UPI Shield
Overview
UPI powers India's digital economy with billions of monthly transactions, but as adoption grows, so do fraud risks. This project explores how fraud prevention can shift from post-transaction detection to pre-transaction decision support.
UPI Shield is a concept feature that introduces a real-time risk awareness layer within the payment flow, enabling users to make safer decisions before sending money.
Research & Problem Framing
Source: Ministry of Finance, Parliament data
Most fraud does not occur due to system vulnerabilities, but because users are not equipped with the right signals at the moment of decision-making. Today, users are expected to trust unfamiliar QR codes or UPI IDs without any contextual verification.
UPI fraud is a decision-stage problem, not a technology failure.
User Segments
| Dimension | Frequent Transactor | Cautious Transactor |
|---|---|---|
| Behavior | Makes multiple small-value transactions daily — friends, deliveries, marketplace sellers. | Makes infrequent payments, often high-value or to unfamiliar accounts. |
| Attitude to Risk | Often sends money to new or unfamiliar UPI IDs. Prioritizes speed over verification. | Lacks confidence in identifying fraud. More likely to rely on instructions from others. |
| Core Need | Safety checks without compromising speed. | A quick, reliable way to verify credibility before paying. |
Core Problems
Users cannot evaluate QR codes or UPI IDs before paying. There is no quick credibility check for unfamiliar recipients, the payment flow prioritizes speed over safety signals, and fraud exploits decision gaps — not technical vulnerabilities.
User Stories
As a user making a payment by scanning a QR code, I want to see potential fraud signals before sending money, so that I can avoid paying a suspicious account.
As a user receiving an unfamiliar UPI ID, I want to check its credibility quickly, so that I can decide whether the payment is safe.
As a user who encounters suspicious payment requests, I want to report them easily, so that others can avoid potential scams.
Opportunity & Strategy
The opportunity lies in embedding lightweight risk awareness directly within the payment journey, without disrupting the speed that makes UPI successful. Instead of blocking transactions, the strategy focuses on surfacing just-in-time risk signals, allowing users to opt into deeper analysis while preserving a fast, uninterrupted payment flow.
| Dimension | Current State | UPI Shield |
|---|---|---|
| Risk Visibility | No signals before payment confirmation. | Real-time risk indicators surfaced during the flow. |
| User Control | Users proceed with no option to verify. | Optional deeper analysis before committing to a transfer. |
| Fraud Response | Post-transaction detection and recovery. | Pre-transaction decision support and fraud reporting. |
| Payment Speed | Fast but uninformed. | Fast by default, with optional friction for risky transactions. |
Goals & Metrics
| Metric | Type | Why It Matters |
|---|---|---|
| Risk Analysis Engagement Rate | Primary | % of payment attempts where users open or view risk analysis before completing a transaction. |
| Risk Check Interaction Rate | Supporting | Measures feature discoverability within the payment flow. |
| Payment Cancellation Rate Post Risk Alert | Supporting | Indicates whether fraud warnings are driving meaningful user action. |
| Report Suspicious QR/VPA Engagement Rate | Supporting | Validates whether users are taking action on suspicious QR/VPA. |
Solution: UPI Shield
UPI Shield introduces a lightweight, optional security layer integrated directly into the payment flow.
1. Scan QR with Risk Awareness
Scan QR → System detects UPI ID → User enters amount → Open risk analysis panel (optional) → View risk signals → Proceed or Cancel.
2. UPI ID Analyzer
Enter UPI ID → System analyzes ID structure and signals → Risk analysis generated → User reviews credibility signals.
3. Fraud Reporting
Select Report Fraud → Choose report type (UPI ID or QR Code) → Submit ID or upload QR image → Describe suspicious activity → Submit report.
4. AI Knowledge Hub
System Thinking
Risk Scoring Logic
The risk scoring system is conceptualized as a multi-signal evaluation engine. Instead of relying on a single metric, it combines multiple indicators — identifier patterns, suspicious keywords, and known fraud behaviors. The output is not just a score, but an explainable risk breakdown, which is critical for building user trust. Users are more likely to act on warnings when they understand why something is risky.
Event Tracking Plan
| Event Name | Trigger | Description |
|---|---|---|
| QR Scan Completed | User scans a QR code | System detects UPI ID from QR. |
| VPA Check Started | User opens UPI ID Analyzer | User enters a UPI ID for analysis. |
| Risk Analysis Viewed | User opens risk panel | User opens fraud risk insights during payment. |
| Fraud Report Started | User selects Report Fraud | User opens the fraud report flow. |
| Fraud Report Submitted | User submits report | User successfully submits suspicious VPA or QR. |
Challenges & Constraints
| Challenge | Constraint | Decision |
|---|---|---|
| Speed vs Safety | UPI's core value lies in instant transactions. Introducing friction risks drop-offs. | Keep all risk interactions optional and non-blocking. |
| Trust in Risk Signals | Overly aggressive warnings create alert fatigue; weak signals fail to prevent fraud. | Prioritize explainability — show why something is risky instead of black-box scoring. |
| Lack of Primary Research | Project relied entirely on secondary research without user interviews or usability validation. | Ground decisions in industry data and known behavioral fraud patterns. |
| Technical & Compliance Dependencies | Requires QR parsing, camera integration, risk engine API, and financial warning compliance. | Scoped as concept; dependencies flagged for implementation phase. |
Dependencies
Implementation depends on: QR scanning and camera access integration, risk analysis logic for VPA/QR detection, backend or API support for fraud signal evaluation, analytics tracking implementation, and compliance review for fraud warning messaging.
Expected Impact
UPI Shield is designed to influence user behavior at the most critical moment — just before a payment is completed. By introducing contextual risk signals, the product aims to increase user awareness during transactions, reduce impulsive or manipulated payments, and improve confidence when dealing with unfamiliar recipients.
From a product perspective, this translates to lower fraud success rates and stronger trust in digital payments. The primary success benchmark is achieving 30%+ engagement with risk signals before payment completion.
Links
Presentation | PRD | Prototype