Baghpat, Uttar Pradesh – Police have arrested two men for orchestrating a pervasive fraud that targeted petrol pumps across multiple states. The scheme involved replacing legitimate payment QR codes with fake ones linked to the account of the fraudsters. As customers paid for fuel — often unaware — their money diverted silently to the impostors.
The sting was uncovered at Rana Filling Station in Doaghat on September 23, when the pump owner noticed that payments were missing despite recorded fuel dispensation. A complaint led the local cyber cell to mount an operation, which captured the act on CCTV and traced the fraudulent QR codes.
FCRF Launches CCLP Program to Train India’s Next Generation of Cyber Law Practitioners
The Architects: From Fast-Food to Cybercrime
The accused, Rinku Kumar (from Bathinda, Punjab) and Vipin (from Fatehpur, Uttar Pradesh), reportedly began as fast-food operators. After incurring losses, they turned to digital fraud.
In investigating their network, police found that the pair had planted fake QR codes in petrol pumps and other public locations across a span of states — Uttar Pradesh, Haryana, Punjab, Uttarakhand and Himachal Pradesh. Numerous counterfeit scanning devices were seized to facilitate the quick replacement of codes.
Modus Operandi and Vulnerabilities
According to police, the perpetrators would strike during late hours, remove the genuine QR sticker and replace it swiftly, creating minimal visual disturbance. The spoofed QR led payments directly into the fraudsters’ bank account, even as fuel delivery proceeded as usual.
Complaints to India’s national cybercrime portal from Muzaffarnagar, Saharanpur and other districts suggest this method was not isolated to Baghpat but replicated elsewhere. The operation’s stealth lay in combining a mundane, everyday interface (QR payment) with targeted substitution — a low-noise infiltration.
What It Exposes: Trust, Technology, and Oversight
This case underscores a brittle trust in digital payment mechanics. QR codes—a visual icon of convenience—became a vector for fraud. Users expect that the code they scan corresponds to the correct payee; here, that assumption was weaponized.
It also raises questions of oversight. How often do such swaps go unnoticed? Do surveillance and audit systems at retail and fuel outlets include periodic QR code verification? And how effectively do cyber cells coordinate across districts when fraud is cross-jurisdictional?
Law enforcement sees this arrest as only the opening act. The challenge ahead will be tracing flows of money, mapping networks, and restoring a shaken faith in the digital rails that underpin even the simplest transactions.
