New Delhi: India recorded digital payment frauds worth ₹805 crore through the Unified Payments Interface (UPI) till November of the current financial year (FY26), involving more than 10.64 lakh incidents, the government informed Parliament on Monday. While the loss figure remains below the previous two fiscals, officials acknowledged that the steady rise in UPI usage continues to widen the attack surface for cybercriminals.
The data, tabled in the Lok Sabha by Union Minister of State for Finance Pankaj Chaudhary, offers a snapshot of the growing tension at the heart of India’s digital payments success story: unprecedented scale paired with persistent vulnerabilities.
Fraud Trends Mirror the Growth of Digital Payments
According to government data, UPI-related frauds stood at ₹981 crore in FY 2024–25, involving 12.64 lakh cases, while FY 2023–24 recorded losses of ₹1,087 crore across 13.42 lakh incidents. The upward trajectory marks a sharp contrast with FY 2021–22, when fraud losses were limited to ₹242 crore, rising to ₹573 crore in FY 2022–23.
Officials attribute the trend not to system failure but to scale. “With increasing digital payment transactions in the country, incidences of fraudulent practices, including UPI frauds, have also gone up in the last few years,” Chaudhary told the House.
India’s UPI ecosystem has expanded rapidly, with transaction volumes touching 20.47 billion in November alone, reflecting a 32% year-on-year growth, while transaction value rose 22% to ₹26.32 lakh crore, according to NPCI data.
Government and RBI Push Safeguards—but Gaps Persist
To contain fraud risks, the government said it has implemented a layered security framework in coordination with the Reserve Bank of India (RBI) and the National Payments Corporation of India (NPCI).
These measures include:
-
Device binding between a user’s mobile number and handset
-
Two-factor authentication via UPI PIN
-
Daily transaction limits and use-case restrictions
-
AI/ML-driven fraud monitoring systems deployed by NPCI across banks
Despite these safeguards, cyber experts warn that social engineering, phishing links, fake customer-care calls, and remote access scams continue to bypass technical controls by exploiting human trust rather than system flaws.
Awareness Drives and Reporting Tools Expanded
The government has also highlighted public-facing interventions aimed at faster detection and response. Citizens can report cyber and financial frauds through the National Cybercrime Reporting Portal and the 1930 helpline, operated by the Ministry of Home Affairs.
Additionally, the Department of Telecommunications (DoT) has rolled out the Digital Intelligence Platform (DIP) and the ‘Chakshu’ facility, enabling users to flag suspicious calls, SMS messages, and WhatsApp communications linked to fraud attempts.
Banks and regulators, officials said, are running continuous awareness campaigns through SMS alerts, radio outreach, and public advisories—though consumer groups argue that education has not kept pace with the sophistication of scams.
A System Under Strain as Scale Accelerates
While UPI remains one of the world’s most successful real-time payment systems, the fraud figures underline a critical policy challenge: how to protect first-time and low-literacy users in a hyper-digital economy.
As transaction volumes climb, enforcement agencies face mounting pressure to improve real-time interdiction, accountability of intermediaries, and faster victim redress—before trust becomes collateral damage in India’s digital payments revolution.
