New scam in the market - FASTag

Recently, a video of a FASTag scanner scam has gone viral on social media. In the video, two men are sitting inside a car, and a young boy is cleaning the car's windshield. It is observed in the video that the boy is wearing a smartwatch and he tries to scan the Paytm FASTag affixed to the car. One of the men inside the car tries to chase the boy but fails to do so. Following this, the other guy in the car goes on to explain the scam.

The man claims,” the smartwatch on the boy’s hand was capable of scanning the FASTag and was able to deduct the money from the linked Paytm account.” The video has caused a lot of panic amongst Paytm FASTag users. They worry if the FASTag could be scanned even while the car is parked on the road. There were some rumors that Paytm FASTag was not secure and was planning a redesign.

Later, both the National Payments Council of India and Paytm issued statements claiming that the video was fake and propagated misinformation regarding FAStag. FASTag payments, according to Paytm, will only be initiated by authorized merchants that have undergone thorough testing. The National Payments Council of India provided a clarification, stating that it is not feasible for an individual to scan the FASTag and withdraw money from the owner's account because the transaction is only debited at specific toll plazas using RFID technology.

The architecture of the NETC FASTag system in India

Park+, a FASTag service provider startup in India, goes on to explain why people need not be anxious after watching the video.

Park+ has been an integral part of the launch and scale of FASTag usage in India. The tech team at Park+ with strong knowledge of the architecture and design of FASTag technology claims the FASTag technology uses advanced state-of-art security layers to protect against any such scams.

Secure Method of FASTag Payments in India

First, Each toll plaza in the country is allocated with a unique code and is tied to a mapper acquirer Bank and both these combinations are mapped to the National Electronic Toll Collection system. Along with a linkage of Geo-collection codes for each of these toll plazas.

Now, for a payment to get through using a FASTag, the three entities, Unique Toll ID, the acquirer bank, and the NETC system need to signal each other for initiating the payment. To further add to it, the National Payments Corporation of India (NPCI) processes the payment via a secure closed-loop internet through the NETC system which is not open to the common public making it an extremely fool-proof system. These IP addresses are white-listed by the banks and NPCI. The team of engineers at FASTag has carried out elaborate security checks and maintained stringent testing standards before the nationwide deployment of the technology. There is consistent monitoring and reporting that is carried out to prevent any scams.

Hence the issue shown with respect to the video is impossible to occur at any random location in the middle of the road using a smartwatch scanner or any similar means. The video is a fraud, as stated by Paytm and the National Payments Council of India, clarifying that the FASTag is safe in order to prevent panic among any FASTag users. Individuals are not allowed to receive money in the system, and only authorized system integrators are allowed to engage in particular plazas and initiate payment transactions.