Never Enter a PIN to Receive Money
This is the golden rule of UPI safety. Your UPI PIN is only required for one action: sending money from your account. [10] Scammers often exploit this by sending a payment request and tricking you into believing you need to enter your PIN to receive a refund
or prize. [4] If anyone tells you to enter your PIN to get paid, it is a scam. Legitimate transactions where you receive money require no PIN entry on your part. [2, 4]
Verify Recipient Details Before Every Payment
Before you hit 'Pay', always double-check the recipient's name that appears on your UPI app. [10, 13] Fraudsters often create fake UPI IDs that look very similar to legitimate business or personal IDs. [5, 15] A quick verification ensures your money is going to the intended person or merchant. [13] If the name doesn't match or looks suspicious, do not proceed with the transaction. [16] This simple habit can prevent costly mistakes and fraud.
Beware of Unsolicited QR Codes and Links
Treat QR codes from unknown sources with extreme caution. [11] Scammers can send you malicious QR codes that, when scanned, can lead to unauthorised transactions. [6] Remember, you only need to scan a QR code to *pay* money, not to *receive* it. [10] Similarly, avoid clicking on suspicious links sent via SMS, email, or social media that ask for your UPI details. [4, 6] These phishing attempts are designed to steal your credentials by directing you to fake websites. [3]
Use a Strong Screen Lock and App Lock
Your first line of defence is your smartphone itself. Always use a strong screen lock, be it a PIN, pattern, or biometric authentication like a fingerprint or Face ID. [13] This prevents anyone who gets physical access to your phone from opening your UPI apps. [5] For an added layer of security, use the app lock feature available within your UPI app or on your phone to protect payment apps specifically. [12]
Never Share Your PIN or OTP
Treat your 4 or 6-digit UPI PIN like you would your ATM PIN—it is secret and should never be shared with anyone, not even someone claiming to be a bank representative or customer support agent. [1, 5, 9] Banks and official UPI apps will never call or message you to ask for your PIN or One-Time Passwords (OTPs). [4] Any unsolicited request for this information is a red flag for fraud. [3]
Download Official Apps Only
Only download UPI-enabled apps from official sources like the Google Play Store or Apple App Store. [3, 17] Fraudsters create fake, malicious apps that mimic popular payment platforms to steal your financial data. [8] Before downloading, always check the developer's name, user reviews, and the number of downloads to verify the app's authenticity. [2, 22]
Regularly Monitor Transaction History
Make it a habit to regularly review your UPI transaction history and bank statements. [1, 12] This allows you to quickly spot any unauthorised transactions you don't recognise. [22] Many apps now have spam filters that flag suspicious requests, but staying vigilant yourself is crucial. [2] If you see any activity that seems wrong, report it immediately to your bank and through the cybercrime reporting portal. [3, 25]
