How safe is the Unified Payments Interface? Fraudsters cheat Bank of Maharashtra to the tune of Rs.1.42 crore


The government’s push towards a digital society has made payments faster and simpler, with the Unified Payments’ Interface (UPI) expected to bring more Indians in the fray. While the move is being lauded as a masterstroke, fraudsters have found a way to cheat banks by using simple hacking techniques. In a recent incident highlighted by The Indian Express, Bank of Maharashtra (BoM) reported a loss of Rs.1.42 crore through the app.

Questions are being raised over the safety of digital wallets and other online payment avenues, with a number of cheating cases coming to the fore.

According to the report, BoM has filed a complaint against twenty-two residents of Bhayandar in Maharashtra. These individuals hacked the central server of BoM to make 142 transfers in the period between December 26, 2016 and January 18, 2017. The accused transferred a sum of Rs.1 lakh in each instance.

UPI, developed by the National Payments Corporation of India (NPCI) enables individuals to make payments using just the mobile phone number of a person. A bug in the system enabled these fraudsters to transfer the sum by adding customers of Bank of Maharashtra as beneficiaries before linking the account to their mobile number. Hacked accounts were linked to duplicate sim cards, post which money was transferred seamlessly.

Experts have raised questions about the safety of such apps, with private companies spending millions to enhance safety of their digital wallets. This isn’t the first time Bank of Maharashtra lost money in a similar manner, having previously lost a sum of Rs.6.14 crore in Pune.

Officials at NPCI, however, stated that the app was safe and secure, with continuous updates made to enhance safety of the system.


Please enter your comment!
Please enter your name here