PhonePe’s Guardrails: Advanced risk detection features

PhonePe is committed to securing digital payments for millions of Indian citizens. The Trust & Safety features in-built on the app using data models and algorithms allow the company to monitor any suspicious activity and alert customers while protecting their privacy.

Device Guard

Device Guard is PhonePe’s proprietary security feature on the device that, with user permission, leverages device data, including information about the device’s hardware, operating software and settings, to protect users from common types of fraud as well as bots, viruses, and other types of malware that could infect a device to steal sensitive information. 

Device Guard has anti-malware, anti-abuse and compliance modules that continuously protect and safeguard users. Its anti-abuse models protect users against social engineering scams, where scammers impersonating legitimate organizations target users to steal their information. In such a scenario, Device Guard can recognise if a PhonePe user may be on a phone call and deciphers if the user is showing a different behaviour signature and generates prompts that convey the risk of proceeding with the transaction. The user is then asked to either clarify that they still want to proceed with the transaction or stop the transaction.

Device Fingerprinting

PhonePe’s Device Fingerprint module builds on Device Guard and the user’s device data, with their permission, to generate a unique fingerprint, based on the specific settings and parameters of their device. This fingerprint allows the PhonePe system to detect malicious patterns and deter fraud. Since the company employs a graph database that aggregates the unique properties of millions of devices, it can create a truly unique fingerprint for each user device.

Edge-Based Model

At PhonePe, customer consent and data privacy are foundational to how the systems assess risks. Using advanced data models, the company evaluates the risk level of transactions by analyzing only the data for which users have explicitly provided consent.

For instance, when a user enters their credit card details to make a payment, the edge-based models rely on consented data points to verify ownership of the card. Notably, this analysis occurs entirely on the customer’s device, ensuring that no sensitive data is transferred externally, thereby upholding user privacy.

The results of this analysis are then used to evaluate the risk of the transaction, determining whether to approve or decline it. In certain cases, these outputs may also guide further investigations before finalizing settlements, ensuring both the safety and trustworthiness of the PhonePe platform.

For instance, when a customer is making a rent payment using a credit card, if the model is able to establish possession of the credit card, it will allow settlement immediately. If the model predicts a low probability of possession, the user is shown a message that looks like this:

Identity Graph

PhonePe's Identity Graph Platform is an important component of its fraud detection system, designed to enhance the security of user transactions. This platform creates a network of interconnected entities—such as phone numbers, user IDs, bank accounts, and Virtual Payment Addresses (VPAs)—allowing the company’s detection teams to visualize and analyze relationships between them. By mapping these connections, PhonePe can uncover hidden linkages that may indicate fraudulent activity, enabling it to proactively protect users’ financial interactions.

Feedback Reporting

To enhance transaction safety and build user confidence, PhonePe has introduced PhonePe Protect, a framework designed to safeguard users and merchants from potential fraud. If a transaction is declined due to security concerns, users are provided with clear contextual information and the option to verify whether they authorized the payment or not.

When the system intelligence detects a potential risk—such as the possibility of a user or merchant being defrauded—the system intervenes in real time during the payment process. Users receive relevant warnings and prompts to help them make informed decisions. Additionally, PhonePe Protect framework enables users to provide real-time feedback, ensuring continuous improvement in fraud detection and prevention measures. Here’s an example of one such instance:

Block User

PhonePe empowers users to take control of their payment lists with the option to block other users from sending or receiving payments. This feature works much like blocking a phone number in your contact list to stop unwanted calls or messages.

Blocking is simple and can be done directly from the PhonePe app:

01. Users can block a contact during a chat by clicking on the three dots in the top-right corner and selecting “Block”.

02. To manage blocked contacts, users can navigate to their profile and check the list under User Profile > Blocked Contacts.

Insights from Alternative Data Sources

PhonePe leverages geographical data intelligence for user and merchant profiling, strengthening the platform's fraud detection and prevention capabilities. 

One of its innovative features is the ability to create “geographical fences”. These fences allow one to set transaction limits for payments originating from specific locations inside, adding an extra layer of protection for high-risk areas or situations.

Additionally, PhonePe uses AI-powered tools combined with “web-crawling” techniques to assess the trustworthiness of merchants. For example, before a merchant engages in any transactional activity on the platform, the systems analyze the merchant’s website, extracting and reviewing visual and contextual information. This enables PhonePe to evaluate risks and ensure a safer environment for users.

These advanced capabilities reflect PhonePe’s commitment to staying ahead of emerging risks and maintaining a secure platform for all transactions.

PhonePe strives to ensure that amid the advent of emerging technologies and growing complexities of the payments ecosystem, it is constantly investing in advanced technological capabilities and working towards being able to detect and prevent fraud.

In the next and final article, we will dive into the future of safety in fintech and PhonePe’s work in this direction.

This is the third article in a four-part series on PhonePe’s commitment to securing digital payments for crores of Indian citizens.