Interviews

Unmasking Vulnerabilities: Tackling APP Scams in India’s Rapidly Evolving Digital Payment Landscape

CXOToday has engaged in an exclusive interview with Ankur Saxena – Senior Director and Head of Sales, South Asia & Middle East (UAE & Oman) at ACI Worldwide.

 

  1. India has been identified as one of the highest-risk markets for APP scams. Could you elaborate on the key factors contributing to this vulnerability and how they compare with other global markets?

 

  1. Massive adoption and expansion of digital payments

According to ACI’s 2024 Prime Time for Real-time report, India continues to dominate the global real-time payments market, with 129.3 billion transactions in 2023 – more than the rest of the world’s top 10 real-time payments markets combined. Of all electronic payments made in India, 84% are now real-time. Scammers are exploiting the immediacy of real-time digital payments and reducing the window of opportunity to spot and stop scams.

  1. Consumer understanding, especially in rural areas

Consumers, particularly in the rural areas, are unfamiliar with the nuances of digital safety, making them susceptible to scams. With diverse linguistic and literacy levels, fraudsters exploit local languages to gain trust and craft scams.

  1. Cultural trust in authority figures

According to ACI’s 2024 Scamscope report, impersonation is the top APP scam type in India, making up one-fifth of all scam types. Many APP scams in India rely on social engineering, where fraudsters impersonate government officials and bank representatives. The cultural inclination to trust authority figures can make individuals less critical of suspicious communications.

 

  1. The report projects APP scam losses in India to grow to INR 49,626 million by 2028. What specific challenges do businesses of varying sizes face in mitigating these risks, and how can they prepare effectively?

Businesses in India face varying challenges in mitigating APP scam risks, depending on their size. Small businesses often lack the technical expertise and resources to implement robust fraud prevention measures, making them vulnerable to impersonation scams and fraudulent payment requests.

Medium-sized businesses with higher transaction volumes struggle with inconsistent fraud detection systems and targeted scams like fake vendor schemes. Large enterprises may have complex and disparate payment channels that are susceptible to sophisticated targeted attacks. Fragmented internal communication in large enterprises can also lead to fraudulent approvals. To prepare effectively, businesses must invest in scalable fraud detection tools, establish robust internal controls, provide regular employee training, and collaborate with banks and regulators to stay ahead of evolving threats, tailoring their strategies to their operational scale and complexity.

 

  1. With the rapid adoption of real-time payments like UPI, what role does AI and machine learning play in detecting and preventing APP scams?

Artificial intelligence (AI) and machine learning (ML) are pivotal in detecting and preventing APP scams by enabling financial institutions to analyze vast datasets, identify complex fraud patterns, and respond to threats in real time. AI-driven fraud orchestration technology enhances risk-based authentication, allowing banks to assess transaction legitimacy more accurately. ML algorithms adapt to new fraud tactics by continuously updating their models with emerging data, thereby improving detection rates and reducing false positives.

Furthermore, AI facilitates real-time intelligence sharing among financial institutions, enabling collaborative profiling of transaction risks without compromising data privacy. ACI has decades of experience in the use of AI and ML – and applying that experience to address very real and accelerating challenges impacting our customers. ACI Payments Intelligence delivers predictive modelling with multiple AI models running in parallel to address emerging fraud risks.

 

  1. The report mentions a 6% CAGR for APP fraud losses in India, the lowest among markets studied. What are the proactive measures India is taking, and what can other countries learn from these strategies?

As the biggest and most developed real-time payments market globally, India has seen a huge spike in APP and real-time fraud losses in the last five years. In 2024, however, fraud losses have dropped rapidly as India is beginning to come to grips with the problem more effectively than any other market in the study. One significant initiative is the launch of the Sanchar Saathi portal, which empowers users to block unauthorized SIM cards and report fraudulent activities, thereby preventing scammers from exploiting mobile connections.

Banks in India are starting to collaborate with each other—and with other entities like telecom companies and internet providers—to share intelligence and build a united defense against scams. For example, the RBI’s Central Fraud Registry is a centralized database where banks and financial institutions report and access details about fraud incidents. This registry facilitates the sharing of intelligence on scam patterns, fraudulent entities, and emerging threats, enabling a coordinated response.

 

  1. How can small businesses, which often lack robust fraud prevention frameworks, protect themselves against APP scams while ensuring a seamless customer experience?

Small businesses in India can protect themselves by adopting practical, low-cost strategies tailored to their operations. They should use secure and trusted payment platforms with built-in fraud detection, such as multi-factor authentication and transaction monitoring. Partnering with banks and fintech providers for guidance and leveraging their fraud prevention tools can enhance security without significant investment.

Clear internal procedures, such as double-checking payment requests and vendor details, can mitigate risks without slowing down workflows – and regular training for employees on identifying scams and securely handling transactions is essential to address the human factor. Finally, fostering transparency and trust with customers through secure payment methods and clear communication ensures that safety measures do not create more friction and disrupt their experience.

 

  1. Looking ahead, what role will public-private partnerships and regulatory interventions play in reducing APP scam losses and safeguarding India’s digital payments ecosystem?

India has been focusing on fostering collaboration between financial institutions and regulatory bodies to combat APP fraud effectively. RBI has emphasized the need for banks and payment service providers to share real-time fraud intelligence and suspicious transaction patterns to identify and mitigate threats proactively. Platforms such as the Indian Banks’ Association (IBA) and Cyber Coordination Centre (CyCord) facilitate the exchange of critical information on emerging fraud tactics, allowing for a collective response to scams.

Additionally, initiatives like CERT-In (Indian Computer Emergency Response Team) promote the sharing of cybersecurity threats, including those related to digital payments, across industries to build a resilient ecosystem. This collaborative approach ensures that intelligence sharing is not only reactive but also anticipates potential vulnerabilities, strengthening the overall defense against APP fraud and enabling a coordinated and effective defense and rebuilding public trust.