7 UPI Fraud Tricks That Target Shop Owners — And How to Avoid Them

India processed over ₹20 lakh crore in digital payments in 2025. With UPI becoming the default way to pay at shops, fraudsters have adapted too. They no longer need to pickpocket cash — they just need you to look away from your phone for 10 seconds.

As a shop owner, you are a prime target. You are busy, distracted, handling multiple customers at once, and often take payments on trust. Here are the 7 most common UPI fraud tricks targeting merchants right now, with real examples and practical ways to protect yourself.

1. The Fake Payment Screenshot

How it works

The customer shows you their phone screen with what looks like a successful UPI payment. The screen shows the right amount, your name or UPI ID, a green checkmark, and a transaction ID. But it is a fake — created using screenshot editing apps freely available on the Play Store, or even just a saved image from a previous real transaction with the amount edited.

Real example

A vegetable vendor in Pune lost ₹15,000 over two weeks because a "regular customer" showed fake Google Pay screenshots every day. The vendor never checked his bank balance because the screenshots looked perfect.

How to protect yourself

• Never rely on the customer's phone screen. Always confirm from YOUR end — check your UPI app, bank SMS, or use a payment alert app that reads your actual bank notifications.
• A voice alert system that reads your bank SMS or notification in real time makes fake screenshots useless — if you did not hear the announcement, the money did not arrive.
• Check your bank balance at the end of each day as a final verification.

2. QR Code Tampering

How it works

The fraudster visits your shop when you are not looking and sticks their own QR code over yours. Now every customer who scans your QR code is actually paying the fraudster. You do not notice because you are busy and customers keep telling you "payment done."

Real example

In 2024, a tea stall owner in Delhi discovered that someone had pasted a transparent sticker with a different QR code over his PhonePe QR. He lost approximately ₹8,000 in three days before a customer pointed out that the UPI ID on the payment confirmation did not match the shop name.

How to protect yourself

• Laminate your QR code so stickers cannot be pasted over it easily.
• Check your QR code physically every morning. Look for stickers, overlays, or any change.
• Use a payment alert app — if you hear "Payment received" for every real payment, you will immediately notice when a customer says "paid" but you hear nothing.
• Ask customers to verify the name shown on their UPI app matches your shop name before confirming.

3. The Collect Request Scam

How it works

Instead of sending you money, the fraudster sends a collect request (money request) to your UPI ID. You receive a notification that looks similar to a payment notification. In a rush, you approve the request — and money goes FROM your account TO theirs. Some scammers even call you pretending to be from "UPI support" and ask you to approve the request to "verify your account."

Real example

A mobile shop owner in Hyderabad received a call from someone claiming to be from Google Pay support. They sent a collect request for ₹2,000 and told him to "approve to receive a refund." He approved and lost the money instantly.

How to protect yourself

• Remember this rule: You NEVER need to approve anything to RECEIVE money. If someone asks you to approve, enter PIN, or click "Pay" to receive money, it is a scam.
• Read every notification carefully before tapping. "Collect request" and "Payment received" look different if you read the actual text.
• No bank, UPI app, or payment company will ever call you and ask you to approve a collect request.

4. OTP Theft via Phone Call

How it works

The fraudster calls pretending to be from your bank, UPI app, or even a government office. They create urgency: "Your account will be blocked," "Your KYC is expiring," or "There is a suspicious transaction on your account." They ask for your OTP or UPI PIN to "verify" or "secure" your account. Once you share it, they drain your account.

Real example

A kirana store owner in Lucknow received a call from someone claiming his SBI account would be frozen due to KYC expiry. He shared his OTP over the phone and lost ₹45,000 within minutes.

How to protect yourself

• Never share OTP or UPI PIN with anyone — not even someone claiming to be from your bank. Banks will never ask for these over the phone.
• If you receive a suspicious call, hang up and call your bank's official customer care number directly.
• Use apps that detect and separately manage OTPs, so you are more conscious about where OTPs are being entered.

5. The Fake "Cashback" Transaction

How it works

The customer "accidentally" sends you a small amount — say ₹1 — and then shows you a screen that says they sent ₹5,000 and claims the rest will come as "cashback" or in a "second instalment." They rush you, saying "just give me the goods, the rest is processing." You hand over ₹5,000 worth of goods for ₹1.

Real example

An electronics shop owner in Bangalore had a customer who sent ₹10 and showed an edited screenshot claiming ₹25,000 was "being processed." The customer took a Bluetooth speaker and left. The remaining ₹24,990 never arrived.

How to protect yourself

• Wait for the full amount before handing over goods. There is no "cashback" or "second instalment" in UPI — payments are instant and complete.
• A voice alert that announces the exact amount received makes this scam impossible to pull off. If the alert says "Ten rupees received," you know exactly what arrived.

6. Phishing Links in SMS

How it works

You receive an SMS that looks like it is from your bank or UPI app. It says something like "Your UPI ID has been selected for ₹10,000 cashback. Click here to claim." The link takes you to a fake website that looks exactly like your bank's login page. You enter your credentials, and the fraudster now has your login details.

Real example

A salon owner in Chennai clicked on a link claiming to be from ICICI Bank about a "mandatory UPI update." The fake site asked for his net banking password and OTP. He lost ₹1.2 lakh from his business account.

How to protect yourself

• Never click links in SMS messages claiming to be from your bank. Banks send alerts, not clickable links for "cashback" or "updates."
• Always type your bank's URL directly in the browser or use the official app.
• If unsure, visit your nearest bank branch or call their official helpline.

7. The Customer Overpayment Scam

How it works

The customer pays you ₹5,000 for a ₹500 bill and immediately asks for ₹4,500 back in cash, claiming it was a "mistake." You check your phone, see the notification, and return the cash. Later, the original ₹5,000 payment is reversed — either because it was from a stolen account (the bank reverses it) or the customer filed a complaint claiming "unauthorized transaction."

Real example

A grocery store in Jaipur had a customer pay ₹10,000 for a ₹800 bill and ask for ₹9,200 in cash back. The shop owner returned the cash. Two days later, the bank reversed the ₹10,000 payment as "unauthorized," and the shop owner lost ₹9,200.

How to protect yourself

• Never return overpayments in cash. Ask the customer to initiate a new UPI payment for the correct amount, and you will refund the original via UPI.
• If a customer insists on overpaying and getting cash back, treat it as a red flag.
• Keep a record of all transactions. Apps with CSV export and transaction logs help if you ever need to dispute with your bank.

The Common Thread: Verify From Your Side

Apps like DigiSoundBox use on-device intelligence to detect and flag suspicious patterns, but even a basic habit of waiting for YOUR notification before handing over goods will protect you from 90% of these scams.

For more information on how voice alerts work, visit our How It Works page. If you have questions, check the FAQ.