New ray of hope in UPI system


- UPI is likely to undergo significant changes related to safety

- In a country like India, it is not like giving the facility of rupee transactions to billions of people.

- The UPI system itself is safe, but if the people themselves are oblivious or the crooks prove to be smarter, fraud occurs.

- Efforts are now being made to avoid human errors, which will hopefully make the system safer.

Well, authorities in France, Sri Lanka and Mauritius are also starting to like the Unified Payments Interface (UPI) for money transactions. This system is certainly revolutionary, hence its use in India is steadily increasing. But now, after long usage of UPI, many people are afraid to use it, so many people are afraid to stay away from it till now.

Because cyber money fraud related to UPI is continuously increasing in the country!

In fact, the UPI system itself is secure. Fraud that occurs is not caused by 'hacking' this system. If we ourselves become careless, hurry or make a mistake, there is a possibility of losing money.

Fortunately, efforts are being made to strengthen even the weak links in UPI's strong chain. Not all of what we talk about below is yet to be implemented, everything is just 'under consideration', but these steps are promising to make this convenient system even safer.


- Four hours gap in first payment

Unified Payment Interface (UPI) has made payments very convenient. In it, money is transferred directly between two bank accounts with the blink of an eye. But this is also the biggest problem with UPI - the blink of an eye, the flick of a finger, the quick transaction of rupees.

Fraudsters take full advantage of this biggest and, according to many, most dangerous aspect of UPI. This is why now when we have to send money to someone through UPI, our fingers are left with hesitation in our mind - are we sending the money to the right person?

In this way, when we send money through UPI to anyone, when we enter the mobile number or UPI ID, the UPI app system verifies it, but this verification is only about whether a bank account is actually connected with that mobile number or UPI ID. If not, and if so, in what name?

Based on such verification, it cannot be decided whether the person we are sending money to the mobile number or UPI ID is the right person or a fraud of some online fraud gang.

Mostly people who commit UPI fraud send their number, UPI ID or QR code, engage their victim in phone conversation and make payment to them while the victim is unaware. Then by the time the victim realizes that he has sent the money to the wrong person, it is too late. The amount may have already been transferred to the fraudster's bank account and may have been diverted from there.

Now, the system that manages the UPI system is in the process of making a major change regarding UPI payments. Accordingly, for the first time between two accounts, when transferring more than a fixed amount through UPI, instead of transferring the amount instantly, the amount will be transferred after an interval of up to four hours. During that time, the sender can withdraw the amount back to his account if he wants. In this way, the amount of fraud is expected to decrease.

But with the facility of refund within four hours, a concern also arises. What if the customer withdraws the amount within four hours after making a UPI payment for the first time at a grocery store? Care should be taken in this rule so that this does not happen. That is why its implementation is being delayed. First of all, with the rule that the amount is not transferred instantly at the time of transaction, but after an interval of four hours, UPI fraud can be expected to reduce a lot.


- National Database of Dangerous Contacts, IDs

Another important initiative is being taken to reduce fraud related to UPI. It has been revealed that the Union Home Ministry is preparing a huge database of various mobile numbers and UPI IDs involved in UPI fraud.

This is not a new thing. Whenever a victim of cyber fraud calls the helpline number, lodges a complaint on the national portal or contacts the local police station or cyber cell to file a fraud complaint, he has to provide a number of information that will help in the investigation.

From which number was the request for payment received, was any UPI ID or QR code provided? Call log of the conversation with the fraudster and social media such as WhatsApp, Facebook, if there is contact and conversation on it, screenshots should be found and included in the complaint. All these details are stored in the database of the cyber cell.

These details help police and other organizations in investigating cyber fraud and combating cyber fraud.

Now the new thing is that all of us will get direct benefit from this database.

A department called 'Integrated Cyber ​​Crime Coordination Center (IFORC)' under the Ministry of Home Affairs is likely to make the database of mobile numbers and UPI IDs involved in cyber fraud available to the average user besides the police.

This database will also include URLs of websites involved in cyber fraud, WhatsApp/Telegram contacts, email IDs etc. It is proposed to make this database accessible to the average person through the website of the IFORCE department and to verify whether any contact number, UPI ID, website URL, email address etc. details belong to the right person and whether all these are involved in any cyber fraud. .

This idea is good but it is also prone to misuse. It could also happen that the details of an innocent person are fed into this database just to implicate them. However, according to the officials working in this direction, care is being taken to prevent this from happening.

Contact numbers or UPI IDs or email addresses that are mentioned in more than one case, not on the basis of single complaints, will be marked as dangerous. In addition, if an innocent person notices that his details are being displayed in this database as dangerous, he can request their removal. It is also to be noted that only the details registered in police complaint and still pending police investigation will not be included in this database.

It is estimated that an average of five thousand cyber fraud complaints are registered in India every day. States like Gujarat, Haryana, Telangana, Uttarakhand and Goa are registering the highest number of cyber fraud complaints. Keeping in mind that a database prepared based on such complaints can benefit even the average user and a facility where we can easily determine whether a contact number or UPI ID is dangerous or not based on its details can certainly be useful.

However, the word 'easily' is very important here. Also, such content numbers or UPI IDs need to be deactivated directly instead of being marked as 'risky'. Let's hope that the Ministry of Home Affairs will also pay attention to these matters.


- Be prepared, new ways of bank verification are coming

Two-step-verification is not new to all of us. When we want to login to any online account, we give our username and password, then a one-time password (OTP) will be sent as a message to the mobile number we have given in that service. After we give it to that service, login can be done successfully.

Actually there are many different methods for such two-step-verification. OTP in SMS is only one of them. Like the mobile number we have given in that service, no OTP but only a 'prompt'. That is, we are asked Are you trying to login? After we say yes, we can login to that service. Another way is to use an authentication app.

After installing such an app in one's phone, we can connect the service that facilitates two-step-verification with the authenticator app through this method. After that, whenever you want to login to that service, after providing the username and password, open the authenticator app in your mobile and register an automatically generated OTP in it at fixed intervals, then you can login to that service. Such OTP generated at fixed intervals is called 'Time Based OTP'.

Earlier two-step-verification was done only with SMS based OTP. But over time, tech companies realized that OTPs in SMS can be intercepted and misused.

Now look at the curvature! While various tech companies of the world started providing two-step-verification facility for their services, at least initially through SMS, most of our banks were working with only username and password to login to netbanking! After that, most of the banks in India gradually adopted the two-step-verification method, but they still use SMS-based OTP. As a pleasant exception, some banks offer the facility to complete two-step-verification by saying yes to the prompt in their mobile app.

Apart from logging in to netbanking, when we do any online transaction, verification is done by the bank only through SMS based OTP.

This method is now very old. However, now the Reserve Bank of India (RBI) has realized that apart from username and password, two-step-verification for account login and SMS-based OTP for authenticating online transactions are now many ways. Because of this, the RBI Governor said last week that a framework for authentication other than SMS-based OTP is being prepared for various banks in India to verify digital payments.

This means that in the near future we will be able to use Time Based One Time Password or some other more secure method instead of the old SMS based OTP method to make online transactions more secure. Of course the Reserve Bank has not yet given any concrete details for this change. We will start getting the benefits once the various banks get fixed guidelines for this from the Reserve Bank. At that time, be ready to understand the new methods and use them!

Comments

Popular posts from this blog

The lines written by the left, are now decreasing!

Darkness will be the enemy of Chandrayaan! How the lander and rover on the moon will work at night, this time is the most challenging

Heart rate was 110 beats per minute before Neil Armstrong set foot on the moon.

NGT orders report on health impact of microplastics in human blood

ISRO launches 'Navik' satellite, will keep an eye on enemies with enhanced security

A major change in the method of syncing contacts in smartphones

Facebook launches dating app to find a partner, find out what's special about it

400 howitzer guns will be bought for Indian Army, know the strength of Made in India guns

For the first time in the history of medical science, an HIV patient recovered automatically

BharatOS for the people of India, of the people of India, by the people of India!