A privately developed App was used to find a loophole in payment systems to siphon off crores, before it was found.
The first UPI related fraud
[ ##thumbs-o-up## Share Testimonial here - make our day!] [ ##certificate## Volunteer for Bodhi Booster portal]
- UPI fraud - really? State-owned Bank of Maharashtra (BoM) lost Rs.25 crore in one of the biggest Unified Payments Interface (UPI) frauds so far. Few miscreants allegedly used the UPI app and took advantage of a minor bug and moved money illegally from the accounts of the bank’s customers which did not even have requisite balance.
- An App is all it took! Bank of Maharashtra’s UPI app is developed by Mumbai-based Infrasoft Technologies. The same company has provided UPI app to three other banks including Bank of India.
- What is UPI? UPI or Unified Payment Interface is an electronic funds transfer instrument that enables all bank account holders to send and receive money from their smartphones without the need to enter bank account information or net banking user id/ password. This requires only the recipient’s mobile number or Virtual Payment Address (VPA). There is no restriction of holiday or working hours.
- National Payments Corporation of India (NPCI) : It developed the BHIM (Bharat Interface for Money) mobile app, based on the Unified Payment Interface (UPI) to facilitate e-payments directly through banks as a part of demonetization and drive towards cashless transactions.
- The Process : National Payments Corporation of India (NPCI) is the clearing agency for the online transactions under UPI. In the above fraud, the UPI app used by Bank of Maha. sent two messages to NPCI, one as ‘success’ and the other as ‘error: insufficient funds’. However, in these fraudulent transactions, NPCI read only the first message and cleared the transactions. As a result, Bank of Maha’s pool account with the RBI was deducted about 672 times over a period of 48 days.
- RBI warnings unheeded? This fraud is exactly the kind expected, in the rush to join the digital platform bandwagon, about which the RBI had earlier warned. In January 2017, RBI Deputy-Governor Shri S.S. Mundra had warned banks to have a robust defence mechanism against cyber crimes, which banks seem to have ignored or left entirely to the vendors.
- BHIM : On March 20, NPCI issued a statement saying that there was no vulnerability or loophole in the Bharat Interface for Money (BHIM) app or UPI system. NPCI had done intensive testing, robust design of security controls and continuous monitoring of its UPI infrastructure. Presently, 44 banks are on UPI and it would not be possible for NPCI to accommodate more banks.
- You can read more on Aadhar here, and on RBI related issues here
- A huge data breach : Earlier in 2016, Indian banking system suffered its largest data breach involving 3.2 million debit cards. The learning from these frauds is that banks need to ensure robust security mechanism and build capabilities to detect cyber attacks early and respond to them quickly. Recovery of the lost money is another aspect which needs to be well thought out.
- Do check out exams-focussed Confidence Booster series of learning resources, here!
- Some images for data and facts are presented below, for your reference.
Amazing Courses - Online and Classroom
Useful resources for you
[Newsletter ##newspaper-o##] [Bodhi Shiksha channel ##play-circle-o##] [FB ##facebook##] [हिंदी बोधि ##leaf##] [Sameeksha live ##graduation-cap##] [Shrutis ##fa-headphones##] [Quizzes ##question-circle##] [Bodhi Revision ##book##]
COMMENTS