[//HB]

Quote:

Originally Posted by wheelguy

With the Fastags linked with bank accounts, all the payments directly get deducted from the linked account balance.

I really had no idea you can link a Fastag to your bank account for an auto-refill ! Though initially i was keen to get that sort of feature, in hindsight now it's better avoided.

seeing the below quoted post from RedTerrano tough, it appears that atleast Axis Bank for one does have this feature!

Quote:

Originally Posted by RedTerrano

Unbelievably, only AXIS (from what I could gather after a quick google search) is offering the linking + auto debit facility.

Attachment 1959415

Source

Quote:

Originally Posted by RedTerrano

The caller told me to send the OTP to a different number and I did accordingly.

Sadly, no matter what precautions one may have built in at the technology layer, crooks succeed in scams by these "social engineering" tricks. This makes elders especially vulnerable.

Quote:

Originally Posted by GTO

A fool and his money parted, is all that I can say.

Sadly elders / other less tech-savvy people can get scammed off, and I do see elders shying away from using cards / online payments for this reason. What makes matters worse is ZERO protection from regulators (RBI) or the banks themselves.

[opendro]

Quote:

Originally Posted by wheelguy

[*]As Fastags are usually linked with bank accounts, all the payments directly get deducted from the linked account balance. Users also have the option to create a NHAI Prepaid wallet, recharge it and connect it with the Fastag for payments.Also, you can also recharge your Fastag using UPI via MyFastag app.[/list]Source: ET Auto

The news look fake. You cannot do an UPI transaction without the SIM card inside the phone. Even if I setup the entire UPI based app using my SIM on a phone, the moment I remove the SIM, the app will fail to do any UPI txn. The question of sharing the OTP does not even arise as the step to generate OTP itself will not be reached.

[arzala]

I am a Product guy so I also partially blame OTP message generator products/services for poorly designed OTP messages. OTP message should always have all necessary information about why OTP is being generated like Merchant info, Whether purchase or Money transfer, Who is receiver, Amount being deducted etc. Along with help of telecom provider such messages should always be highlighted in red/pink being considered as highly sensitive. Because once people start reading message properly, then they would stop themselves being victims of such frauds.


For those who use UPI etc. always create UPI with text like "teambhp@upi" etc. and not like your linked mobile number like "9898012345@upi" because mobile number UPI are easily guessed and discoverable and if they are discoverable then there are high chance that you would be receiving such call which tries to cunningly extract UPI/PIN/Password from you.

[chandu]

I have always been reluctant to link my bank account with any product what so ever, in my opinion this is very dangerous as any security issue and they can clean out your primary account.
I had avoided getting a fastag for this reason all this time, till I gave up last month and got one linked to my Paytm wallet. But then i have not linked my Paytm to my bank account and only put money into it using my credit card and only to the amount I need right then.
I just cannot understand why they don't allow a credit card to be linked to a fastag so that we have some safety.
There are far too many instances of fraud via UPI and google pay. If I have to pay someone, its either Paytm or via my Axis bank app direct to the recipients bank account.
Just my 2 cents.

cheers..

[saisree]

Quote:

Originally Posted by adi.mariner

I maintain only the bare minimum amount required in my bank account linked to UPI because I am still not sure about the security.

UPI's are secure. There is no way one can steal your money using your UPI unless you authorised it.

Quote:

Originally Posted by GTO

Heck, I don't even keep a debit card in this country full of scams & frauds. Just credit cards for me. if someone has to steal my card number from a swiping machine (example), they better be stealing the issuing bank's money, not mine

Quote:

Originally Posted by gungax

I don’t use UPI and Debit cards are used only at ATMs. I strictly use credit cards which I have insured.

You are still liable to pay that money until the bank is satisfied/proved that the transaction is a fraudulent transaction on your credit card. Debit card is more secure.

Quote:

Originally Posted by RedTerrano

IMO a debit card is more safer than a credit card (agree on the part about bank's money though)
Every debit card transaction has to have a PIN/OTP.

Working for a Financial Services company and specially on the Electronic Funds Transfers, I can vouch for the security UPI's give. None of the UPI providers including BHIM, knows your account no, IFSC codes and the branch its held in full. Transfer happens to a virtual ID (xxxxx@upi) and these payments interfaces doesn't know the source and the destination account of a money transfer.

There is no use in blaming the technology when one can't handle the secured aspects of the system as defined by the Financial Institutions.

Request you all to go through this link to know more about how UPI works.

As a matter of fact, Google states "UPI was thoughtfully planned and critical aspects of its designs led to its success." and it has asked the US Federal Reserve to implement a system similar to our own UPI. Source

Quote:

Originally Posted by gungax

Banks should educate users on good practices for cashless transactions.

Agreed. Quoting self from the same thread

Quote:

80's kids might remember the Puliraja campaign for educating the mass on AIDS. It worked well. We need such campaings to educate our people.

[adneeraj]

It is foolish to part with your OTP.
I feel no sympathy towards people who are willing to share these things at a snap of a finger. Foolishness finds its fate is all that I can say.

I use HDFC Fastag. It uses its own wallet system. Although it is cumbersome to refill the wallet when you're down on the balance, it is a much wiser thing to do.
Why to give access to the entire amount in the bank account to a third party? This is like letting PayTM access all your bank account funds automatically to top up when the PayTM balance goes below a certain amount. Why would someone want to do that!?

[Turbo Head]

IMHO UPI itself is the biggest fraud and lacuna in Indian banking system.

I once installed Google Pay to check, how it works and immediately uninstalled when its started asking for sensitive information about my bank account. Later on met with a friend who is head of cyber crimes in my city and was shocked to know everyday hundreds of complaints are filed in the police station regarding the frauds on Google Pay and UPI.

Best way IMO is using any 3rd party wallet e.g. PayTM, Airtel etc, get their Fastags and use them, Also maintain only limited amount in 3rd party wallets, So even if its compromised the damage is minimal, unlike UPI where it is directly connected with your bank account and every penny can be siphoned off your account.

[veyron_head]

Quote:

Originally Posted by GTO

A fool and his money parted, is all that I can say.

Right said! Such scams exist because fools exist. I cant even sympathize with these people who share their OTP in spite of the bank sending daily warnings against. Reminds me of a friend several years ago who called euphorically to inform he has got a job in Scotland. Apparently he got the job after filling a really long form (he was proud!). No other interview process.

[RedTerrano]

Quote:

Originally Posted by Turbo Head

IMHO UPI itself is the biggest fraud and lacuna in Indian banking system.

I once installed Google Pay to check, how it works and immediately uninstalled when its started asking for sensitive information about my bank account.

Beg to difffer.
I have been successfully using BHIM (official UPI app) since its launch.
Problems faced: Zero
Whatever permission/info you need to share to activate it, the government already has it.

For those who are interested, here is the android app link
https://play.google.com/store/apps/d...piapp&hl=en_IN

[saisree]

Quote:

Originally Posted by Turbo Head

IMHO UPI itself is the biggest fraud and lacuna in Indian banking system.
I once installed Google Pay to check, how it works and immediately uninstalled when its started asking for sensitive information about my bank account. Later on met with a friend who is head of cyber crimes in my city and was shocked to know everyday hundreds of complaints are filed in the police station regarding the frauds on Google Pay and UPI.

Hi Turbo Head, the only information it asks you is the Bank's Name and the Mobile No. Not the A/C details. It fetches the A/C No from the NPCI systems and what you see is a masked A/C No <Bank Name - last four digits>. If you haven't set any UPI Pin in the banks website, you will be asked to set up a new pin by entering the last 6 digits and the valid through month/year of your debit card.

Don't know where did you enter your sensitive information here. Recommend you to try once again

[binand]

Quote:

Originally Posted by Turbo Head

IMHO UPI itself is the biggest fraud and lacuna in Indian banking system.

Well of course you are entitled to your opinion, but I'm curious what makes you say this. What lacunae have you discovered in UPI, which results in it being the "biggest fraud"?

[Turbo Head]

Quote:

Originally Posted by binand

Well of course you are entitled to your opinion, but I'm curious what makes you say this. What lacunae have you discovered in UPI, which results in it being the "biggest fraud"?

Glad to share my concerns, I may be wrong but would love to be corrected.

So, as per my understanding you give 3rd party permission to access your bank account, So the basic protocols (e.g user name, password etc) are bye-passed and Google Pay/other UPIs can withdraw any amount without your knowledge/permission by just an OTP (which can be obtained through various phishing methods).

Whereas in case of other wallets (where UPI is not compulsory), only the amount in the wallet is at risk (even by phishing) and your bank account is safe.

Similar in case of Credit Card, you can raise the dispute and claim the amount from the bank.

However in case of UPI, bank clearly denies any and every responsibility of the money stolen and you can't claim it from Google etc. Only thing left is give complaints to cops/banks and write mails to Google/UPI etc.
As mentioned the source of information is top cop in cyber crime, who is a friend and handles hundreds of similar cases on everyday basis.

[gungax]

Quote:

Originally Posted by saisree

You are still liable to pay that money until the bank is satisfied/proved that the transaction is a fraudulent transaction on your credit card. Debit card is more secure.

My Experience in UK has been different. Only a small fees was taken as investigation charges but the transaction was void prior to the next billing date.
Debit card still gives you access to a "Bank Account". A senior of mine lost 10 LAKH rupees! I know people with crores just sitting in their ordinary saving accounts!
With a credit card, your exposure is restricted to the limit on the card. Also the points on my credit cards have got me some really sweet deals!

[ninjatalli]

Quote:

Originally Posted by Turbo Head

Glad to share my concerns, I may be wrong but would love to be corrected.

So, as per my understanding you give 3rd party permission to access your bank account, So the basic protocols (e.g user name, password etc) are bye-passed and Google Pay/other UPIs can withdraw any amount without your knowledge/permission by just an OTP (which can be obtained through various phishing methods).

Quote:

As mentioned the source of information is top cop in cyber crime, who is a friend and handles hundreds of similar cases on everyday basis.

That's not absolutely correct!

Partial information at your end - every transaction requires a PIN/password that you have set with your bank for the UPI transaction. So even though we have allowed the 3rd party client application (GPay/PhonePe/etc) to withdraw an amount of maximum 10,000 INR; there's still another level of security check that is done for every transaction, irrespective of the client you use.

It's similar to doing a transaction via credit or debit card at a POS - we still need to enter a PIN on the POS machine. If one is that distrustful about UPI, I guess s/he should be vary of using a card at POS terminal too. Yes, credit cards (only - debit cards don't have that) do take ownership of the liability but that doesn't mean fraud transactions don't happen with card transactions.

As for the hundreds of cases seen by your cyber crime friend, it's also unfortunately the dubious means used by so many (read up on experiences of selling on OLA) to leverage the 'Receive' option instead of 'Pay' option that UPI allows - people have to be aware of the exact transaction they are doing.

Wrt to the OTP sharing scenarios, it's basically as stupid as sharing your username and password to online banking to a stranger. As long as we have people stupid enough to make basic level of mistakes, there will be fraud cases always.

Every payment channel goes through the acceptance curve. Less than a decade ago, we had thousands of cases of fraud transactions happening on our credit (and debit) cards; we still have it happening these days, but the 2-factor authentication has reduced the same by a good margin (atleast in India - still not implemented in many parts of the world).

Similarly UPI will undergo changes - currently UPI 2.0 is focused more on overdraft facility and related aspects. Going ahead we could even potentially see 2-factor authentication enabled for UPI transaction too. This could be done from the 3rd party client too. Also as the usage becomes more household across the mass public (like using a card at an ATM), such cases will go down.

[Vipin Kumar]

Quote:

Originally Posted by vishwasvr

I'd linked my Paytm wallet to 3 FASTag for 3 of our cars just over a month ago and I've been charged 90 bucks twice (FASTag linked to my Polo GT TSI) from a certain 'Guduru' toll ( I don't even know where that is) and I am sure as hell I haven't even gone out of Bangalore in my Polo!
I simply emptied my wallet to prevent further damage.
Paytm's support system doesn't help either. Tried raising a complaint but to no avail.
Planning to get FASTag from ICICI as a bunch of my friends said they've not faced any hassles!

I have been using FASTag from ICICI. For over ten months now. It has an inbuilt wallet and periodically it has been doing the cashback crediting too. It is very unproblematic so far. And, I haven't linked any of my bank accounts with it. It is not required at all.

It is also the right thing NOT to keep much money even in that wallet. You never know when you cross some toll plaza without your own knowledge and will!

So, I recharge my account just before I start, and that too, only that approximate amount.

Once in a toll booth in MP, between Sagar and Narsinghpur, a toll guy told me that the toll amount was not deducted and that I had to pay cash in the cash line. In fact, when I had approached the FASTag lane, they redirected me to one of the cash lanes and made me pay in cash. But a little while after leaving the toll, I received message that showed FASTag deduction. I spoke to them on the number provided on the toll receipt and they assured me of refunds within 48 hours, which hasn't come even after 7 months anyway.

But yes, (a) no linking with bank accounts and (b) no keeping much money in the wallet either. These could be the safety measures.