Cashless Transactions - India

Some good practices to keep your money safe


1) Make two bank accounts.

Primary account and Secondary account

Keep all your money in Primary and never use it for online transactions.

Never use Primary Debit card anywhere.

Use the Secondary account for all the spending and withdrawing money from ATM. Transfer money from Primary account when needed and keep balance under Rs 10,000.


1) Use Credit Card as much as possible

Keep small Credit on Cards
In credit card payments banks can delay or revert the fraudulent payment but not in case of debit card payment. So credit card is safer choice for transactions

If you aren't earning a handsome salary or have bad credit score just put an FD of 25,000 and get a Credit Card against it. Never ever use your Debit Card for online shopping or at POS terminals.

2) Get a safer chip based card

A duplicate copy of magnetic cards can be made in minutes, chip based cards cannot be copied easily.

3) Never let your cards out of your sight

When paying bills at some restaurant, ask them to bring the POS machine to you or you yourself go to the machine. Also grab that receipt, check, and tear.

4) Always hide the keypad

Those devices that you swipe that card have walls to hide your fingers so that no one can see what you're typing, that isn't adequate, cover the top of your hand as well.

Don't punch in the numbers by making a fist and taking the index fingers out. Instead, type like a person playing the piano, i.e: all four fingers resting or hovering over the keypad.


1) Always go and inspect the ATM thoroughly

It hardly takes 15-20 seconds to ensure there's no skimmer in the slot, no camera of device watching your pin etc. The people behind you can wait.

2) Always tear up ATM receipts into pieces before you throw into the dustbin

3) Never display or show off with the money you just got from ATM

When the machine gives you cash, count and put that cash inside your wallet or purse while being in the ATM itself, don't do so while coming out of the ATM or outside.

_Phones and Computers_

1) Only install apps from official stores like Google play store or Apple store

Don't use pirated apps on your phone, it could be infected with adwares and spywares.

2) Always update your browsers, apps and antivirus definitions on your computer

3) Always check for HTTPS in your browser when making online transactions

4) Never click on links that arrive in text messages, emails, WhatsApp

Some of them run scripts and can send all your info to the hacker.

If a friend sends you link to check out something on Flipkart, better go and search that thing yourself instead of clicking the link

5) Never use any device other than your personal device to access your account

You'll often find people suggesting you not to use public computer systems to access your accounts, but whenever I see any of my relatives' or sometimes friends' systems, they tend to have some sort of malware or unwanted but suspicious browser extensions installed.

You cannot be sure how technically sound your relatives/friends are in protecting their computers, so best to avoid their devices for banking transactions.

6) Use two-factor authentication if your bank provides that option

Make sure your phone is locked and SMS that you get aren't visible on the locked screen. If you do not take care of this part, having a two-factor authentication kind of loses it's purpose, since gaining access to your unlocked phone pretty much gives someone access to your email ID (to reset password) and SMS (for two-factor authentication).


1) Change your netbanking password, ATM pin regularly (3 months)

2) Never reuse banking passwords in other sites

Always have separate banking passwords for all accounts and make sure they are not even similar.

If you're the kind of person who cannot remember passwords, write down password hints for yourself such that only you can figure out what the password is from that hint. This means you cannot use passwords hints like "son's name + wife's DOB".

3) Use Keepass password manager if you are tech savvy

Otherwise write your passwords on a paper and keep it very very safe


1) Stop giving out your phone number and email id.

Do not register your phone numbers at places where it's not needed.

Online offers that look too good to be true like '50 lucky registered winners will get free iPhone 7' actually are too good to be true.

Shopper's stop or Reliance fresh asking you for your phone number during checkout? Don't give it to them! Your number ends up in their spamming database. And if any of these numbers end up in the hands of a company that specializes in scamming, that can land you in trouble.

I've gotten calls from people multiple times claiming they're calling from my bank (they knew my bank name, my phone number and my name, so I would suspect they were who they claimed they were). But then they ask you to verify yourself by telling you your address and other details. Slowly they'll make their way to your debit card number.

Do not give out such sensitive details to anyone on phone,
even if they claim they're from your bank,
no matter how genuine they sound.

2) Don't share your email id, birth date on social media. If you have FB, then hide them.

3) Unlist from TrueCaller
_How exactly does Truecaller help the scammers you ask?_

They get your Phone Number from someplace

They get your Name from TrueCaller

Then they Internet Search your name, Get your info like DOB, PAN

With this information they get duplicate sims from your cellphone provider and Reset your passwords.

4) Always be safe with money

There are people inside a bank, one that marks other people taking out money, other, that's outside and puts a game on you.

These guys are pro's, if they've targeted you, then chances are there's a very good reason for it. They see you are weakling and either steal or dacoit, that is what they will do. Rare, but still happens.

A young bodied guy is less likely to get duped, but your mom, aunt, grandma/pa is a bull's eye for them thieves. Accompany them if you can. Money is a strange thing, and people will do anything to have more of it.

This forward may actually save people's life and their hard earned money

_Please spread awareness_
Last edited:
Dec 11 2016 : The Times of India (Delhi)

Online can be a scary space -threats are everywhere and hacking tools increasingly more sophisticated. Hitesh Raj Bhagat offers some basic tips on keeping yourself and your devices secure

Deleting Traces From Old Devices
When you're getting rid of your old com puter, simply deleting your data is not enough. Even if you use the format command to wipe the hard disk clean, the data can be recovered using simple, free software. The only way to make sure your data remains inaccessible is to overwrite it with random data. For Windows, get DBAN ( which is free for personal use. Some other common tools include CCleaner (http:www.piriform.comccleaner) and Eraser (http:www.heidi.ieeraser) they have overwrite tools built in. For Mac, the built in Disk Utility has a secure erase option built in. (Click Security Options in the Erase tab). You can also try the free Paragon Disk Wiper 15. On Android phones, there is a free app called SHREDroid it will automatically destroy all your old data if you plan to sell the phone or give it to someone else. Note that it does not work with Motorola phones.

Password Managers, Two-Factor Authorisation
If you're not using a password manager already, you should be. There are many excellent free options like LastPass, LogMeOnce and KeePass they take the hassle out of creating tough passwords and remembering them.It's important these days because people tend to use simpler passwords (made of words, numbers) and using the same password on multiple websites. If one gets hacked, there is potential that all your logins will get hacked.

Secure Yourself Using A VPN
AVPN or Virtual Private Network is a way to secure and encrypt your internet connection (whether on a PC or mobile device) to prevent your data from being stolenaccessed while in transit. There are many free VPN services available the catch is that there is always a data or bandwidth cap when it's free. If you only need to use one occasionally , go for a free service like Tunnelbear, VPNbook, Cyber Ghost or Windscribe. Once you sign up, they will provide full instructions to set it up on your machine. On your iPhone or Android phone, you can get the Opera Free VPN from the respective app stores it takes all the guesswork out of setting up and using a VPN.

Effective Firewalling
A firewall is a piece of software that blocks unsolicited incoming connections: this is particularly useful if you have to be on a public network for some time. Both Windows and Mac OSX have built in firewalls and they are up to the task for almost any situation. Just make sure that they are on and functioning. On Windows, open Control Panel and Firewall make sure it is on for both public and private networks. Similarly, on a Mac, go to System Settings > Security & Privacy and click the Firewall tab. You will need to click the lock to make changes and enter your password to switch it on. If you need something more advanced (typically for Windows), you should check out GlassWire even the free version offers a ton of extra features.

When Using Unsecured WiFi Networks
When you're at a coffee shop or restaurant that offers free WiFi, the temptation to connect is high, especially if you're travelling and data costs are high. Other public networks include the ones in malls, airports, libraries and hotel lobbies. The danger is that hack ers target users on these kind of networks and use software to `sniff ' out passwords and personal data. The previously mentioned firewalls and VPNs can help by adding an extra layer of security. Other things you can do is make sure your browser address bar URL starts with `https' and disable things like file & printer sharing and network discovery (on Windows, you'll find this in Control Panel > Network & Sharing Center > Change Advanced Sharing Settings. In OSX, got to System Preferences > Sharing).

Web-Safe Browser Extensions
The web browser is your gate way to the web and the easi est way to add a layer of security is with an extension. Try McAfee Secure or WOT (Web of Trust) to get notified about the trustworthiness of a website especially useful if you're often visiting a lot of new websites. Another free extension called HTTPS Everywhere (Firefox, Chrome) will automatically encrypt communications with several websites. Some of the other options you can try are Avast, ZenMate and UltraSurf.

On-The-Move RFID Blocking
R FID or radio frequency identification tags are already embedded in many of the bank cards we use, our passports and even loyalty cards. A lot of the information on them can be read without you even knowing a portable RFID scanner will be able to read the information from a few inches away . You can prevent these on-the-move attacks by using RFID blocking material. RFID blocking wallets are available online for as low as Rs 350. Other options include passport wallets, travel cases, sleeves and backpacks with special RFID blocking compartments.

Identifying Fake Calls & SMS
This is the easiest thing to do on any mobile phone just get Truecaller. Once you set up the app with your phone number and sign in, you can turn on spam detection. The app works a bit differ ently on Android and iOS. On Android, you can set it up to automatically reject known spam mers and to block hidden numbers. It also shows you information while the call in coming in so that you can choose to acceptreject. Truemes senger works in pretty much the same way, though it's Android only . On iOS, you can add the Truecaller widget and simply copy any number the widget will look up the number and tell you instantly.



Demonetisation is no doubt a boon to digital payments companies and Kumar Abhishek is among the beneficiaries. Last week, the founder of fin-tech startup ToneTag launched a payments solution based on a toll-free number, which allows customers without internet access use phones to send and receive money by means of an IVR-based service.ToneTag has been working in the payments space since 2013, and earlier launched a contactless solution that uses sound waves to make payments.The new feature, added this past week, allows a customer calls the toll-free number and register his card or bank account. A merchant, who has also registered for ToneTag, can call the number and enter the amount. Like other transactions, the customer will receive an OTP or a PIN, which he will have to enter to make the payment. ToneTag uses IMPS to carry out the transaction.“People in rural areas cannot operate a smartphone or send an SMS, but all of them know how to dial a number,“ says Abhishek. The company has raised $1 million from Reliance VC and has support of angel investors such as former Infosys CFO Mohandas Pai, former Wipro CEO TK Kurien, former Snapdeal chief product officer Anand Chandrasekaran, former iFlex India CEO Deepak Ghaisas and Nasscom Foundation trustee Arun Seth.Abhishek, whose parents worked in a public sector undertaking, grew up in Bokaro. He worked in Singapore as an implementation engineer for Infosys.Seeing the way payments were made in Singapore, he wondered how and when Indians would switch to digital payments. He moved to Bengaluru to work at IT services firm Mindtree, and finally decided to start out on his own in 2013. “In my hometown, the nearest ATM is 26km away. To expect people in such places to have smartphones is unreasonable. With this, you don't need any fancy gadgets,“ says Abhishek.
*How to Use UPI app*

Unified Payment Interface (UPI) launched by *National Payments Corporation* of India, which is expected to bring revolutionary changes to the payments landscape in I india has gone live recently. Several banks, including ICICI Bank, Canara Bank and Yes Bank, have already announced the launch of UPI-enabled apps, which can be used by both customers of the respective banks or an account holder of another bank to transact payments. UPI allows both sending and receiving money through the new mechanism.
*But how do the new apps work?* Many of us would be asking this question as more and more banks come up with their UPI apps. NPCI has listed out detailed steps on how a bank customer can use the various app. It has explained in a simplified manner how money can be sent or received right from registration to concluding the transaction.
Here is how it works:
Steps for Registration:
Download the UPI application from the App Store / Banks website
Create profile by entering details like name, virtual id (payment address), password etc.
Go to “Add/Link/Manage Bank Account” option and links the bank and account number with the virtual id
Generating M-PIN:
Select the bank account from which you want to initiate the transaction
User clicks one of the options:
a. Mobile Banking Registration/Generate MPIN
b. Change M-PIN
For registering or generating M-PIN:
You will receive One Time Password (OTP) from the issuer bank on his/her registered mobile number
You have to enter last 6 digits of debit card number and expiry date
Enter OTP and preferred numeric MPIN (MPIN to be set) and clicks on ‘submit’
After clicking submit, customer gets notification (successful or decline) for changing M-PIN
Enters old MPIN and preferred new MPIN (MPIN to be set) and click on ‘Submit’
After clicking submit, customer gets notification (successful or failure)
How a UPI transaction is performed:
PUSH – Sending money using virtual address
Log on to UPI application
After successful login, select the option of Send Money/Payment
Enter beneficiary’s/Payee virtual id and amount and select account to be debited
You will get confirmation screen to review the payment details and clicks on ‘Confirm’
Enter MPIN
Get ‘successful’ or ‘failure’ message
PULL – Requesting money
Log in to the bank’s UPI application.
After successful login, select the option of collect money (request for payment)
Enter remitters/payer’s virtual id, amount and account to be credited
You will get confirmation screen to review the payment details and clicks on confirm
The payer will get the notification on his mobile for request money
Payer now clicks on the notification and opens his banks UPI app where he reviews payment request
Payer then decides to click on accept or decline
In case of accept payment, payer will enter MPIN to authorise the transaction
Transaction complete, payer gets ‘successful’ or ‘decline’ transaction notification
Payee/requester gets notification and SMS from bank for credit of his bank account


Awesome Member
I have used payu money to receive the payments for my bike rental business in Shimla. Here is my experience:
Registeration: The process is really easy, you need to have PAN card of your business and a bank account. Once you register, they will transfer a secret amount to your account and then ask you to confirm what amount have been transferred. This is like OTP. Once you confirm, your account is verified.
Receiving Payments: The App has a feature to create the payment link, you can literally generate the bill and send it to your client via whatsapp, email & messages etc. The bill also has a feature of adding your logo.
Payment Received: Once the client makes the payment, you will have to login to the seller dashboard and raise the request to transfer of funds from payu money to your actual bank account. They charge somewhere around 3% of the total transaction value.

  1. Registration is simple, only requires PAN Card whereas Paytm requires every document such as partnership deed and what not.
  2. Sending the link for the payment works like charm.
  1. The payu money doesn't credit your money directly into your account. This is like an escrow account, after you have received the payment you will have to upload proof of delivery before they actually transfer the money to your account. The biggest drawback is that after you raise the request for transfer of funds to your account, a mail is sent to your client confirming if the delivery of product has actually been made. The client even after receiving the product/service can still withhold the payment.
  2. This should probably be the no. 1 of cons list- The payu money doesn't even have a customer care number, when my payment got hold for no obvious reason I could not even talk to them, after a lot of research I came upon the link where you can raise the ticket against the grievance. It took almost 5-6 days before the money could actually got transferred to my account. It is worthwhile to mention that this happened when my client didn't raise any ticket against the payment, had he raised any ticket, i wonder how long it could have taken for the resolution. The saddest part is that you are really worried about where is the money and then there is no body in the company you could talk to for the resolution.
  3. Read their facebook page and you could see a lot of vendors who are still looking for their payment to be credited to their business account.
  4. After you register with them, get ready to be pestered with the calls to upgrage to a pro package.
  1. Very poor support.
  2. I received payments worth half a lakh, but untill it got actually credited into my account I was worried.
  3. Thanks to @satinder ji, on his recommendation I have shifted to SBI Buddy now, I have not received so many payments as of now to really review SBI buddy.
thanks for reviews of Payumoney.
These new startups have no such infrastructure to solve customer's issues from both ends.
Better go for established players. These experienced companies can solve such issues in near future.
Wait & watch what happens in next some years.

Don't put big amounts with such companies.
Like 500-1000 or capacity wise try and see such dealings. Then put more amount in such apps gradually. Bank apps are much better.
Simple call system is even more better if you have ordinary mobile.

Put amount in different wallets 500-1000 only. Add amount in these apps gradually when you expect some expenditure.

A simple comparison between paytm and SBI buddy is:

Last edited:
Mobile Payment Apps in India Not Fully Secure: Qualcomm

Ibn live: business
12 hours ago

New Delhi: While government is pushing for digital payments through mobile phones, chipset maker Qualcomm said that wallets and mobile banking applications in India are not using hardware level security which can make online transactions more secure.

"You will be surprised because most of the banking or wallet apps around the world don't use hardware security. They actually run completely in Android mode and users password can be stolen.

Users use fingerprint which might be captured ... in India that is the case for most of all digital wallets and mobile banking apps," Qualcomm Senior Director Product Management Sy Choudhury told reporters here.

He said that even most famous digital payment application in India is not using hardware level security.

"Reason we are saying that none of them is using it because we work with OEMs (original equipment makers)," Choudhury said.

As per market research firm Strategy Analytics, Qualcomm leads mobile chipset market globally with 37 per cent share.

"Everyone is getting connected, everyone is getting authenticated by device. How do you know that your device is getting ready for demonetisation? When you download a mobile banking app you don't know if it is using hardware security or not," Choudhury said.

He said that Qualcomm is now approaching digital payments companies for using secure environment for processing payments on mobile phone.

"We are providing secure execution environment in the chipsets. This layer separates transactions on mobile phone from operating system. This checks any malware from effecting transactions," Choudhury said.

He said that Qualcomm is also coming up with new feature in its mobile chipsets from 2017 that verify user with payment gateway using unique features like device id, phone manufacturer signature, Android version in the phone, root kit of operating system, location and time, which will be nearly impossible to duplicate.

"Device attestation feature will start shipping in 2017. For end users it should be available by end of 2017," Choudhury said.

The company has partnered with software security company Avast to generate alerts for users in case their mobile phones are infected with virus or malware.

Choudhury lauded India's Aadhaar authentication system. "Aadhaar initiated by Indian government, the path that it is moving now with digital version of Aadhaar is far ahead then most government in the entire world," Choudhury said.
Last edited: