What if …Paytm mock app is used to make payments ?

Few days back I made payment at a store using Paytm app. I showed the Payment successful screen with a beautiful green tick to the vendor. No verification, no questions asked, my payment is considered valid and I am good to go.

Paytm Payment is accepted at large number of outlets now.

What if I had just shown him a screenshot of my previous payment ? What if I had a screenshot generator which mocks the payment screen of paytm and displays to the vendor ?

The concern is that vendors don’t verify payments. Verification involves just seeing the Payment successful screen. Now let us fool the system here and see if we can.

Following things are basic requirement on the Payment screen.

Paytm Payment success screen

What if I just take a screen shot of this app and then slice it up in Photoshop or any other photo editing software to collect resources. Then I just create a mock app.

• The app is able to read the QR code and display the phone number.
• We will need the name, that we retrieve using the original app. Now you can see the name before Paying. Then Just write the same name into our Paytm Payment screen generator app.
• Enter the Amount. Press Pay. Done!!
• The Txn ID is randomly generated and you have the screen
• The whole UI looks exactly same, show it to vendor and walk away.

This is definitely way simpler than printing fake currency .This raises my concern towards the Payment service.

Why is it not always possible to verify ?

I can not think of all the scenarios but some of them that comes to my mind could be.

• No internet connectivity with the vendor at that point.
• The app is actually registered with merchant account under the name of owner of the business and only workers are present who don’t have access to the payment notifications or are uneducated.
• Lack of interest and Laziness.

If the user does not have internet connectivity or is unwilling to verify then the use itself should be stopped. The second problem can be solved though.

Solution ?

one solution can be to have feature to link any mobile (after verification) to receive payment notification. This will have problem that it will end up showing notification for any payment to that account. This needs to be abstracted based on QR code.

Next time you make a payment please ask the vendor to verify, this might change the mentality and save them from loss.