If you’ve been using UPI or any digital payment app regularly, you’ve probably come across something like this.
A friend pays for something online and never gets it. Someone in the family gets a call, shares a detail they shouldn’t have, and money is gone within minutes.
Sometimes it’s a colleague trying to fix a routine issue, only to realise later that money has disappeared.
This isn’t rare any more. Just recently, someone I know lost Rs 80,000 while trying to buy a phone listed on a selling app. A year ago, a friend lost money while trying to sell something online.
In both cases, the transaction felt normal until it suddenly wasn’t.
And these aren’t isolated cases any more. Digital fraud is showing up in ways most people didn’t see coming. Payments are instant now, money moves in seconds, and there’s very little time to pause or double-check.
Add to that artificial intelligence, which makes it easier to create convincing messages, identities, and even voices, and it’s getting harder to tell what’s real and what isn’t.
The , a risk intelligence firm that works with banks and fintech companies, puts this shift into perspective.
In 2024–25, bank frauds in India rose to Rs 36,014 crore, nearly three times the previous year, even as the number of reported cases fell, .
Zoom out a bit, and the scale becomes clearer. In just the first ten months of 2025, India recorded around 24 lakh digital fraud cases involving losses of over Rs 4,200 crore, according to data tabled in Parliament.
These are different layers of the same problem. The Rs 36,014 crore reflects high-value bank frauds, while the Rs 4,200 crore captures retail digital scams reported by users.
Put together, the pattern is clear. Fewer cases, bigger losses. More attempts, faster execution.
“The RBI’s own data makes the pattern visible. Fewer incidents, far greater damage,” Sandesh Gs, CTO at Bureau, told IndiaToday.in. “This is not less fraud. It is smarter fraud.”
One of the more telling insights from the report is this: fraud behaves like a network.
Millions of account takeover attempts — where someone gains control of your bank or app account — have already succeeded across banks and fintech platforms.
Alongside that, more than 1.1 million suspected mule accounts have been flagged.
A mule account is a regular bank account used to move stolen money. It may belong to someone knowingly involved, or someone who has unknowingly given access.
Once money enters these accounts, it is quickly routed through multiple layers, making it harder to trace.
That is why, in many cases, recovery becomes difficult within minutes.
For years, most frauds were small but frequent. OTP scams, phishing links, impersonation calls.
That model is changing.
Fraudsters are now going after fewer, higher-value targets — places where the money is larger and the system is under pressure to move quickly.
“Loan fraud surged sharply, indicating that big-ticket credit and corporate scams are now driving overall losses,” Tarun Wig, Co-founder and CEO at Innefu Labs, a Delhi-based cybersecurity and AI-driven analytics firm, told IndiaToday.in.
Part of the spike reflects older frauds being reclassified into FY25, he added. But the direction is clear.
Fraud is moving up the value chain.
In digital lending, this shows up in what the industry calls loan stacking — taking multiple loans across apps within a short window before systems catch up.
“Disbursal approvals now happen in minutes. A user with a fake identity can apply across multiple platforms and disappear before anyone intervenes,” Sandesh said.
In the last few years, the value of such fraud has tripled.
There’s another reason fraud is spreading faster.
“Fraud-as-a-service has removed the requirement for deep technical expertise and replaced it with access,” Sandesh said.
Fraud-as-a-service simply means ready-made scam tools being sold or rented online. These include stolen personal data, fake identity kits, and scripts to run scams.
You don’t need to build anything from scratch anymore.
What changed is simple. Modular tools replaced expertise.
Tarun describes it as commoditisation. Fraud has become easier to attempt, cheaper to run, and faster to scale.
That changes the risk for everyone.
It’s no longer just a handful of organised groups. It’s a much wider pool of actors, using the same playbooks.
A 2025 survey by LocalCircles found that — a reminder of how widespread the problem has become.
Some of these operations stretch beyond India. In the first half of 2025 alone, scams linked to networks in Southeast Asia cost Indian users an estimated Rs 8,500 crore.
At the centre of this shift is identity.
Fraud is no longer just about accessing someone else’s account. It often starts with creating a new one. Synthetic identities — a mix of real and fake personal details used to pass verification — are becoming a major tool.
“Synthetic identities are a structural fraud problem, not a niche one,” Sandesh said.
They pass checks because parts of them are real. They behave normally at first. The fraud shows up later.
“There is no immediate victim flagging the fraud. These identities can quietly absorb credit over time,” Tarun said.
With AI tools now generating realistic documents, voice calls, and digital footprints, distinguishing between real and fake users is getting harder.
India’s payments infrastructure has scaled rapidly. UPI is now processing over 20 billion transactions every month, with billions of payments happening every single day.
But fraud detection hasn’t kept pace. “For most institutions, the honest answer is no,” Sandesh said.
Many banks are still working with systems designed for slower transactions. Detection often happens after the money has moved.
Across the ecosystem, the pattern is similar. Systems that react instead of anticipate. Checks that come in too late.
According to Bureau’s estimates, around Rs 1,120 crore in losses could have been prevented with systems that already exist.
Over the years, the RBI has repeatedly flagged gaps in digital operations and IT governance at banks and payment entities, imposing restrictions and penalties in several cases over the past few years.
The direction of policy is also shifting.
“Instant transfers leave almost no time for post-facto checks,” Tarun said.
That is why ideas like are now being explored. Not to slow the system entirely, but to create a small window for detection.
Even the headline number may not tell the full story. “The picture we have significantly understates the actual scale,” Sandesh said.
The Rs 36,014 crore figure reflects reported bank fraud in FY25, but it does not include unreported losses, fraud absorbed by platforms, or cross-border scams that are difficult to track.
“Current estimates are directionally useful but grossly understated,” Tarun added.
Additionally, data remains fragmented across banks, fintech platforms, telecom networks, and law enforcement agencies. There is no single, unified view.
Fraud today cuts across systems. Banks manage accounts. Platforms manage access. Regulators set the rules.
Fraudsters move across all of them.
“Fraud is a network problem. You cannot solve a network problem with a point solution,” Sandesh said.
For most people, though, it doesn’t feel like a network problem. It feels like a normal transaction.
A payment for something that looked genuine. A call that sounded convincing. A request that didn’t seem out of place.
By the time it feels wrong, the money has already moved.