Cyber-Security in UPI Payments

Abstract

Abstract: Unified Payments Interface (UPI) is an innovative online banking system. Made inIndia has reached the peak of popularity ina short time wingspan. Growth in UPI alsoleads to higher data frequencies violate. Social engineering attacks are India's biggest security risk encountered duringconfinement (lockdown). Users of the Unified Payment Interface are Cyber criminals are easily enticed. These fraudsare not due to default in the UPI systems or interfaces, but are tactics to deceive customers. By the way of phishing, vishing, or smishing. Social engineering attack techniques are planned to exploit users by utilizing significant UPI features such as "Collect Request", " Virtual Private Address, " or" QR Code. " Reverse-engineering the UPI protocol through seven well-known UPI apps, this paper employs a principled methodology toconduct a thorough security analysis of theprotocol. We find previously unreported design-levelflaws in the UPI 1.0 specification's multi- factor authentication that, when coupled with an installed attacker-controlled application, can result in serious attacks. Even if a victim had never used a UPI app, the flaws in the attack's extreme version might have allowed a victim's bank account to be linked and emptied. Scalable and remotely executable attacks were possible. Most users blindly follow the instructions received through SMS or phone call and become a victim of cyber fraud. Analysis data collected from respondents reveals the grim fact that age or occupation has no impact on user behavior in response to technical attack techniques.