Viral Videos Claiming That Anyone Can Steal Money From FASTags Is Fake: Why It Isn't Possible

A video claiming that FASTag can be used to steal money has gone massively viral on social media. The clip in question showed a child scanning the FASTag with his smartwatch after he was done wiping the windshield of a car. When quizzed by the driver about the watch, the kid runs away quickly.

What does the video show?

The video then showed the driver alleging that the kid is part of a larger scam in which fraudsters have given smartwatches with scanners to children who beg at traffic signals. As per his claim, money is debited from the driver's account when the children hold their watches near the FASTag.

Representational Image/BBCL

Allegedly, these children then illegally siphon off money from the vehicle's FASTag under the excuse of cleaning vehicles. The driver's money is stolen from their account in this case. In the video, the child is shown to have escaped with the stolen funds.

The video has allegedly put the FASTag ecosystem in question. For the uninitiated, FASTag is a device that employs Radio Frequency Identification (RFID) technology for making toll payments directly while the vehicle is in motion.

Watch the video below:

#fastag scam @MoRD_GoI @MORTHIndia @MORTHRoadSafety @NPCI_NPCI pic.twitter.com/omR6cVydAR

¡ª cryptolucky ??(????????????) (@rrpipada) June 24, 2022

Soon after, another video also went viral with a similar claim. In this video, two men can be seen discussing the alleged 'FASTag Scam'. In the video, one person seemingly refers to the viral video and claims that a child cleaning the windshield of a car stole a driver's FASTag funds through a smartwatch.

?@FASTag_NETC? there is a video currently in circulation on scams involving scanning of fast tag and siphoning payments, is this true can you confirm? #cybersecurityawareness #cybersecurity pic.twitter.com/1L1uEDasT3

¡ª Venkat Madala (@venky4a) June 18, 2022

Several agencies step in to debunk "stealing" claims

After the videos went massively viral on social media, several agencies stepped in to clarify that such a scam is impossible and dismissed the claims made in the videos. The government agency behind the FASTag toll collection programme has also rejected the claims.

Digital payments company Paytm also busted the claim made in the video, saying, "A video is spreading misinformation about Paytm FASTag that incorrectly shows a smartwatch scanning FASTag. As per NETC guidelines, FASTag payments can be initiated only by authorised merchants, onboarded after multiple rounds of testing. Paytm FASTag is completely safe & secure."

A vehicle owner affixing the FASTag sticker. (Image: BCCL)

In a public service announcement, the National Payments Corporation of India (NPCI) has too debunked "baseless and false videos." According to NPCI, no transactions can be executed through open internet connectivity. It said several layers of security protocols are placed to ensure the end-to-end safe processing of transactions.

Why no one can steal from your FASTags

Here we explain why no one can steal money from your FASTags.

FASTag can only be used for person-to-merchant (P2M) transactions, which means that no person-to-person (P2P) transactions are allowed. "An individual cannot receive the money in the NETC FASTag ecosystem from fraudulent transactions," NCPI said in a statement.

NPCI clarified that only authorised System Integrators (SI), which are authorised on behalf of concessionaires are allowed to make and initiate payment transactions at toll plazas. The infrastructure deployed between the SI system, concessionaire and banks is secured by whitelisting only permitted IP addresses and URLs.

BCCL

The hardware installed at the Toll Plaza server room is cryptographically secured through Hardware Security Module (HSM). This ensures that no third person can interact with the system, and the transaction is carried out between the two parties.

Every API call needs to pass through a secure Firewall. Every time the Bank connects with NPCI through API connectivity, the data is encrypted with a secure 256 SHA ECC algorithm and locked with a Hexadecimal Private Key. Only NPCI possessing the corresponding Public key will be able to access the information by decryption.

For more on news and current affairs from around the world please visit Indiatimes News.