2 weeks ago
14
To address the growing threat of digital payment fraud in India, both public and private sector banks are collaborating to build the Digital Payment Intelligence Platform (DPIP), a part of the country’s Digital Public Infrastructure (DPI), under the guidance of the Reserve Bank of India (RBI). Given the urgency of the matter for the federal government and the RBI, the platform is reportedly expected to go live in the coming months.
The Reserve Bank Innovation Hub (RBIH) has been tasked with developing a prototype of the platform in coordination with 5 to 10 banks. This initiative will utilize cutting-edge technologies, including artificial intelligence (AI) and machine learning, to tackle fraud in the payment ecosystem.
The effort follows just days after the RBI’s annual report for FY2024–25 revealed a sharp rise in digital payment frauds, with 13,516 cases accounting for 56.5% of all reported banking frauds. However, frauds reported in a year could have occurred several years prior to the year of reporting.
“As digital payments continue to rise, the Reserve Bank’s commitment to enhancing security, customer protection and fraud prevention will remain key priorities in 2025-26. The Digital Payments Intelligence Platform is being planned, which will leverage advanced technologies to curb payment related frauds,” the RBI said in its latest annual report.
Once launched, DPIP will aggregate data from multiple channels to detect risks and combat digital fraud. Real-time information sharing will allow financial institutions to act quickly against emerging threats, thus ensuring safer digital transactions.
This new platform will be designed to improve fraud risk management by enabling the real-time exchange and analysis of intelligence, allowing banks to detect and stop fraudulent transactions more effectively. The institutional setup of DPIP will involve contributions from a wide range of banks, recognizing that fraud is a shared concern across the financial sector.
By incorporating AI-driven analytics and fostering instantaneous fraud intelligence sharing among banks, DPIP aims to detect abnormal behavior and suspicious activities early. This collaborative and technology-driven approach underscores India’s commitment to securing its digital finance landscape, helping rebuild public trust, and strengthening the nation’s position as a leader in safe digital transactions.
The initiative comes after the RBI’s annual report highlighted a sharp rise in banking fraud, with reported amounts nearly tripling to ₹36,014 crore (about $4.1 million) in FY25. Most incidents by volume occurred in the digital payment space (cards and internet), while the highest value frauds were reported in the lending (advances) segment. Digital payment frauds were the most frequent in private sector banks, while public sector banks saw the bulk of frauds in loan-related transactions.
“Frauds have occurred predominantly in the category of digital payments (card/internet) in terms of number and primarily in the loan portfolio (advances) in terms of value. While card/internet frauds contributed maximum to the number of frauds reported by private sector banks, frauds in public sector banks were mainly in loan portfolios,” RBI said in its annual report.
Digital payment frauds surge despite RBI measures
Despite RBI’s proactive measures—including the adoption of cutting-edge technologies and initiatives such as MuleHunter.AI aimed at identifying fraudulent accounts—digital payment fraud continues to rise at an alarming rate. While valuable, these sophisticated tools are struggling to keep pace with the evolving tactics cybercriminals use. As digital transactions grow in scale and complexity, fraudsters find new ways to exploit system loopholes, often targeting less regulated areas of the financial ecosystem.
“Digital payment frauds in India are surging due to sophisticated fraud techniques, such as AI-driven deepfakes and phishing, outpacing detection tools like [RBI’s] MuleHunter.AI,” Sharat Chandra, founder of EmpowerEdge Ventures and a startup enabler, told CoinGeek.
“The rapid growth of UPI transactions (₹200 trillion / $2.34 trillion) creates a vast attack surface, overwhelming systems. Many users lack financial literacy, falling for scams like fake QR codes or one-time-password sharing. Regulatory gaps, including delays in enforcing the Digital Personal Data Protection Act, and legal barriers to sharing fraudster data hinder prevention,” Chandra pointed out.
Chandra noted that the lack of cohesive collaboration between banks, fintech companies, and regulators creates gaps that fraudsters can exploit, particularly through loosely regulated platforms such as over-the-top (OTT) services. The situation worsens when financial institutions focus more on rapid growth than on strengthening security measures. Chandra said that the key challenges include maintaining a seamless user experience while implementing strong security protocols, staying ahead of constantly evolving fraud techniques, and enabling real-time data sharing among all stakeholders. Continuous public education and stricter regulatory oversight are essential to combat fraud.
“The success of DPIP depends on seamless coordination among banks, fintechs, and other stakeholders. Past efforts to create shared databases have been stalled by legal and commercial issues, and similar challenges could delay or limit DPIP’s effectiveness,” Chandra added.
1 in 5 UPI user families hit by fraud
India’s Unified Payments Interface (UPI), a real-time payment system that supports peer-to-peer and merchant transactions, has seen explosive growth in recent years.
RBI’s latest annual report states, “During 2024-25, total digital payments recorded growth of 34.8% and 17.9% in volume and value terms, respectively. Moreover, the success of UPI placed India in a leadership position with a share of 48.5% in global real-time payments by volume.”
However, a recent survey reportedly reveals that one in five households with a UPI user has faced fraud at least once in the past three years. This revelation comes amid a sharp rise in UPI transactions, which reached 185.8 billion in FY2024–25—a 41.7% jump from the previous year, now comprising 83.4% of India’s total digital payment volume.
Alarmingly, 51% of fraud victims did not report the incident to any authority—not the police, their bank, the UPI service provider, or regulatory bodies such as the National Payments Corporation of India (NPCI) or the RBI. This lack of reporting points to significant underrepresentation in official fraud data, suggesting that actual cases may be far higher.
The survey, which collected over 32,000 responses from UPI users, also found that fraudsters are taking advantage of the rapid uptake of digital payments through a wide range of deceptive methods.
Regulators fight back
In response to the growing threat of digital payment fraud, the RBI, the National Payments Corporation of India (NPCI), and the Government of India have introduced a series of strategic initiatives to strengthen the security of the digital financial ecosystem.
To enhance user trust and tackle phishing attempts, dedicated and secure domain extensions such as “.bank.in” and “.fin.in” are being rolled out. These exclusive domains are intended for authorized financial institutions, providing users with a trusted online environment and reducing the risk of impersonation or spoofed websites.
In December 2024, the RBI introduced MuleHunter.AI, an advanced AI/ML-based tool specifically designed to identify and track mule accounts—bank accounts used as conduits for laundering money or conducting unauthorized transactions.
On the public-facing side, the government has established the National Cybercrime Reporting Portal, along with a dedicated helpline number, 1930, to make it easier for individuals to report cases of digital fraud or suspicious activity. This initiative aims to improve fraud reporting rates and ensure victims have quick access to support and redressal mechanisms.
NPCI—the central body responsible for overseeing retail payments and settlement systems in India—and the Institute for Development and Research in Banking Technology (IDRBT) have entered into an agreement to jointly enhance cybersecurity and resilience within India’s digital payments infrastructure.
Under this collaboration, both organizations will design and deliver specialized training programs aimed at technology and cybersecurity professionals working in the banking and digital payment sectors. These programs will address critical topics, including cybersecurity best practices, operational resilience, and data privacy, ensuring that professionals are equipped to meet evolving digital threats.
“Strengthening cyber resilience is not just about technology, but also about people and preparedness. Our partnership with IDRBT will enable structured capacity building across the ecosystem through training, certifications and sharing threat intelligence. This collaboration reinforces NPCI’s commitment to proactive risk management and elevating security standards across digital payments,” said Dilip Asbe, MD and CEO of NPCI.
A key outcome of the partnership will be creating a dedicated NPCI-certified payment security certification program tailored to current industry challenges and in line with regulatory expectations. This initiative aims to standardize and elevate security expertise across the payments ecosystem.
Additionally, IDRBT will provide its advanced threat intelligence service to NPCI and its partners. This will enable real-time sharing of threat data, helping institutions within the NPCI network proactively defend against cyber threats and strengthen the overall security posture of the digital payments landscape.
Together, these efforts represent a multi-pronged approach to securing India’s digital payments landscape, combining technology, regulatory oversight, and public engagement to mitigate fraud and protect users.
Watch: ‘Disruptive’ blockchain can be useful for India
English (US) · 