International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 13 Issue: 06 | Jun 2026
www.irjet.net
p-ISSN: 2395-0072
Cybersecurity Risks in UPI Ecosystems: Fraud Mechanisms, User Vulnerabilities Ms. Manasi Kalgutkar1, Mr. Himanshu Sharma2, Dr. Shiv Kumar Goel Associate Professor / H.O.D.3 Department of Computer Applications (MCA) Vivekanand Education Society's Institute of Technology (VESIT), Chembur, Mumbai ------------------------------------------------------------------------***----------------------------------------------------------------------In this paper, the UPI fraud is treated as a socio-technical Abstract - The Unified Payments Interface (UPI) has problem in terms of cybersecurity. A combination of literature review findings and the survey results of 50 respondents is used to investigate fraud mechanisms' exploitation of user vulnerabilities, user perceptions of cyber risks, and the limitations of current security measures.
emerged as one of the most important parts of India’s digital payments eco-system in terms of providing instant, cheap and inter-operable payments. However, while there has been tremendous growth in adoption of UPI, there have also been increasing instances of cyber fraud, such as phishing, fake payment links, QR code manipulation, scams using KYC norms, misuse of AutoPay service, etc. This paper will look at security threats to UPI eco-systems, focusing in particular on how frauds leverage user vulnerabilities. For research purposes, a mixed method approach consisting of literature review and descriptive survey of 50 people is used. A total of 30% of respondents stated that they were very much aware about cybersecurity threats, while 36% were unaware of the PIN safety rule of UPI, and 38% of respondents were unaware of the QR code threat. Moreover, 30% of the respondents stated that either they themselves or those known to them had been victims of fraud from UPI. Also, respondents stated that fraud was mainly caused due to poor security, carelessness while transacting, and social engineering.
2. LITERATURE REVIEW UPI cybersecurity literature can be classified according to four main topics: adoption, fraud typologies, user vulnerability, and fraud detection. The first set of papers provides an overview of UPI adoption in India. It describes UPI as a revolutionary technology in the country's digital payments system. High-speed, accessibility, interoperability, and user-friendly interface have significantly promoted the transition to cashless economies. On the other hand, excessive use reduces user's attention to security warnings and transaction verification, increasing vulnerability to fraud [1], [4].
Key words - UPI, cybersecurity, digital payments, fraud detection, social engineering, user awareness
Another group of articles presents typical types of UPI frauds: phishing/vishing, fake collection request, app cloning, QR-code manipulation, Know Your Customer scam, subscription/AutoPay fraud, and false customer-care interaction [2]-[5]. In general, all of them represent frauds based on deception. Attackers exploit urgency, trust, fear, and official-looking communication to convince users to verify transactions by themselves [2], [5].
1. INTRODUCTION The evolution of financial transactions in India has been aided significantly by digital payments, and among these, UPI is perhaps the most important. A product of NPCI, UPI facilitates real-time fund transfer services using mobile applications. It is widely adopted for peer-to-peer payments, merchant payments, bill payments, and recurring payments. Past studies cite convenience, interoperability, low transaction costs, and integration of banking/FinTech applications as the driving forces behind its fast adoption [1], [4].
A third group analyzes the behavioral and sociodemographic vulnerability. Previous works reveal that fraud exposure is determined by digital literacy, user confidence, education, age, and transaction habits [3], [4]. Overconfidence and inexperience increase the risk: some users confirm requests instantly, and some cannot recognize unusual prompts. The awareness-behavior gap is another important factor: some users know basic safety regulations but do not follow them in practice [3], [4].
However, the increasing use of UPI increases the potential exposure to cyber frauds as well. The previous literature on the topic identifies phishing attacks, vishing, spoofing of payments, cloned apps, QR-code attacks, KYC scams, misuse of AutoPay, and unauthorized access as some of the most common threats to users [2]-[5]. While such issues don't generally arise due to vulnerabilities of the underlying payment system, these vulnerabilities occur at the level of the user, their devices, and applications [3], [4].
© 2026, IRJET
|
Impact Factor value: 8.315
Finally, the last set of papers analyzes security controls and fraud detection. Available protection methods consist of encryption, device binding, PIN authentication, blacklisting, and rule-based monitoring [4]. While these mechanisms remain valuable, recent papers claim that they become
|
ISO 9001:2008 Certified Journal
| Page 1045