Cybersecurity experts have warned of a growing UPI chargeback fraud in which fraudsters complete genuine payments, collect goods, and later reclaim the money through payment disputes. The FCRF urges merchants to verify transactions and preserve digital evidence.

Before You Trust a UPI Payment, Read This: New Chargeback Fraud Targets Merchants

The420.in Staff
5 Min Read

A new cyber threat is rapidly emerging for small businesses and merchants using Unified Payments Interface (UPI) and other digital payment systems. Cyber criminals are increasingly exploiting the chargeback mechanism to target merchants. In this modus operandi, fraudsters first make legitimate payments to gain the merchant’s trust, receive goods or services, and later raise payment disputes to reclaim the money through chargeback processes. Experts warn that while consumer awareness around cyber fraud has improved, many small merchants still lack sufficient understanding of such evolving payment-related frauds, making them vulnerable to significant financial losses.

Industry assessments suggest that merchant-targeted payment frauds differ significantly from conventional cyber scams. Unlike direct theft, criminals exploit gaps in dispute resolution systems, payment verification processes, and record-keeping practices. With the rapid expansion of digital payments in India, small shop owners, restaurants, service providers, and online sellers are increasingly becoming primary targets of organized cyber fraud networks.

FCRF Launches Certified AI-Powered SOC Analyst Program to Train the Next Generation of Cyber Defence Professionals

According to available data, over 2.9 million cyber fraud cases were reported in India in 2025. Financial losses from digital fraud have also surged sharply—from approximately ₹551 crore in 2021 to nearly ₹22,931 crore in 2025. Experts believe a substantial portion of these losses has been borne by small and medium enterprises that adopted digital payment systems rapidly without implementing equally strong security and verification mechanisms.

Cybersecurity experts explain that in chargeback fraud, criminals first complete genuine transactions through UPI or other digital modes to establish credibility. After receiving goods or services, they approach banks or payment service providers claiming the transaction was unauthorized or disputed. If the chargeback request is approved, the payment is reversed, resulting in a direct financial loss for the merchant despite successful delivery of goods or services.

Unlike individual banking customers, merchants do not receive the same level of regulatory protection in payment dispute cases. Consumer protection frameworks are primarily designed to safeguard customers from unauthorized transactions. As a result, merchants must independently maintain strong documentation, transaction records, and supporting evidence for every sale.

The Reserve Bank of India (RBI) has introduced several measures over the years to strengthen digital payment security. However, experts emphasize that merchants themselves must reinforce their internal systems, as fraudulent disputes can pose serious financial and operational risks.

According to the Future Crime Research Foundation, cyber criminals are increasingly shifting away from hacking bank accounts and instead exploiting weaknesses in digital payment dispute systems. The foundation notes that fraudsters first build trust through legitimate transactions and later misuse chargeback mechanisms to recover funds after taking delivery of goods or services. It advises merchants to preserve invoices, CCTV footage, delivery receipts, transaction IDs, and customer communication records, as these pieces of digital and documentary evidence are crucial during dispute resolution and investigations.

Renowned cyber crime expert and former IPS officer Prof. Triveni Singh stated that with the expansion of digital payment systems, criminals are continuously evolving their tactics. He noted that chargeback fraud is particularly dangerous because offenders initially behave like genuine customers before exploiting dispute mechanisms later.

He advised merchants not to rely solely on screenshots, SMS alerts, or payment confirmations shared by customers. Instead, every transaction should be verified directly through official banking applications or authorized payment service provider platforms. He also stressed the importance of maintaining complete digital and documentary evidence to substantiate claims in case of disputes.

The Future Crime Research Foundation further recommended that merchants regularly reconcile payment records, verify customers in high-value transactions, train staff on emerging cyber threats, and immediately report suspicious activities to banks and relevant authorities.

Experts conclude that awareness, robust documentation, real-time verification, and timely reporting remain the most effective safeguards against the growing threat of UPI chargeback fraud in India’s expanding digital payment ecosystem.

Stay Connected