Is it Safe to Scan UPI QR Codes? How to Avoid Scams

UPI has made transactions incredibly fast, but this convenience also attracts scammers who exploit user ignorance. A common misconception among users is that scanning a QR code is a secure action that cannot cause harm.

In this security briefing, we explain how UPI QR code frauds occur and how you can protect yourself.

---

The Golden Rule: Scanning is for SENDING Money

The most important security rule of UPI is: You NEVER need to scan a QR code or enter your UPI PIN to receive money.

If someone tells you they are sending you a refund, prize money, or purchase payment and asks you to scan a QR code to “claim” it, it is a scam. Scanning a QR code and entering your PIN will instantly deduct funds from your account.

---

Common QR Code Scams

1. The ‘Receive Money’ Scam: Scammers send a QR code via WhatsApp claiming it is a payment voucher. Once scanned, it prompts you to enter your UPI PIN, transferring money out of your account.
2. QR Code Swapping (For Merchants): Fraudsters paste their own QR stickers over a merchant’s physical standee. When customers scan the code, the money goes to the fraudster instead of the shop owner.
3. Phishing QR Codes: Scanning a code redirects you to a fake banking login page designed to steal your credentials.

---

Security Best Practices

• Merchants: Always check your physical QR standee regularly to ensure it has not been tampered with or covered by a fake sticker.
• Verify Payee Name: Before entering your PIN, always verify the name displayed on the payment screen. Standard UPI apps will show the bank-verified name of the recipient.
• Set Transaction Limits: Configure a daily transaction limit on your banking app to prevent massive unauthorized transfers in case of fraud.