UPI fraud is surging. Here’s how fintechs and regulators are fighting back

The rapid expansion of Unified Payments Interface (UPI) transactions in India has been accompanied by a parallel rise in fraud incidents. According to data presented in the Lok Sabha, UPI-related fraud incidents increased from 7.25 lakh cases involving ₹573 crore in FY2022–23 to 13.42 lakh cases involving ₹1,087 crore in FY2023–24. This surge comes alongside unprecedented growth in digital transactions.

As per the PwC report Combating Payments Fraud in India’s Digital Payments Landscape (April 2025), UPI volumes have expanded from 92 crore transactions in 2017–18 to 13,116 crore transactions in 2023–24, making it a dominant component of India’s digital payments infrastructure. While this growth has strengthened financial inclusion and reduced friction in payments, it has simultaneously expanded the surface area for fraud.

The increase in reported fraud cases is partly attributed to improved reporting mechanisms by banks and financial institutions, as indicated in a Rajya Sabha response.

Meanwhile, the PwC study highlights that fraud is increasingly driven by social engineering tactics such as refund scams and AI-enabled impersonation. Common fraud methods include phishing links, fake customer support interactions, unauthorised collect requests, screen-sharing applications, QR code manipulation, and SIM swap fraud.

MUST READ: How difficult is it to close a vehicle loan in India? Expert highlights new digital changes

Gautam S. Mengle, Assistant Vice President at Culsight, said, “Assigning blame to either technology or users misses the point entirely. UPI is a remarkable achievement, and the infrastructure is genuinely world-class. What we’re seeing with fraud is a natural consequence of hypergrowth.” Mengle further noted that social engineering remains highly effective because it exploits human psychology rather than technical gaps.

Balancing security and scale

As fraud patterns evolve, fintech platforms and banks are increasingly deploying advanced technologies to strengthen security without compromising user experience. Siddharth Mehta, Co-founder of Kiwi, said, “Most fintech platforms are moving towards risk-based systems where transactions are assessed in real time using behavioural signals, device intelligence, and transaction patterns.”

Such systems enable low-risk transactions to be processed seamlessly while triggering additional verification in high-risk scenarios. This approach reflects a broader shift towards “invisible security,” where intervention is selective rather than uniform, allowing platforms to maintain the speed and simplicity associated with UPI.

Explaining the behavioural aspect, Saikrishna Musunuru, Director & CEO of Payinstacard, said, “Platforms monitor behavioural anomalies such as unusual transaction timing, new beneficiaries, high transaction values, or continuous transactions to either block or verify transactions before completion.”

At the same time, user awareness remains a central pillar of fraud prevention. Anand Kumar Bajaj, Founder, MD and CEO of PayNearby, said, “As UPI adoption has scaled, the focus has clearly shifted to user awareness along with system security. A large share of fraud today is driven by social engineering, which makes education at the user level critical.”

MUST READ: EPFO 3.0: Your PF may soon work like a bank account with ATM and UPI access

Regulatory push and systemic safeguards

Regulators have intensified efforts to address fraud risks through both technological and institutional interventions. According to parliamentary responses, the National Payments Corporation of India (NPCI) has implemented measures such as device binding, two-factor authentication, transaction limits, and AI/ML-based fraud monitoring solutions.

The Ministry of Home Affairs has also established the National Cybercrime Reporting Portal and helpline number 1930, enabling users to report fraud incidents and initiate recovery processes. These mechanisms are designed to improve response time and coordination across institutions.

On recovery mechanisms, Mengle noted that timely reporting remains critical. “If a financial fraud is reported promptly, the transaction is frozen before the scammer can move or withdraw the money, and the transaction is reversed,” he said.

Legal experts, however, point to structural challenges in dispute resolution. Advocate (Dr.) Prashant Mali, Cyber Law Expert at the Bombay High Court, said, “UPI moves money in 3 seconds; our laws still take 6 months to 9 years.” He highlighted the gap between transaction speed and legal processes, particularly in cases involving cross-state fraud and mule accounts.

Kshatrshal Raj, Advocate at the Supreme Court of India, outlined that immediate reporting through helpline 1930, notifying banks, and filing complaints on official portals remain critical steps for victims to limit losses and initiate recovery.

Implications for ecosystem and investors

The rise in UPI fraud reflects a broader transition of the platform from a payments rail to a foundational digital financial infrastructure. As UPI expands into adjacent areas such as credit, insurance, and embedded finance, the need for robust safeguards becomes increasingly critical.

The PwC study indicates that fraud risks exist across the entire transaction lifecycle, from onboarding to execution and post-transaction interactions. Human factors such as trust, awareness, and behavioural biases continue to play a significant role, limiting the effectiveness of purely technological solutions.

From an industry perspective, the increase in fraud is driving investments in cybersecurity, AI-based monitoring systems, and data analytics capabilities. At the same time, it is prompting closer collaboration between regulators, banks, fintech platforms, and law enforcement agencies.

Rising fraud volumes may lead to higher compliance costs and regulatory scrutiny, potentially impacting margins. However, it also creates opportunities for innovation in fraud prevention technologies and adjacent services.

UPI fraud remains small relative to transaction value but is rising in absolute terms with scale, underscoring the need for a multi-layered approach combining technology, regulation, and user awareness. Sustained growth will depend on trust, supported by stronger fraud prevention, improved dispute resolution, and continued user education.