Outrunning digital frauds
Fraud moves fast, so must we
 "Outrunning digital frauds")
The phone rings. The caller sounds professional. He knows your name, your bank, and just enough details to make you listen. “Sir, your account will be blocked today, update KYC urgently.” Or a “digital arrest” over a video call: “Madam, your account is under investigation. Do not disconnect.” You are pushed to “provide” personal details or “verify” your identity by transferring money to a “safe account”. Very quickly, your life savings are gone, and the caller vanishes. Variations of such stories play out every day, across income groups and geographies.
India’s digital payment system is a public good
UPI, or Unified Payments Interface, alone now handles well over 200 billion transactions annually. Yet the same convenience-driven scale that makes payments fast and affordable also gives fraudsters a large hunting ground.
The “weak link” the fraudster exploits is the few seconds when a person is forced to act quickly, deceived into sharing a credential, or convinced to install an app. The fraudster creates urgency, fakes authority, and makes the victim act first and think later.
Fraud is now organised, specialised & scalable
Criminals use call scripts, spoofed identities, remote access tools, and social engineering to industrialise deception.
Many of the fastest-growing fraud cases fall under what global supervisors call “authorised push payment” scams: Victims initiate the payment themselves, believing it to be genuine. Once money moves, it is routed through mule accounts, layered across multiple transactions, and cashed out quickly. It then becomes a race against time.
Spot the risk early
India’s response, therefore, is evolving from “catch the thief” to “stop the flow now”. The most practical intervention in a fast-payment world is early detection and containment before funds are moved out. In practice, this is about winning the first hour.
Banks are accordingly tightening their transaction monitoring architecture; alerts now travel quickly and, where necessary, additional layers of confirmation are activated to protect customers. Much of this work is invisible to customers, but it prevents several fraud attempts every day.
However, interruption, important as it is, can only be the second line of defence. The first line is to reduce the number of fraud opportunities in the ecosystem.
Not just a ‘customer awareness’ issue
Awareness helps, but it is rarely decisive when a caller uses rehearsed scripts, spoofed identities, and has a well-oiled cash-out chain. A more durable approach is to make common fraud pathways harder to execute, while ensuring suspicious transactions are interrupted before they settle.
Impersonation is where many scams start. If customers cannot reliably distinguish an authentic banking touchpoint from an imitation, the fight is lost at the first step. This is where initiatives such as migrating to exclusive banking domains matter.
Smart authentication
India has long relied on two-factor authentication as a core safety feature. But fraudsters have adapted by targeting the second factor itself, through SIM swaps, malware, and remote access tools, among others. Therefore, what is needed is not just “more” authentication, but “smarter” authentication.
Where the transaction is routine and the signals are clean, the experience should remain smooth. Where signals are abnormal, a stepped-up check is justified. The underlying aim is to spot anomalous behaviour at the point of initiation. This is where risk-based controls do their quiet work, preventing a risky or unusual transaction from going through.
Choke the fraud where it thrives
Fraud thrives in the exit routes. The front end of the scam may be a persuasive caller, but the back end is a network of mule accounts that can receive funds, split and move them rapidly across institutions before any one entity can see the full picture. If mule accounts remain easy to create or rent, and operate, the fraud economy stays efficient.
Therefore, mule-account detection is now a core control, including the Reserve Bank Innovation Hub’s MuleHunter.AI, which helps banks flag likely mule accounts early using behavioural and transaction-patterns.
Yet artificial intelligence (AI) can only amplify the basics, not replace them. Strong know-your-customer/ anti-money laundering checks and “ongoing due diligence” with regular monitoring vis-à-vis the “on record profile” of the customer is essential to choke the supply of mule accounts.
A contest between speed and safeguards
In digital fraud, when one route is blocked, another is tested, so the response has to be continuous and coordinated across the ecosystem. Policy steps such as clearer liability norms, stronger cyber resilience standards, safer web identity signals like “bank.in”, and modernised authentication are gradually tightening the net.
Greed does no good
“Investment scams” promising unrealistic returns account for a large share of losses in digital fraud. They simply repackage old Ponzi and chit-fund tricks in a digital wrapper; the promise of easy, big money is often the bait.
Step back and look up
The RBI requires a beneficiary name look-up feature across major payment channels, enabling remitters to verify the beneficiary’s name before initiating a transfer. Customers should use it as a quick cross-check; if the displayed name does not match the person or entity you intend to pay, that is a clear red flag.
Fraud thrives when it can rush you. The most effective personal defence is to slow the interaction and move to a channel you control.
No legitimate agency needs you to stay on a call while transferring money. No genuine refund requires you to “approve” a debit or “pay” a random third party. If a message or caller triggers anxiety or urgency, that is the moment to pause, end the conversation, and verify independently through official channels and apps. If something does go wrong, report it to law enforcement immediately — the first hour is golden.
In digital fraud, time is not just money; it is the difference between containment and contagion. And in the world of instant payments, a brief pause or an extra verification step can be a small price to pay for safety and prudence.
The author is Deputy Governor, Reserve Bank of India. Views are personal