PhonePe's Guardrails: Future of Payment Security
The world of digital payments is changing rapidly, and with consumers expecting more reliable and seamless transactions, the payments ecosystem has become more complex. As these innovations are embraced, users' expectations for safe and secure experiences continue to grow. The future of digital payments, therefore, depends on trust, privacy, and security.
Faster payments come with challenges, making certain types of fraud easier to execute. For instance, scammers have started using IVR (Interactive Voice Response) calls to impersonate trusted institutions like banks and telecom providers. These fake calls trick people into believing the requests are legitimate, asking them to verify or authenticate private information, which can lead to fraudulent transactions.
Another growing concern is the misuse of generative AI, which has introduced sophisticated scams like phishing and deepfakes. Fraudsters use these tools to convincingly pose as family members, claiming they are in trouble and/or in urgent need of money. These scams prey on emotions, making it harder for people to detect the deception. Generative AI is also being exploited to bypass digital KYC (Know Your Customer) processes, allowing bad actors to impersonate legitimate users.
As these threats evolve, PhonePe has adopted stronger security protocols and continuous user education. By combining advanced technology with awareness initiatives, PhonePe is creating a safer digital ecosystem and helping users navigate this ever-changing landscape with confidence.
PhonePe is consistently implementing cutting-edge technologies and fostering strong partnerships to ensure a safe and seamless experience for its users, while proactively addressing the evolving challenges in the payments ecosystem.
Collaborations and partnerships
To strengthen the fight against fraud, the payments giant has been actively collaborating with key stakeholders across industries and regulatory bodies:
Law Enforcement Agencies (LEAs): PhonePe works closely with both central and state-level LEAs to share real-time data, conduct fraud investigations, and provide training on emerging fraud technologies. Together, they establish protocols to address fraudulent activities effectively and enhance overall awareness.
Alliance of Reporting Entities in India for Anti Money Laundering/Combatting Financial Terrorism (ARIFAC): As a key contributor to this anti-money laundering forum, PhonePe has co-hosted training sessions, including engagements for the South Chapter, to share expertise and strengthen the industry's defenses.
National Payments Corporation of India (NPCI) and banking partners: PhonePe has streamlined channels like web portals and emails to enable banks to resolve disputes in real time. Regular interactions with banks helps the company identify fraud tactics and improve redressal strategies.
Department of Telecommunications (DoT) and Telecom Regulatory Authority of India (TRAI): PhonePe actively participates in initiatives with DoT and TRAI to identify and act against bad actors, such as those using churned or deactivated phone numbers for fraud.
Industry seminars and conferences: PhonePe's Trust and Safety team frequently shares best practices at public forums, contributing to the broader industry efforts to improve safety standards.
Innovation in technology
To stay ahead of evolving threats, PhonePe continuously innovates and deploys advanced technologies that ensure user safety.
Profile-based authentication: PhonePe's risk management system combines real-time aggregation and personalized models, developed by its data science team. This enables the company to tailor user experiences while enhancing fraud detection across PhonePe's products. These models leverage cutting-edge technologies, such as HBase, to process large-scale data and enable quick decision-making.
Futureproofing against emerging risks: PhonePe's scalable platforms are designed to manage growing transaction volumes and detect new-age fraud, such as doctored photos, deepfake audio, location spoofing, and screen sharing.
By blending partnerships with technological innovation, PhonePe is setting new benchmarks for trust and safety in the digital payments ecosystem. Its priority remains protecting users and ensuring a secure, seamless payments experience.
Upcoming features in PhonePe's Trust & Safety ecosystem
PhonePe continues to roll out cutting-edge features aimed at strengthening fraud prevention and risk management.
Anomaly detection models for early warning: These unsupervised machine learning models automatically flag unusual patterns across platforms, acting as an early warning system. The internal platform allows rapid development, testing, and deployment of fraud detection algorithms, keeping PhonePe ahead of threat actors.
360-degree risk profiling: From Day 0, PhonePe builds a comprehensive risk profile for every customer, merchant, bank account, and device. This is achieved by combining internal data with relevant external insights. Machine learning models then provide instant, accurate risk scoring across a vast ecosystem that includes 60+ crore customers, 4+ crore merchants, and over 33 crore daily transactions*. Importantly, this is done with user privacy as a top priority.
Case management system for real-time response: PhonePe's enhanced system supports:
A consolidated view of risk data for real-time investigations
Structured, time-bound resolution workflows
Integration of AML, chargeback, and support operations into streamlined modules
Generative AI tools to accelerate incident analysis
Graph-based cluster detection: As fraud evolves from individual acts to coordinated clusters, PhonePe has implemented graph-based detection to identify anomalous group activities and enable real-time threat mitigation.
These tools enable PhonePe's risk operations teams to address issues methodically, improving outcomes for users and merchants. Security remains core to the company's mission, and its aim is to continue securing India's digital payments ecosystem with 'Made in India' innovations that deter fraud, protect users, and preserve privacy.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Time of India
4 hours ago
- Time of India
IPO-bound PhonePe announces UPI payments on feature phones
Live Events Fintech firm PhonePe announced rollout of UPI-based payments for feature phones with the purchase of GSPay technology stack from conversational engagement platform is a mobile application built on top of UPI 123PAY , the UPI payment solution for feature phones by National Payments Corporation of India (NPCI). PhonePe said it will customise and extend the recently acquired GSPay IP and launch its own feature-phone based UPI payment mobile app on new feature phones in India, over the next few will offer basic UPI features, such as P2P transfers, offline QR payments, and receiving money from other UPI customers to users' mobile numbers or self-QRs, to create full payment interoperability between feature phones and smartphones.'This (feature phones) segment of users has been historically underserved by the digital financial industry and the broader startup ecosystem. We hope we can enable crores of these feature phone customers to participate in India's burgeoning digital payments market," said Sameer Nigam, cofounder and chief executive of to industry data, India had approximately 24 crore feature phone users in 2024, and 15 crore more feature phone shipments are expected over the next five company has recently added Zarin Daruwala to it board of directors, where she joins CEO Nigam, Walmart chief financial officer John David Rainey, former revenue secretary Tarun Bajaj and retired as the CEO of Standard Chartered Bank-India on March 31 after a nine-year-long stint. Before that, she managed the wholesale banking business of ICICI Bank as president of the vertical. In this capacity, she also served on the boards of key ICICI group companies, ICICI Lombard General Insurance, and ICICI Securities. In the past, she has been on the board of JSW has started the process to list on the Indian exchanges by converting into a public company from a private entity in April 2025.
&w=3840&q=100)
Business Standard
18 hours ago
- Business Standard
Fintech major PhonePe appoints new board member as it prepares for IPO
Fintech major PhonePe has appointed former Standard Chartered Bank India chief executive officer Zarin Daruwala to its board as the company prepares for its IPO. The PhonePe board includes senior Walmart executives John David Rainey, Donna Morris, Leigh Hopkins; TeamLease vice-chairman Manish Sabharwal; IAS officer Tarun Bajaj; PhonePe chairman Rohit Bhagat; and co-founders Sameer Nigam and Rahul Chari. PhonePe is the largest player on India's real-time payments system Unified Payments Interface (UPI). It reversed its listing from Singapore to India in 2022.
The Wire
a day ago
- The Wire
Lessons From the BluSmart Case: Why the RBI Must Act Now on Digital Wallets
Menu हिंदी తెలుగు اردو Home Politics Economy World Security Law Science Society Culture Editor's Pick Opinion Support independent journalism. Donate Now Government Lessons From the BluSmart Case: Why the RBI Must Act Now on Digital Wallets Sarthak Gupta 11 minutes ago The BluSmart incident reflects a clear regulatory gap in the manner in which the RBI has decided to govern the digital wallets. Reserve Bank of India. Photo: CC BY-SA 2.5, via Wikimedia Commons Real journalism holds power accountable Since 2015, The Wire has done just that. But we can continue only with your support. Contribute now Another Indian financial watchdog has found itself quietly drawn into the BluSmart saga —this time, it's the Reserve Bank of India (RBI). According to reports, last month, the RBI initiated consultations with stakeholders to assess the viability and regulatory framework of digital wallets. This comes in the wake of thousands of BluSmart users, who had preloaded funds into their BluSmart's digital wallet for booking airport and intra-city rides, suddenly finding themselves unable to use, withdraw, or transfer their money. It was only after significant public outcry that the company announced it would refund the money, though it would take at least three months for users to get their funds back. It's important to note that BluSmart is one of India's largest consumer-facing mobility companies. Had this happened with some smaller regional business – say, a local coffee chain – users might not have got even a chance to recover a single rupee. The business could have shut down overnight, leaving customers with little more than hope. The incident reflects a clear regulatory gap in the manner in which the RBI has decided to govern the digital wallets. Differential treatment In 2009, the RBI for the first time decided to regulate digital wallets in the country, and since then, it has broadly categorised digital wallets into two buckets – open system wallets and closed system wallets. The first one, i.e., open system wallet, allows users to make payments not just to the entity which has issued these wallets but also to certain third-party entities after users load them from their preferred payment option – debit card, netbanking, etc. For example, the Phone Pe Wallet (not to be confused with Phone Pe UPI). The user just needs to load the Phone Pe Wallet and then can use the same for services within their Phone Pe app, like mobile recharges or insurance purchases and also on other platforms such as Amazon for shopping or Zomato for food delivery. There are specific rules governing these open system wallets. For instance, all the money that is loaded by the user in the wallet is stored in an escrow account maintained in a bank, not with the wallet provider, ensuring the safety of funds. Like a debit and credit card transaction, there has to be two-factor authentication (2FA) for all transactions that happen through the wallet, preventing unauthorised payments. Any grievance of the user has to be resolved within a strict and definitive timeline of 30 days. Further, there are cybersecurity norms, transaction monitoring, and reporting obligations to the RBI. The second one, i.e., closed system wallets, allows users to make payments only to the entity that has issued the wallet after users load it. For instance, if you have a Myntra wallet, it can be used solely to purchase clothes and accessories from Myntra. As per the RBI, since 'these instruments cannot be used for payment or settlement for third-party services,' their issuance and operation do not require approval or supervision from any regulatory authority. It is worth noting that this was not always the case. In the initial years when the RBI began regulating such digital wallets in the country, it had imposed certain limits and reporting requirements on entities offering closed system wallets. However, the most recent regulatory framework—specifically the version issued in 2021 —does not impose any such obligations. Hence, as long as funds are circulated internally within the entity which has issued the wallet, such arrangements are not subject to regulatory oversight. The only document that governs the relationship between the wallet issuer and user is the terms and conditions prepared by the wallet issuer and accepted by the user. Users hardly have any bargaining power to get any change accepted in the standard terms and conditions. For instance, if you refer to Clause 10 of BluSmart's terms and conditions, it states that the company shall not be responsible for any unauthorised use of the user's e-wallet, credit card, debit card, or net banking account during or after availing the services on the application or website. This raises a critical question of fairness: Should a company that solely owns and operates the app or platform be allowed to disclaim liability for unauthorised payments made through its interface? While it can be argued that a user always has the option to approach a consumer court in case of any grievance, the practicality of this recourse is questionable. Consider the fact that the average transaction value for mobile wallets in India is almost just Rs. 450. Pursuing legal action for such small-ticket disputes is often disproportionate, akin to buying a 50-cent chicken but spending two dollars on spices. The light-touch approach of the RBI The RBI has emerged not just as a regulator but as a facilitator of innovation in the financial ecosystem in the recent years. It has allowed innovation, experimentation, and market-led development with minimal intervention. Just a few weeks back, Sanjay Malhotra, RBI governor, in his speech at the inauguration of Digital Payments Awareness Week, observed, 'We have adopted a soft-touch approach to regulating the payments ecosystem and FinTechs, and through these regulations, the Reserve Bank attempts to balance these divergent sets of expectations'. India's offline payment aggregation industry is one of the biggest examples of this approach. The RBI has allowed offline payment aggregators – companies that provide QR codes, sound boxes, or swipe machines and process payments to operate without specific licensing or compliance frameworks. This has allowed rapid expansion of low-cost digital payments in rural and semi-urban areas, through players like Paytm, BharatPe, etc. Just for reference of readers who are not familiar with the fintech industry – the counterpart of offline payment aggregators, i.e, online payment aggregators – a company that processes payments for online payment transactions has to follow one of India's rigid compliance frameworks. However, when a uniform approach is applied indiscriminately, it often causes more harm than good. That's exactly what happened during the period from 2018 to 2021, when the number of digital loan apps mushroomed across the country in the absence of any specific direction from the RBI. These apps simply partnered with any available Bank or NBFC and started disbursing loans with instant approvals. Result – there were cases of excessive interest rates being charged, misuse of phonebook access to harass defaulting borrowers (and their relatives), and even instances of photo-morphing using borrowers' phone galleries, and suicides. The situation became so murky that the Union government had to step in. The finance minister directed the RBI to prepare a whitelist of legitimate digital lending apps, and the Ministry of Electronics and IT also blocked access to several unlawful platforms. Eventually RBI had to bring the Guidelines on Digital Lending, 2022, to specifically regulate the digital lending industry. This guideline did not just prohibit data misuse, but also fettered access to data by digital lenders. RBI's 'light-touch' approach With the closed system wallet, the RBI seems to have taken the same 'light-touch' approach, keeping in mind that no low money laundering risk the closed loop wallet present. Funds can only be used within a specific ecosystem and cannot be transferred to other users, restricting the movement of funds and thereby reducing the risk of concealing illicit transactions. However, incidents like the Bluesmart case have highlighted that risks extend beyond just money laundering. While it is understandable that the RBI seeks to avoid overburdening the market with excessive regulation, it can instead lay down just foundational principle like defining ownership of users on the fund being loaded, until it is utilsed, accountability of closed loop wallet provider to resolve issues of customer, transparency by mandating disclosure by closed loop wallet provider of features of wallet – fund expiry, refund policy, reloadability, and usage restrictions etc at onboarding etc. Closed system wallets continue to be the industry's preferred model, largely due to low customer acquisition costs and the absence of KYC requirements. A principle-based framework, rather than a prescriptive compliance-heavy one, would strike a balanced approach, avoiding burdens like escrow maintenance or mandatory two-factor authentication, while still establishing essential rules that safeguard consumer interests and foster trust. Sarthak Gupta is a lawyer with a focus on technology law and Fintech. He is available on LinkedIn here. The Wire is now on WhatsApp. Follow our channel for sharp analysis and opinions on the latest developments. Make a contribution to Independent Journalism Related News The State of the Economy: India Inc's Profit Dips, Rupee Is Asia's Worst Performer Is RBI's New Plan for Bad Loans Just Another Quick Fix? India's Net Foreign Direct Investment Plummets by 96.5% to Reach Record Low RBI's Potential Record Dividend: Fiscal Relief or Long-Term Risk? Between Lenders' Access to Phone Data and Digital Privacy, RBI Must Strike the Right Balance MHA, Which Once Denied Foreign Aid to Flood-Hit Kerala, Gives FCRA Permit to Maharashtra Relief Fund Profit and Sales Growth Slow Down as Compared to Last Year Amid Rising Cost and Trade Uncertainties 'Gruff Genius': Tiger Conservationist Valmik Thapar Dies At 73 Pollution Markets May Hold Promise but Regulatory Mechanisms Remain Crucial in India About Us Contact Us Support Us © Copyright. All Rights Reserved.
