FASTag smartwatch scam viral video is fake, confirms NPCI and Paytm

NPCI and Paytm has clarified that, contrary to what a viral video claims, the FASTag infrastructure is not vulnerable and can't be easily tampered

The National Payments Corporation of India has clarified that, contrary to what a recent viral video claims, the NETC FASTag infrastructure is not vulnerable and cannot be easily tampered with. It warned people of a major scam via FASTag, the electronic toll collection network used on highways. Paytm and NPCI have now clarified that the video is fake and that only authorized merchants can accept the toll fee.

FASTag is an electronic toll collection system in India, operated by NHAI
Image Source: Getty Images

A viral video that shows a boy allegedly accepting money by scanning the FASTag sticker on a private's windshield while pretending to clean has caused quite a stir. Several car owners on social media who use these stickers to speed up the Person to Merchant transaction procedure at toll booth plazas described this as a revelation.

The video was shot from inside a car and illustrates a teenage child wiping the windshield. After cleaning, the lad begins to go, and the person shooting the video calls him and inquires as to why he is not charging for the cleaning service. He then questions the child about the watch he is wearing, and the boy flees. While the individual behind the camera describes the suspected FASTag scam, another person in the car runs after him. He draws attention to the fact that scammers offer kids smartwatches so they can scam the FASTag RFID into believing the vehicles are being cleaned. Money will be taken from the account linked to the car after the watch scans the FASTag.

It is important that FASTag, the pre-paid rechargeable tag, is installed on cars for electronic toll collection, effectively eliminating the need for human interaction. It was introduced in 2017 and is now being used throughout India. It is managed by 23 banks under the control of the NPCI and NHAI (National Highway Authority of India).

According to the NPCI, “Every merchant on-boarded by NPCI is allotted a unique Plaza code. Which is Onboarded only by authorized acquirer Banks active on the NETC FASTag ecosystem. Every acquirer Bank is provided with a unique Acquire ID (AID). Only authorized System Integrators (SI) on behalf of concessionaires are allowed to participate in specific plazas and initiate Payment transactions.” Whitelisting only approved IP addresses and URLs safeguards the infrastructure employed between the SI system/Concessionaire and the banks.

For interoperability NETC FASTag-linked payments, all acquiring banks connected to NPCI mandate an NPCI switch that connects the Acquirer and Issuer Banks via secure NPCI-NET communication. Bank IPs are whitelisted at the NPCI end, while NPCI IPs are whitelisted at the Banks end to ensure API connectivity between NPCI and Banks.

Paytm has now responded on Twitter to clarify that the video is fake. It has also been confirmed that only registered merchants can initiate FASTag payments. Notably, it authorizes merchants only after multiple rounds of testing to ensure their dependability.