Suggestions to curb OTP related monetary frauds

Image source: Google image search – AppIndia News

One-Time Passwords (OTP) are used by banks to authenticate user login & authorize transactions, by ecommerce companies to confirm delivery, by UIDAI, for Aadhaar based verification, by stock brokers to confirm trades, by taxi aggregators to confirm trips and so many other similar use cases. 

There are numerous news articles which state, people are being scammed by obtaining their OTP, losing their hard earned money, and as a result of the loss, suffering serious health issues. Scamsters are well trained to talk in a way that sounds very genuine and earn the trust of their prey.

Currently most of the OTPs are in the format of a 4 digit numeric value. What if we have a unique alphanumeric format of OTP that prefixes some meaningful words like “BANK”, for transactions that would debit money from a user’s account. A format that clearly distinguishes and denotes that it is a money related transaction and one that could be easily understood by common people, so that they become aware money will go out or debited from the account when they key in the OTP.

Below are a few examples for OTP that could be standardized for money related transactions: 

  • BANK1234
  • BANK123456
  • BNK1234
  • PAY1234
  • SEND1234
  • DEBIT1234

If there are technical difficulties in having alpha-numeric OTP, then we can think of something like prefixing the OTP with 2 or 3 zeros, which can symbolically denote a transaction that would debit money from the user’s account once the OTP is keyed in.

  • 0001234

If the central agencies can arrive at a format, the same can be standardized for all money related transactions across all banks. The public can then be educated so that they are able to identify/differentiate an OTP for monetary transactions and not share the same with anyone. Also, we can keep educating the public that they do not need any OTP to receive money.


Of late I also read news on how people get cheated when they search for customer care numbers online and end up calling some dubious numbers. The crooks on call convince innocent people to install screen sharing apps, generate OTP and carryout banking transactions using the OTP they can view while the screen is shared.

Suggestion: Android currently shows tiny green dots called privacy indicators while the phone’s camera or mic is on. In a similar way, the user should be clearly indicated while his screen is shared and on top of this, to prevent misuse during screen sharing or screen mirroring, the Android Operating System should suppress or not allow anyone to open/access notifications, messages, email, banking apps or similar sensitive apps, while the screen is being shared.

With respect to the customer care numbers being altered, on Google maps or search results page, one resolution could be RBI (Reserve Bank of India) maintain a page with the customer care numbers and email ids of all banking and financial entities, similar to how it is done here. When someone searches e.g. “SBI customer care no.” on Google, Google can prioritize the search result by showing the official page from RBI both on search results as well as the side pane that shows details from Google maps, along with a note advising the public to refer the contact details shared by RBI or on the banks official website.

Also, we receive lots of spam messages on the phone with shortened URL/link. It would be safer if the users are able to preview the full URL before the browser actually opens it. Also, make it difficult for innocent users to download malware or apps by the click of a link shared by scamsters.

We also receive QR codes from scammers, which people scan and end up losing money. It would be safer if some safety checks can be integrated within the camera application, which when used to scan QR codes, alerts the user if they were sent with malicious intent.

News references:

RBI Press Release

RBI warns against fraud calls, messages, emails and OTP scams | Mint

How to avoid OTP fraud

Avoid payment transfer scams – Google Pay Help 

India: number of OTP frauds recorded by leading state 2021 | Statista

Rise of OTP based Frauds 

SBI OTP fraud alert! Lender says know how to make online system work | How-to

SBI Customers Alert! This OTP fraud can be dangerous; here’s how to avoid it

KYC, OTP and PIN theft, the biggest trends in financial cyber-crime: Report

Mumbai: Woman claims did not share OTP with cyber-fraudster but lost Rs 3.63 lakh | Cities News,The Indian Express

Punjab CM Amarinder Singh’s wife reveals ATM pin & OTP to fake bank manager, loses Rs 23 lakh – The Economic Times 

Beware of these 4 frauds while making payments via UPI amid lockdown – The Economic Times 

SMS Spoofing: How scammers are using this technique to steal money from your account – Times of India  

Two OTP frauds reported every day in city | Mega Media News English 

Cyber Crime: New form of OTP theft on rise, many techies victims 

Walk-in fraud: How this gang steals money via OTP – Times of India 

Tips to Avoid OTP Fraud – Bajaj Finserv 

Tips to keep your OTP safe from online fraud 

Beware of fake customer care numbers you find on Google | Mint 

WhatsApp users lose over Rs 54 crore to a new scam, here is what happened – India Today 

Illegal desi call centres behind $10 billion loss to Americans in 2022 | India News 

Fake delivery executives scam with OTPs: Here’s how to prevent falling prey | Mint 

Mumbai woman tweets train ticket details online, loses Rs 64,000: here is what happened

Flat owners lick wounds as fake army officers invade bank accounts – Times of India 

NRI techie duped of Rs 10 lakh by fraudsters in Chennai 

Fraud calls are a real threat to many sectors – The Economic Times 

BFSI, telecom most impersonated by scamsters for customer care frauds, says CloudSEK report – The Economic Times 

In Chennai, scammer swindles techie out of Rs 9.5 lakh 

Beware! Scammers sending fraud messages to HDFC customers, do not click on the link – India Today 

Sim boxes new tool in scammers’ arsenal – Times of India 

They thought loved ones were calling for help. It was an AI scam

Scammers steal Rs 1 crore from 81 users who were making UPI payment in Mumbai, how to stay safe – India Today