Digital Payment Fraud: How does merchant fraud happen and what are the ways to avoid it?

Digital payments are benefiting both customers and businesses. They have given users access to banking on their mobile phones and brought transparency to payments. This is convenient for us, but also challenging in many ways. The country is setting new records for UPI transactions, but merchant fraud cases have increased in recent years. According to industry reports, digital payment scams are rapidly increasing, especially targeting small and medium-sized businesses (SMBs). Scammers are finding new ways to defraud merchants in online marketplaces, service outlets, and retail stores.

The growth of small and medium-sized businesses (SMBs) reflects the country's progress. However, they are also the most vulnerable to scammers. A single fraud incident can shatter a merchant's trust. It can lead to financial losses, operational disruptions, and in some cases, chargebacks and account freezes. This article will discuss the different types of merchant fraud in India and how merchants can protect themselves:

1. UPI and QR Code Scams
If you run a business, you must have heard about UPI and QR code scams. This is one of the most common fraud methods targeting small businesses in India. Merchants who have adopted UPI transactions are constantly worried about this type of fraud.

How this scam works
In this scam, fraudsters make phishing calls (voice phishing), paste fake QR codes over genuine ones, share them with merchants via WhatsApp/SMS or email, and show edited payment screenshots to deceive them. Often, this scam occurs during peak hours, when the merchant hands over the goods without receiving payment.

What are the red flags?
- Requests to "verify" or "reverse" a payment.
- Relying on screenshots.
- Using a digitally received QR code instead of scanning from the merchant's official standee.

How to avoid this scam
- The merchant should always verify the transaction through their bank or payment app. - You should wait for official confirmation before completing the sale.

2. Fake Orders, Friendly Fraud, and Chargebacks
Millions of merchants are connected to e-commerce and are delivering their products to every corner of the country. However, they face challenges such as fake orders and friendly fraud, which are causing them losses.

How this scam works
Customers dispute payments after receiving the goods. Sometimes this is done intentionally as friendly fraud, and sometimes organized groups place a large number of fake orders. In this, merchants lose the delivered goods, and they also have to bear the cost of refunds, chargeback fees, and the risk of penalties or strict scrutiny from payment gateways.

What are the red flags?
- Unusual order patterns.
- A sudden increase in orders from an unfamiliar or new area.
- Providing incorrect information in personal details.
- Repeated requests for fast shipping.

How to avoid this scam
- Obtain order/shipping confirmation with transaction details.
- Multi-factor authentication is essential.
- Have a clear refund policy and strong documentation for fraudulent claims and payment disputes.

3. Identity and KYC Fraud
Many frauds are committed in the name of KYC updates. Merchants who have adopted digital payments are troubled by this, where their identity and personal data are misused.

How this scam works
Fraudsters create fake merchant accounts using forged documents or stolen business credentials. These accounts often appear legitimate, leading to further fraud such as unauthorized withdrawals and fake refunds. Misuse of identity affects merchants' businesses, leading to regulatory investigations and operational disruptions. It can also cause serious damage to the business's reputation.

What are the red flags?
- Multiple merchants using the same phone number, email address, or physical address.
- Documents often appear forged, altered, or poorly scanned, and lack standard security features like watermarks.

How to avoid this scam?
- Conduct physical verification of the business owner during merchant onboarding.
- Identify and remove duplicate copies of data.
- Authenticate digital documents electronically through secure digital signatures. Trusted partners like PhonePe follow these standards.

4. Aadhaar Card Fraud
Aadhaar card fraud in India occurs because fraudsters exploit its data for fake identities. Common methods of this fraud include tricking users into sharing OTPs, creating copies of biometrics, and using stolen Aadhaar cards for fraudulent services.

How does this scam work?
Scammers exploit Aadhaar-linked documents through fake websites, vishing calls, phishing links, and SIM-swap attacks to steal sensitive information. Once the information is leaked, scammers can initiate unauthorized transactions, open fake accounts, or use them in shell companies for money laundering. Besides financial losses, merchants may face potential regulatory and legal proceedings.

What are the red flags?
Scammers, posing as bank officials or service providers, pressure individuals to immediately "verify" or "update" their Aadhaar card details.

How to avoid this scam?
- Conduct official-channel identity verification with API-based KYC.
- Live photo checks are the strongest defense against Aadhaar card-related fraud.

5. Invoice Scam
Invoice manipulation is a growing threat to small and medium-sized businesses. Scammers employ various methods to forge invoices, making them appear legitimate. How does this scam work?
Scammers pose as trusted vendors or executives and send fake invoices or provide updated bank details. In some cases, they change payment instructions. This threat can also come from within the business, as employees with billing access can manipulate invoices or divert funds for personal gain.

What are the red flags?
- Poor quality logos, unusual fonts, low-resolution templates, and typographical errors in invoices.
- Incorrect or suspicious GSTIN/tax ID, changed bank details.
- Round numbers, duplicate invoices, or unusual billing patterns.

How to avoid this scam?
- Before making any transaction, confirm the supplier's physical address, phone number, and tax identification.
- Use secure payment channels.
- Automated reconciliation tools can significantly reduce the losses a merchant incurs from invoice manipulation.

6. Phishing, Smishing, and Malware Attacks
These are among the most common online threats. In this type of scam, fraudsters exploit human psychology and communication channels (email, SMS, voice) to steal sensitive data. Due to digitization and the increasing number of mobile users, these types of scams are on the rise in India.

How does this scam work?
Scammers impersonate banks or payment platforms and send fake emails, messages, or smishing alerts to steal UPI PINs, login details, or device access. These messages often appear legitimate, disguised as urgent KYC updates or reward notifications. The messages may also direct merchants to malware-infected apps or websites. Once the credentials are exposed, scammers can gain access to payment dashboards and other critical business information.

What are the red flags?
- High-pressure demands for financial transfers or sensitive data.
- Messages designed to create panic, such as "Your account will be blocked in 2 hours."
- Communication was sent in an unusual tone. How to avoid this scam:
- Small business owners should be cautious of unsolicited messages.
- All requests should be verified.
- Never share any confidential information such as UPI PIN, CVV, or OTP, no matter how legitimate the message may seem.

Small and medium-sized businesses (SMBs) are crucial for India as they generate significant employment and contribute substantially to the country's GDP. Therefore, it is essential to provide them with maximum support to help their businesses grow. It is equally important to educate them about protecting themselves from scammers. Payment platforms like PhonePe provide in-app security alerts to inform merchants about new scam tactics. This platform never asks for sensitive information via calls or messages.

Disclaimer: This content has been sourced and edited from Dainik Jagran. While we have made modifications for clarity and presentation, the original content belongs to its respective authors and website. We do not claim ownership of the content.