ACI Fraud Management in the cloud: Protecting against threat of UPI payments fraud

ACI Worldwide announced ACI Fraud Management in the cloud enables Indian banks to protect the rapidly growing number of Unified Payments Interface (UPI) transactions across the region.

ACI Fraud Management, delivered via the cloud, offers greater scalability at significantly lowered costs. It can be deployed without changes to a bank’s existing UPI solution, and can approve or decline transactions based on consumer behavior, counteract SMS spoofing and blacklist fraudulent accounts.

Banks benefit from custom-defined workflows and scoring methods, centralized auditing and automated case updates, helping make fraud management simpler, more flexible and cost-effective. The solution alerts account holders to potential fraud events, enabling them to easily confirm or deny transactions.

“A supportive regulatory environment, coupled with ever-increasing smartphone usage, internet access and customer acceptance, has powered rapid UPI transaction growth. However, surging transaction volumes pose a complex challenge to banks and financial institutions when it comes to upgrading and maintaining their back-end risk management systems,” said Kaushik Roy, vice president and country leader – South Asia, ACI Worldwide.

“Our multi-layered approach to fraud management for UPI delivers key SaaS benefits—faster time to value and scalability in a secure and cost-effective environment. Additionally, it leverages cloud automation to enable non-technical users to test, change, deploy and scale new rules and machine learning models to match existing and emerging fraud trends within minutes.”

UPI clocked record monthly transactions in October for the seventh consecutive month, with 2.07 billion transactions totalling more than Rs 3.86 lakh crore in value. With the COVID-19 pandemic acting as a catalyst for further contactless and digital payments adoption, many new internet users and merchants are embracing UPI payments.

Consequently, cybercriminals are seeking to exploit potential vulnerabilities, targeting users with fake UPI IDs, links, handles, phishing scams and remote screen monitoring tools. Several banks have issued advisories on their social media platforms warning customers and encouraging “safe banking” practices.

“The immediacy of real-time transactions reduces the time available to detect fraud and the recoverability of funds when fraud does slip through the net,” said Damon Madden, principal fraud analyst, ACI Worldwide.

“With ACI’s expertise in delivering best-in-class fraud management to financial institutions globally, we are proud to be among the first technology providers to offer this unique value proposition to the Indian market—safeguarding banks’ customers as the country pursues its vision of a cashless economy.”

UPI has accelerated the process of financial inclusion in India. While the platform has already experienced exponential growth for P2P and low-value payments, it is expected that in the coming years its success will be replicated with higher-value payments.

ACI’s solution for UPI accelerates fraud detection at authorization to protect real-time payments. It was developed as a response to increasing pressure on financial institutions to adapt quickly, maximize operational efficiencies and protect their bottom lines.

Social engineering fraud is on the rise for all digital payment methods, and UPI is no exception. Consumers should follow these tips to prevent falling prey to common UPI fraud:

  • Do not share sensitive data or information pertaining to money transfers/refunds on social media or any third-party apps. Fraudsters track social media accounts and can approach the user under the guise of providing assistance.
  • Counterfeit UPI apps do appear across app stores. Users should verify the name, developer, registered website and email address of an app before installing it on their mobile phone.
  • Users should be mindful that a genuine transaction that requires them to enter their PIN is for sending money. Receiving money does not require a PIN. A payment request from someone you don’t know or cannot immediately identify should be declined.
  • If you notice any suspicious activity, notify the police or visit your bank branch.
  • Stay alert and never share one-time passwords (OTP) or UPI IDs. Banks usually don’t ask for personal information on SMS, so if you receive a text asking about your financial information, it is generally a red flag.
More about

Don't miss