Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Evolving fraud patterns across payments and digital lending, ETCISO

Evolving fraud patterns across payments and digital lending, ETCISO

Evolving fraud patterns across payments and digital lending, ETCISO

India has a digital financial infrastructure that spans payments, lending, insurance and investment, accessible from any smartphone, at any hour. This is a remarkable tech highway that is the envy of many. Hundreds of millions of people now transact digitally who, a decade ago, had no meaningful access to formal financial services. The achievement is genuine, and the potential is enormous.

Perhaps it was naive to think that this would not be in the crosshairs of fraud.

The invisible attack on payments

Fraud in digital payments no longer looks like a brute-force cyberattack. Today, it operates almost entirely on stealth.

Victims often do not know a transaction has occurred until they check their balance, sometimes days later. A sideloaded application, disguised as a routine update or notification, installs silently. An overlay renders on top of a legitimate banking app. A Remote Access Trojan activates in the background. The device carries out a transaction its owner never authorised.

The infrastructure behind these attacks is itself now a marketplace. In June 2026, Ahmedabad’s Cyber Crime Branch dismantled a network that supplied malicious APK files to between 300 and 400 criminal clients a month via a Telegram bot complete with subscription tiers and renewal options. The operator was earning an estimated ₹40-50 lakh monthly. The tools on offer impersonated SBI KYC updates, RTO challans, electricity bill notifications: the unremarkable, the routine, the trusted.

This is not a niche threat. In 2025, Indians filed 28.15 lakh cybercrime complaints and lost ₹22,495 crore indicating a 24% increase on the previous year. Payments fraud accounted for over 12.64 lakh reported incidents in FY25. The reported figures are almost certainly understated: research suggests more than half of the victims never file a complaint.

What makes this difficult to counter is not the technology, but the intelligence of the adversary. Fraud rings study the security controls of fintech platforms systematically – probing for rules that have not been updated, thresholds that can be gamed, detection logic that can be mapped by observing what generates friction and what does not. They share findings across networks that, according to Ministry of Home Affairs data, increasingly operate out of organised compounds in Southeast Asia.

Penetration testing and vulnerability assessments catch known weaknesses at a point in time. However, if your adversary keeps reorganising, shifting their point of attack, you will always be caught unaware. You need agile resilience.

The identity problem in digital lending

Lending fraud operates differently, but the underlying logic is similar: find the gap between what a control is designed to check and what it actually checks.

KYC verification in digital lending is the primary target. Fraudsters have become adept at partial identity manipulation, presenting enough of a genuine identity to satisfy individual checks while concealing or tampering with the components they cannot replicate. A name matches. A document number validates. A photograph, however, has been altered. Each element, examined in isolation, appears legitimate. Together, they do not belong to the same person.

The implication for lenders is straightforward: identity verification cannot be a series of discrete checks. It must be a consolidated process; one that assembles every available component of an applicant’s identity into a coherent whole before validation, not after. The integrity of the profile must be assessed at the level of the complete identity, not its individual parts.

Video KYC, when executed well, remains one of the strongest controls available. A trained agent authenticating identity in real time against physical documentation is substantially harder to deceive than an automated system. But the strength of the control depends entirely on the robustness of the process around it. Sessions must be fully recorded and auditable. Maker-checker protocols must be enforced. Any process that can be influenced, bypassed, or reviewed selectively is a process that will eventually be exploited.

Operating model, not just technology

There is a tendency in discussions of fraud prevention to focus on tools: machine learning models, behavioural analytics, biometric checks. These tools are key, but so is the operating model.

Controls that were effective eighteen months ago may not be effective today. The question for any institution is not whether its controls were adequate when they were built, but whether they remain adequate now; and whether the organisation has the discipline to find out before an attacker does. That requires a genuine and ongoing commitment to stress-testing one’s own defences, over simply confirming that they hold.

Growth compounds this challenge. The pressure to acquire customers, reduce friction and compete on speed creates incentives to loosen controls at precisely the moment volumes are rising and attack surfaces are expanding. Threading the needle of this calibration by maintaining controls that are tight enough to prevent fraud without being so restrictive that they exclude legitimate customers, is one of the more consequential decisions a risk function makes.

Trust is the product

A customer completing a payment from home, or applying for a loan through an app at midnight, should feel the same confidence they would standing at a bank counter. The physical branch conveys safety through its permanence, its staff, its procedures. Digital channels must convey the same thing – not through optics, but through actual security that customers experience as reliability.

Where that confidence is absent, adoption stalls. India has spent years and enormous public investment building the infrastructure for financial inclusion. Losing customers to fraud, or losing their trust even without a direct loss, squanders that investment.

The risk is not merely financial. A customer may never truly enjoy a fantastic product, because they fear they may be walking into a trap. Financial services may never evolve, because what’s better never gets used.

The author is Aby George Eapen, Head of Group Risk, Navi.

Disclaimer: The views expressed are solely of the author and ETCISO does not necessarily subscribe to it. ETCISO shall not be responsible for any damage caused to any person/organization directly or indirectly.

  • Published On Jul 1, 2026 at 08:00 AM IST

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!




Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket