New Delhi: India’s fast-growing digital payments ecosystem has made transactions seamless and near-instant, but the same speed is now enabling cybercriminals to execute fraud in “real time.” Latest data and expert insights point to a troubling shift—money is being siphoned off within minutes of a transaction, often routed through multiple accounts before detection systems can respond. The evolving pattern has raised serious concerns about the resilience of Digital India’s security architecture.
UPI Speed, Criminal Greed: Fraudsters Strike Before Systems Can Blink
Over the past decade, India’s digital payments ecosystem has expanded nearly 38-fold. Platforms like UPI have democratised access to payments, making transfers effortless for millions. However, this rapid growth has been accompanied by an explosion in fraud cases. From 2.6 lakh reported incidents in 2021, the number surged to nearly 28 lakh by 2025, involving losses of ₹22,931 crore. The figures underline not just a rise in volume, but a transformation in the scale and sophistication of cyber fraud.
Banking data further highlights the severity of the threat. In FY25, bank fraud losses climbed to ₹36,014 crore—almost three times the previous year. Interestingly, while the number of cases declined, the financial impact per case increased significantly. Experts interpret this as a strategic shift by cybercriminals, who are now focusing on fewer but higher-value, well-orchestrated scams instead of small, repetitive frauds.
FCRF Returns With CDPO, Its Premier Data Protection Certification for Privacy Professionals
Fake Faces, Real Money: Synthetic Identities Fuel the Next Wave of Scams
Investigations suggest that cybercrime is no longer the work of isolated individuals but organised networks operating across platforms. Millions of account takeover attempts have been recorded across banks and fintech systems, with a significant number succeeding. Additionally, over 1.1 million suspected mule accounts—used to channel stolen money—have been identified. Once funds enter these accounts, they are rapidly dispersed across multiple layers, making tracing and recovery extremely difficult within a short time frame.
The methods of cyber fraud have also evolved dramatically. What was once limited to phishing calls, OTP scams, or malicious links has now expanded into a full-fledged “fraud-as-a-service” ecosystem. Ready-made scam tools, stolen personal data, fake KYC documents, and automated scripts are widely available, lowering the barrier to entry. This means even individuals with limited technical expertise can now execute complex financial frauds.
Mule Accounts and AI Tricks Turn Cyber Fraud into an Assembly Line Crime
At the centre of this evolving threat is the growing use of synthetic identities—fabricated profiles created by combining real and fake information to pass verification checks. These identities initially behave like legitimate users, building trust before being used for large-scale fraud. In digital lending, this trend is visible in “loan stacking,” where fraudsters secure multiple loans across platforms within minutes and disappear before detection mechanisms can respond.
Artificial intelligence has further intensified the risk. AI-driven tools can now generate highly convincing voice calls, messages, and documents, making it increasingly difficult for users to distinguish between genuine and fraudulent interactions. In many cases, victims realise they have been scammed only after funds have already been transferred.
Despite the rapid expansion of digital infrastructure, fraud detection systems are struggling to keep pace. Most financial institutions continue to rely on reactive models, identifying suspicious activity only after transactions are completed. With platforms like UPI processing billions of transactions every month, the window for intervention has narrowed significantly.
Banks Are Chasing Shadows as High-Value Scams Get Sharper and Faster
Experts suggest that introducing brief delays in high-value transactions could act as a critical safeguard. Even a short pause could provide systems with the time needed to detect anomalies and prevent fraudulent transfers. Estimates indicate that losses worth up to ₹1,120 crore could have been avoided with more effective use of existing detection technologies.
Commenting on the issue, renowned cybercrime expert and former IPS officer Prof. Triveni Singh said,
“Cyber fraud today has evolved into a networked threat. Criminals are simultaneously exploiting speed, technology, and systemic gaps. Without real-time monitoring and stronger security frameworks, it will be difficult to contain this growing menace.”
Experts also caution that the current figures may significantly understate the true scale of the problem. Many cases go unreported, while some losses are absorbed by platforms. Cross-border cybercrime networks further complicate tracking and enforcement efforts, and fragmented data across institutions hampers a unified response.
As India’s digital economy continues to scale, the challenge is no longer just about enabling faster payments, but ensuring they are secure. The focus must now shift from post-fraud response to proactive prevention—stopping fraud before it happens, rather than reacting after the damage is done.
