Of all the payment scams doing the rounds in India right now, the QR-code swap is the one I most want my daughter to be able to spot, because it’s so ordinary. There’s no dramatic phone call, no fake police officer, no urgent link. Just a sticker. And a teenager standing at a shop counter, phone in hand, about to pay, is exactly the situation it’s built for.

The good news is that the fix is almost insultingly simple — one habit, three seconds, and the whole scam falls apart. Let me explain how the trick works and then the one thing to teach.

How the swap works

The mechanics are low-tech, which is what makes it so common. Every UPI QR code is just an encoded destination — it points to whoever’s account should receive the money. A legitimate shop has its own QR on the counter. The scammer prints a sticker of their own QR code and, in an unwatched moment, pastes it neatly over the shop’s real one. Same-looking square, same spot on the counter. The shopkeeper often has no idea it’s happened.

Now a customer walks up, scans, enters the amount, pays. The money doesn’t go to the shop — it goes to the scammer. The shop says payment not received; the customer swears they paid. Both are telling the truth. The rupees quietly went to a third person nobody in the shop has ever met. By the time anyone works out what happened, the sticker may already be peeled off and gone.

Teenagers are a natural target for this, not because they’re careless, but because they pay fast. They scan, they tap, they’re already thinking about the next thing. The scam relies entirely on nobody looking at the screen for the two seconds it takes to notice something’s off.

The one habit: read the name before you pay

Here’s the whole defence, and it’s worth teaching until it’s automatic: before confirming any QR payment, look at the name the app shows you.

When you scan a QR code, your UPI app displays the name of the account you’re about to pay before you enter your PIN. That’s the tell. If your teen is buying a dosa at “Sharma Tiffin Centre” and the screen says the money’s going to some unrelated individual’s name, that mismatch is the scam, caught in the act. Real shop, wrong payee. Stop, don’t enter the PIN, and tell the shopkeeper their code’s been tampered with.

That’s it. Not “be vigilant,” not “be careful online” — one concrete, checkable thing: does the name on my screen match the shop I’m standing in? It works because the scammer can fake the sticker but can’t fake whose account it points to. The name always gives them away, if someone bothers to read it.

I’ve drilled exactly this with my daughter, framed as a tiny ritual: scan, read the name out loud, then pay. Saying it out loud is the trick — it forces the half-second of attention the scam depends on you skipping.

Get the Junio app. Your child spends from a card you load and control, and every payment shows up on your phone in real time — so a wrong one gets noticed fast. Set up Junio.

There’s a second layer of safety worth mentioning here. On a Junio card, your child spends from a balance you’ve loaded, and every transaction pings your phone as it happens. So even in the worst case — a payment that shouldn’t have gone through — the amount at risk is only what’s on the card, and you see it immediately rather than discovering it on a statement weeks later. Real-time visibility turns a nasty surprise into something you can act on the same minute.

Teach it as a two-way habit, not a fear

The way I’d introduce this to a teen isn’t “the world is out to cheat you.” It’s a small skill they can be good at: you’re teaching them to read one line on a screen, the same way you’d teach them to check their change. Framed as competence rather than fear, it sticks better and doesn’t leave them anxious about every ordinary purchase.

And make it reciprocal. Tell them you do it too — because you should. This isn’t a kids-are-gullible lesson; plenty of adults have paid the wrong QR because they were in a hurry. A family where everyone reads the name before paying is a family where the habit feels normal, not like a rule imposed on the youngest.

Skip the worry if…

If your child mostly pays by tapping their card at a machine rather than scanning QR codes, the swap scam doesn’t really touch them — a card terminal isn’t something a sticker can redirect. This is specifically a scan-and-pay risk, so weight the lesson to how your teen actually pays day to day.

The QR-swap scam survives on speed and inattention. The counter to it isn’t sophistication — it’s three seconds and one question: is this the right name? Teach that one habit well, and one of the most common scams in the country simply stops working on your child.

Have a scam pattern you’d like us to break down? Email [email protected].