NEW DELHI: Amid rising instances of fraud using the Unified Payment Interface (UPI) platform, the Reserve Bank of India has cautioned all banks and payment system operators about a new modus operandi allegedly used by scammers to target customer phones.
In an alert dated February 14, the cyber security and IT examination cell of the central bank said that a mobile application called ‘AnyDesk’ was allegedly being used by fraudsters to access data on mobile devices. Once the app is installed on customer phones, it seeks permission to access controls of the phone, like all other applications.
“An app code (nine-digit number) would be generated and once the fraudster inserts this code, he would ask the victim to grant permission. Post this, the fraudster will get full access to the victim’s device,” the circular read. The app then allegedly proceeds to steal confidential data on the phone to carry out fraudulent transactions via other payments apps.
In its alert, the RBI said that it had sent out a similar advisory on January 10. Officials say the circular was originally issued by National Payments Commission of India (NPCI) to ensure that genuine makers of payments applications put some controls on the kind of data they access on customer phones. Data on the NPCI website shows that between April 2018 and January 2019, the UPI platform saw 388 crore transactions worth over Rs 6.4 lakh crore.