Pay by app: The risks and rewards as Indians chuck cash, go digital

There are 238 digital payment apps to choose from if you still haven't downloaded one for your smartphone

In 2015, there were fewer than 40 digital money apps in India. Search in your phone’s app store now and you will find 238 options.
 

The growth in digital money and transaction platforms has been at lightning speed considering that it took India almost four decades to have 40 million credit card users. Digital wallets, like Paytm, Google Pay, or PhonePe, have managed to draw over 500 million users in one-tenth of that time. As India’s digital payments industry grows rapidly, users are reaping rewards but they would do well to guard themselves against risks too.
 

Demonetisation dream run
 

Prime Minister Narendra Modi on the night of November 8, 2016 scrapped Rs 1000 and Rs 500 currency notes in a bid to tackle black money and push people to use digital money. Demonetisation stunned the nation, but the next morning people woke up to full-page newspaper advertisements by Paytm, Freecharge and other digital wallet companies thanking Modi.

For 18 months after demonetisation, digital wallets grew rapidly: news reports then said Paytm had about 280 million registered users by November 2017 from 110-120 million a year ago. Paytm, Freecharge, MobiKwik, Oxigen, and other companies wanted the first movers' advantage and between them spent more a billion dollars to acquire new customers.
 

Companies kept up with massive advertisement campaigns explaining how digital wallets worked and put more than 100,000 executives on the ground throughout India to woo customers and merchants. That dream run ended, as all good things do, when people started using cash again. “They were the first ones to thank the PM. People still equate digitisation of cash to these mobile wallets. The moment cash came back they became just portals for deal seekers that too in metropolitans and bigger cities,” said an analyst with an international consultancy.
 

The disruptor
 

There are around 250-odd firms in India working on various digital payments solutions, but the unified payments interface (UPI) has overtaken them all. UPI, developed and managed by the banks-owned National Payments Corporation of India (NPCI), lets bank account holders to send or receive money electronically without entering their net banking user ID or password. Increasingly, banks are encouraging their customers to use UPI.

UPI had lukewarm success when it was launched in August 2016, a few months before demonetisation, but now it’s being called the “wallet killer”. It’s a well-deserved reputation considering the fact that in July 2019 as many as 822.29 million transactions worth Rs 1.46 lakh crore happened through UPI, which is used by 143 banks.
 

Wallet firms like Paytm and MobiKwik did not heed UPI at first, but eventually they all came on board. Today, UPI is a part of 87 payment apps, including Paytm Wallet, PhonePe, and Google Pay. WhatsApp Pay, the much-awaited chat-based payments platform, will be UPI-based too.
 

UPI users don’t have to know account numbers or IFSC codes for sending or receiving money instantly. They don’t have to put money in a mobile wallet from their bank accounts, but yet can make five transactions adding up to Rs 1 lakh daily.

Several bank accounts can be attached to the same virtual address in UPI. A cell phone thief trying to reset the password of UPI—the MPin—would need the debit card details of the device’s owner. No wonder then that digital payments companies are seeing a trend of more people directly using UPI to make payments.
 

“At Paytm, we offer flexibility to our users to choose any preferred mode of payment method, be it UPI, wallet, cards or net banking. There’s a large section of customers who still prefer the Paytm Wallet for their day-to-day payments. We are overwhelmed to witness an increase in users & the number of transactions,” said a company spokesperson.
 

The players

The RBI permitted in August recurring transactions of up to Rs 2,000 through credit and debit cards for e-wallets: a move that is likely to boost the use of wallets and payment apps. That means a renewed push from apps like Truecaller, the company that makes the popular call-identifying app and has 100 million daily active users (MAUs). Its UPI-based payment service has collaborated with redBus, the online bus ticket service, and plans to add a host of other services, from movie ticketing to bill payments.
 

Google Pay, introduced as Tez in 2017, has over 55 million MAUs and provides more than 100 services. While numbers for overall transactions are not available, some indicative data gives a fair idea of the popularity of these apps.

As of May, according to news reports, Google Pay saw over 240 million UPI transactions in the month, Walmart-owned PhonePe recorded around 230 million while Paytm recorded 200 million.
 

PhonePe, one of the oldest UPI payment apps, launched in August 2016 banks on its offline merchants to make payments through not just UPI, but also credit cards, debit cards, as well as external wallets.

As these older players woo customers, they have their eyes on for the launch of WhatsApp Pay. The Facebook-owned chatting app has more than 400 million users and industry observers say it could take away a lion’s share of online payments from established players.

There are also others like PayPal Mobile Cash, Mobikwik, payment and wallet apps launched by banks, which will likely get a big push from these recent developments.
 

The risks and rewards
 

There is a risk connected to using digital money: fraud.
 

According to M K Jain, Deputy Governor at Reserve Bank of India, while digital payments and newer technology have made payments and the financial landscape more convenient for customers, all this has come at a cost.
 

“However, we are simultaneously being exposed to innumerable known and unknown risks and uncertainties - cyber security breaches, phishing, frauds, data thefts and misuse, data privacy breaches, malware attacks, etc. While it is known that these risks exist, the garb in which they manifest, when and at what severity, is unknown. With convenience, there are new challenges for customers, entities and regulatory authorities," said Jain in June at the Annual Conference of Banking Ombudsmen.

One frequently reported fraud targets people, who don't use UPI and have listed products for sale on platforms like OLX or Quikr. Cheats say they will buy the products by transferring money through a payment app.

Cheats then send the person a collect-money request after making them download a payment app. In UPI-based apps, a person or entity that is to be paid money will send customers a collect request. Customers, who are unable to differentiate between someone requesting money or sending it, accept the collect request and money is deducted from their account.

A simple rule of thumb then, especially with UPI transactions, is to remember that for someone paying you money through an app, you do not need to enter your 6-digit UPI PIN.

App	Installs 2017	Installs 2018	% Growth	Installs 2Q18	Installs 2Q19	% Growth
Google Pay (Called Tez earlier)	32,680,000	77,740,000	138%	11,260,000	24,900,000	121%
Paytm	38,890,000	65,770,000	69%	19,320,000	13,970,000	-28%
PhonePe	28,100,000	48,470,000	72%	12,430,000	14,750,000	19%
BHIM	24,500,000	18,000,000	-27%	4,800,000	3,000,000	-38%
Data source: Sensor Tower

 

Familiar frauds, including posing as an employee of your bank and asking for a one-time password (OTP) for a debit card, are prevalent still. Banks do not ask for OTPs or other details, so consumers should shut down calls asking for private information.

PhonePe warns users against using third party apps such as Screenshare, Anydesk, Teamviewer, as criminals may use them to access device screens by pretending they will solve a technical problem or with a PhonePe transaction.
 

Once the user grants them permission to use screen sharing, the fraudster will easily get access to the user’s card number, CVV code and send an OTP for transferring funds into their own account through an SMS.
 

Often, people receive fake SMSes saying they have won a freebie, and to call a given number for details, or that their KYC has been updated and they should click on a link given in the SMS to avail it. Payment apps have warned customers against falling for such offers, because the links and numbers given in such SMSes expose customers to fraud.
 

Another thing to be careful about is not to put your phone number in public message, like when complaining about a service on Twitter.