How to Stay Safe from Google Pay Fraud
To help stay safe from Google pay fraud schemes, be sure to implement the following guidelines:
Do not share your Google Pay OTP - Your Google Pay OTP must be kept private and not shared with anyone. Make sure your device is secure and lock-screen protected. You don't want anyone to get physical access to your smartphone and get hands-on with your login OTP.
Do not fall for money transfer scams - Scammers often coerce buyers into making money transfer payments to them to sell goods and services. Never initiate Google payments to people you don't know, and use the app to make transactions with only trusted individuals. If you don't know them personally, don't Google pay them.
Do not act on emotion - Scammers excel at using psychological tactics to lure you into action. Sometimes they might scare individuals or instil a sense of emergency. Be aware and do not fall for these ploys. The best strategy is not to read or open unknown messages and links. Delete, ignore, and move on.
Use a Strong Password - If your password is easy to guess, chances are, you could get hacked. Use a strong combination of letters, numbers, and symbols to set your password. Use a lock screen app and enable it with a visual pattern to avoid getting your device broken into. You should make it a practice to change your password once every month to be safe. Also, avoid using your Google Pay UPI password on other mobile apps.
Don't forget to update your app - Your Google Pay UPI needs to be updated whenever new releases or patches come out. Not updating leaves it with various app vulnerabilities and increased chances of getting hacked. You can prevent a fraud transaction by making sure your app is up-to-date.
Avoid approving unknown payment requests - People can make money transfer requests to you through the UPI. Double-check and always make sure to pause before approving a Google Pay UPI request.
Do not download malicious software - Scammers may ask you to download a "special app" for receiving support or fixing problems related to the Google Pay UPI. Do not attempt to engage and avoid downloading these files. If you download these files, they install the malware in the background and give access to your developer options to attackers.
Beware of fake helpline numbers: It is a common scam used at restaurants and outdoor locations. When you look up a phone number outside, there may be a number shown as a Google listing (that is unverified and may belong to a scammer.) When you call it up, the scammer pretends to be a customer care representative and cons the user into making partial or full payments through the UPI.
Counterfeit UPIs - Counterfeit UPIs are apps that bear a close resemblance to Google Pay and are listed on the app store. When a new user downloads and registers, the scammer gets access to their complete bank details. In most cases, these apps are easy to spot since they have fewer downloads and poor reviews on the Google Play Store. New users fall for this if they don't know much about the Google Pay app. Another risk is downloading a fake Google Play app from unverified websites and letting that steal user data. It is always good practice to download the official app from the Play Store before signing up and making online UPI transactions.
What To Do If You've Experienced Google Pay Fraud?
If you suspect you've been scammed or an unauthorised transaction has occurred, you can take the following steps:Get in touch with the bank or financial institution with which your Google Pay account is linked. You can use the form at Report activity-Google Pay Help and submit it to report the matter to Google. Banks provide 24 x 7 support for reporting fraudulent transactions as well. File a grievance complaint about the fraudulent transaction from your end and get in touch with the cyber police department in your jurisdiction.
Trace your UPI transaction ID and see who debited money from your account. Chances are, you can get in touch with their bank and report the matter. Visit your nearest police station to file an FIR and bring evidence. Forward the case file to the other bank and request that they bring up the matter. There's a high chance that the scammer will be forced to answer calls from their bank and follow up.
Now that you know the various ways scammers target Google Pay UPI users, you can take the necessary steps to prevent it.Follow Khatabook for the latest updates, news blogs, and articles related to micro, small and medium businesses (MSMEs), business tips, income tax, GST, salary, and accounting.
Kindly report the case to either your card issuing bank or reach out to the nearest Cybercrime. Send an email to email@example.com to report the case.
Important: Never share OTPs, PINs, or any other codes that you receive via SMS or other channels. Never share your Account Number or Credit and Debit Card details on a public platform.