India Receives ₹11.2 Lakh Crore in Remittances Every Year. It's Also Quietly Exporting Its Fraud Playbook.

In June 2025, the Reserve Bank of India quietly published a number that should have made every fraud-operations executive in the country sit up straight. Indian workers abroad sent home $135.46 billion in FY24–25. That is roughly ₹11.2 lakh crore, give or take a few thousand depending on the exchange rate that morning. India remains, by a margin that is not close, the world's largest recipient of remittances. Mexico is second at $68 billion. China is third at $48 billion.

It is a number that makes economists smile. Foreign exchange reserves. Trade balance. GDP contribution. Diaspora bonds. The usual story.

It is also a number that, if you happen to work in financial-crime detection, should give you pause. Because ₹11.2 lakh crore moving across borders every year, from approximately 18.5 million Indians scattered across the globe to family members in towns and villages that span Kerala to Punjab to West Bengal, is also the largest sustained inbound flow of money into India that nobody seems to formally audit for fraud at the point of arrival.

This is one half of an India-specific cross-border story that hasn't been told properly.

The other half is happening simultaneously, in the opposite direction. UPI is now live in eight countries — UAE, Singapore, Bhutan, Nepal, Sri Lanka, France, Mauritius, Qatar — with NPCI International Payments Ltd (NIPL) negotiating implementations in another four to six markets. India's instant-payments infrastructure has become, in policy circles, a form of soft power. Prime Minister Modi opens UPI-enabled corridors at bilateral summits. NIPL signs MoUs at G20 sidelines. The whitepaper from FXC Intelligence and Money20/20 calls UPI a "global soft power" with a straight face.

What gets less attention is that when India exports the infrastructure, the people who learned how to attack that infrastructure inside India travel along with it. Not literally. But operationally. The Jamtara playbook, the customer-care impersonation script, the KYC-update phishing template, the mule-account architecture, these are now showing up in fraud reports from UPI-enabled merchants in Dubai, Singapore retailers near Little India, Sri Lankan vendors in Colombo's tourist quarters. Indian payment infrastructure travels. Indian fraud typologies travel alongside it. The whitepaper does not name this. But the data hints at it.

Two cross-border stories. One country. Almost no shared visibility between them. That is the subject of this article.

The Geography of Money Coming Home

Start with the inbound side, because the numbers anchor everything else.

Of the ₹11.2 lakh crore in FY24–25 remittances, the United States contributes roughly 23%. The UAE contributes around 18%, helped along by the February 2023 India-UAE Free Trade Agreement that established a framework for using dirhams and rupees directly in cross-border transactions. Saudi Arabia, Kuwait, Oman, and Qatar together add another 11%. The United Kingdom, Canada, Australia, and Singapore each take meaningful slices of the rest. There are roughly 3 million Indians working in the UAE alone, making the India-UAE corridor the world's fifth-largest migration route by population.

Within India, the receive-side geography is concentrated. Kerala has long led historically pulling in 19% of all inbound remittances, though that share has dipped slightly as Gulf labour markets have softened. Tamil Nadu, Andhra Pradesh, and Karnataka together absorb roughly another quarter. Punjab pulls disproportionately from the UK, Canada, and the US. Uttar Pradesh and Bihar have grown sharply as Gulf-origin destinations. Maharashtra and Gujarat are heavy on US-origin diaspora flows.

The mechanics of how this money lands matter more than the geography. Most inbound remittances arrive through one of three banking instruments: NRE accounts, NRO accounts, or FCNR(B) deposits. The largest share moves through NRE accounts, which are fully repatriable and which most NRIs maintain for sending money to family. The funds arrive in rupees, hit the family member's linked Indian account, and within hours, sometimes minutes, get distributed onward through UPI, IMPS, or NEFT to vendors, schools, hospitals, and other family members across the country.

Here is the part that should bother anyone watching for fraud.

The Indian banking system applies considerable rigour to outbound flows. Liberalised Remittance Scheme limits. Form A2 documentation. PAN matching. Source-of-funds questions. The defence layer is thick on the way out. The defence layer on the way in is, by deliberate policy choice, light. Inbound remittances are net positive for the current account. They are pro-cyclical. They are politically valued. The state has no interest in adding friction. So the banking system processes inbound rupee transfers from foreign correspondents with rapid clearing, minimal challenge, and a working assumption that the sending bank has already done its job.

That assumption is increasingly untrue.

The Hijack Happens Inside India

The conventional narrative around remittance fraud focuses almost entirely on the sending side. NRI gets a fake job offer. NRI gets phished by someone claiming to be HMRC. NRI sends money to a fraudulent investment scheme. Reuters writes about it. The Indian English-language press picks it up. The reader nods and moves on.

What the conventional narrative misses is the structurally invisible flow on the receive side.

Picture a real, working scenario. Mr Kurian, who has been driving a taxi in Sharjah for sixteen years, sends ₹85,000 home through his usual remittance corridor on the first Monday of every month. The funds arrive in his wife Annamma's NRO account at a bank branch in Pala, Kottayam district. They have been doing this since 2009. Annamma uses the money for household expenses, the mortgage on the family home, her elderly mother's medical bills, and savings.

On a Monday in October, the ₹85,000 arrives as usual. Within four hours, ₹78,000 of it has moved out of Annamma's account through a series of UPI transfers, ostensibly to her own SBI savings account at the same branch. Except the SBI account isn't hers. The UPI ID that received the funds, registered under a Malayalam name that matches Annamma's daughter's, is a mule wallet operated by a ring based in northern Kerala that specialises in intercepting remittance-funded UPI flows.

The hijack mechanism: Annamma received a phone call three days earlier from someone identifying himself as a bank officer, claiming there was a problem with her NRO account that needed verifying before her husband's next remittance would clear. He walked her through a "verification" process on her phone. He was patient. He spoke in Malayalam. He addressed her by her husband's name and confirmed the previous month's transaction amounts, which had been scraped from a leaked SMS dataset. By the end of the call, he had her UPI PIN, her SMS OTP routing, and enough of her trust to remain "on the line in case verification fails."

When the remittance arrived three days later, the mule network executed.

Mr Kurian, in Sharjah, sees only that the transfer completed successfully on the sending side. His remittance bank in the UAE has done its job. Annamma's bank in Kerala has done its job, the funds were received, credited, and the subsequent UPI debits were initiated from a registered device that had been operating on her account for years. NPCI sees a domestic UPI flow that matches a normal household pattern. The fraud sits inside the four-hour gap between the international wire landing and the family realising what has happened.

This is what receive-side remittance fraud looks like. It is structurally invisible because every single party in the chain has, technically, done its job. The sending bank in the UAE is not at fault. The receiving bank in Kerala is not at fault. NPCI is not at fault. The fraud lives in a zone where every formal defence layer has already cleared the transaction as legitimate.

Multiply Annamma's case by the volume of the corridor. ₹11.2 lakh crore in annual inbound remittances. If even 0.3% of that volume is intercepted at the receive side, which is the rough order of magnitude that emerging Kerala Police data suggests for ring-driven remittance interception, the annual loss enters ₹3,000 crore territory. Nobody publishes this number, because nobody is structurally responsible for catching it.

This is the part of India's cross-border money story that doesn't have an auditor.

What a Graph Catches That a National Database Cannot

The reason Annamma's case is solvable, despite being invisible to every formal defence layer, is that the fraud ring's operational signature is not invisible at all. It just isn't visible at the level the current defences operate. The bank in Kerala sees Annamma's account and Annamma's authorised transactions. It does not see that the device on which Annamma authorised the UPI debit, while registered to her, was being remotely guided by a screen-sharing session originating from a handset in Kannur that has, in the past sixty days, also remotely guided eleven other NRE-account UPI authorisations from elderly women in Kottayam, Ernakulam, and Pathanamthitta. It does not see that the mule wallet receiving Annamma's funds shares a recovery-email pattern with four other wallets that have received remittance-day UPI debits in the past quarter. It does not see that the call she received three days earlier originated from a VoIP block previously associated with eighteen reported phishing cases across Kerala.

The bank sees a node. The fraud lives in the edges between nodes.

This is the part of the problem that Sign3's Network & Graph Intelligence is specifically designed to address. The graph holds the relationships between phones, devices, emails, IP blocks, locations, wallet IDs, and behavioural signatures, updated continuously, queried in real time. It does not care whether Annamma's account is at SBI or HDFC or Federal Bank. It cares whether her authorised UPI debit is being executed from a device whose behavioural fingerprint, in the last 90 seconds, matches the fingerprint of a known mule operator's handset. Around that graph, the other intelligence modalities feed signals.

Behavioural biometrics would notice that Annamma's typing cadence on her authorisation, the way she navigates her UPI app, the micro-tilt of how she holds her phone, has been transiently overridden, that what looks like Annamma's authorisation is being executed by patterns that do not match her three-year baseline. Device intelligence would identify that the screen-sharing session active during the authorisation is one that has been flagged from previous reports. Location intelligence would flag that the IP block routing the screen-share originates from a Kannur tower cluster that has appeared in eleven prior cases. Digital footprint signals would establish that the mule wallet receiving her funds has a phone number that is fourteen days old and exists on no social platform. Image intelligence would catch that the KYC documents used to onboard the mule wallet were composite Aadhaar files, generated by lightly modifying a base template that the ring has been reusing.

None of these signals, taken individually, would stop Annamma's fraud. All of them, fused into a single graph that produces a real-time risk score the moment the UPI debit is initiated, would.

This is the case that India's banks need to understand. The defence layer for receive-side remittance fraud cannot be built inside any single bank's compliance stack. It has to be built at the signal layer that operates above and across the entire ecosystem, and it has to operate in milliseconds, not in the next day's reconciliation report.

The Outbound Story: How a Rail Becomes a Vector

Now turn the camera around.

In April 2026, an Indian-origin restaurant owner in Singapore's Little India reported to the Singapore Police Force that he had lost just over S$11,000 in a coordinated UPI–PayNow scam. The mechanics, when investigators reconstructed them, were almost identical to a Jamtara-pattern Indian fraud a phone call from someone claiming to be from the Singapore tax authority, urgency, a "verification" UPI payment to demonstrate the legitimacy of his Aadhaar-linked NIPL account, a cascading sequence of small transfers that totalled four-fifths of his weekly takings before he realised what had happened.

The Singapore Police investigation traced the receiving UPI handles to wallets onboarded in India. The phone numbers used to operate them were Indian SIMs. The IP blocks were consistent with operations out of a Tier-3 town in eastern India.

This was not, technically, a Singapore fraud. It was an Indian fraud running on a Singapore rail. The same pattern is now appearing, with regional variations, across most of the UPI-export markets. Sri Lanka has seen UPI-linked phishing attempts targeting Tamil-speaking diaspora visitors. Mauritius has reported NIPL-routed transactions whose origin points map to known Indian fraud-ring infrastructure. The UAE's NEOPAY corridor has logged cases of customer-care-impersonation scams that follow scripts indistinguishable from those documented inside India.

This is the part of the UPI-export story that nobody is writing in the policy press.

The export of UPI is a national-prestige project. NIPL CEO Ritesh Shukla has publicly committed to adding four to six more countries this year. The Reserve Bank's Payments Vision 2028 explicitly names "globalisation of UPI" as a priority. Bilateral linkages with PayNow, NEOPAY, LankaPay, Fonepay, and Lyra Network are now operational. UPI is on track to be accepted at over 1.5 million international merchants by the end of 2026, and the proposed Alipay+ integration would dwarf every existing corridor.

What nobody is acknowledging in the official communications is that the operational know-how to attack instant-payment rails is an Indian export too. Jamtara is, conservatively, the world's largest concentration of UPI-attack expertise. The mule-account industry that supports it is sophisticated, well-funded, and increasingly geographically distributed. As UPI-style rails come online in new markets, the time it takes for Indian fraud rings to identify and exploit them is measured in weeks, not years.

The whitepaper from Money20/20 and FXC Intelligence captured an interesting linguistic asymmetry: Singapore and Malaysia's media coverage mentions India more frequently than India's coverage mentions them. The framing is benign in the report; it suggests an "outward-facing" Indian payments narrative versus an "inward-facing" Southeast Asian one. What the framing does not name, but the data hints at, is something less neutral. Markets receiving UPI infrastructure are paying closer attention to India than India is paying to them. From a fraud-operations standpoint, that attention is also a vulnerability. The receiving markets are watching for what India is doing. India is watching less carefully for what its fraud rings are doing inside the receiving markets. This is the shadow of soft power.

The Kerala–Gulf–Mumbai Axis

To understand why both ends of this two-way problem matter for the same defence layer, look at one specific corridor in detail.

The Kerala–Gulf–Mumbai axis is, in commercial terms, one of the most concentrated remittance corridors in the world. Roughly ₹85,000 crore flows annually from the UAE alone into Kerala, with additional flows from Saudi Arabia, Qatar, Oman, and Kuwait. A significant portion of this flow now passes, in part or in full, through UPI-enabled corridors, either at the sender end through NEOPAY-NIPL linkage in the UAE, or at the receiver end through Indian UPI distribution after a traditional remittance lands.

Mumbai functions as a secondary node in this corridor for several reasons. Many of the Gulf-based remittance houses have their Indian banking relationships in Mumbai. Many of the UAE-Kerala mule networks have second-tier laundering nodes in Mumbai's Malad and Bhayandar belts, where shell-merchant accounts are easier to operate quietly. And several of the larger ring operations route a portion of their intercepted funds through Mumbai-based forex bureaux before exfiltrating them outward sometimes back into the same UAE that the original remittance came from, completing a loop that no single national fraud framework is currently mapping.

What makes this corridor especially exposed is the cultural-linguistic overlay. The fraud-ring operator calling Annamma in Pala speaks Malayalam. The "bank officer" claiming to verify a UPI transaction with a Sharjah taxi driver speaks Malayalam. The mule operator running shell accounts in Mumbai recruits Malayali immigrants who are themselves vulnerable to coercion. The receiving merchant in Dubai accepting a fraudulent UPI payment is, often, also Malayali. The language and trust networks that make the corridor economically efficient also make it operationally permeable to attackers who understand both ends.

This is the kind of intelligence layer no national framework captures. The graph that links a Sharjah-based remittance sender, a Pala-based account holder, a Kannur-based mule operator, and a Mumbai-based shell-merchant account is one graph. It exists in the signal space. Sign3's identity graphing is built for exactly this — to make visible the connections that span jurisdictions, languages, and rails.

You cannot defend a corridor like Kerala–Gulf–Mumbai with five separate national fraud teams operating five separate blacklists. You can defend it with one continuous intelligence layer that recognises that the corridor is one operation, with one set of operators, one set of techniques, and one set of structural vulnerabilities that are visible at the signal level even when they are invisible at the regulatory level.

What This Means for Indian Banks, NIPL, and PSPs

Several specific changes need to happen, urgently, before NIPL adds its next tranche of UPI-export markets and before the inbound remittance fraud pattern matures further.

Indian banks operating NRE and NRO accounts should be running real-time intelligence-layer queries on every domestic UPI debit initiated within twenty-four hours of an inbound remittance credit. Not as a flag for compliance review the next morning, but as a step-up authentication trigger in the moment. The current architecture treats inbound remittance and subsequent domestic distribution as two unrelated events. The fraud connects them. The defence must too.

NIPL, in its negotiations with new UPI-export markets, should be building intelligence-layer integration into the technical onboarding from day one. The current focus is settlement, dispute resolution, and KYC equivalence. None of these address the fact that an Indian fraud ring will be on the new market's rail within thirty days of launch. The defence has to be operational at launch, not bolted on after the first quarter of reported incidents.

PSPs operating in the diaspora-heavy receive states — Kerala, Punjab, Tamil Nadu, Andhra Pradesh, Maharashtra, should be running pre-emptive intelligence enrichment on every account that receives recurring inbound remittance flow, with particular attention to behavioural-biometric baselines that establish what "normal" looks like for the account holder. Annamma had a sixteen-year operational signature on her account. The override of that signature on a single Monday morning was the catchable event.

Banks operating in the UPI-export markets, Mashreq in the UAE, the PayNow-linked banks in Singapore, LankaPay's institutional partners in Sri Lanka — should be treating UPI-routed transactions originating from Indian wallets as a higher-baseline-risk category until a longitudinal behavioural baseline has been established. This is not xenophobia; it is risk-tiered authentication, applied to the demonstrably higher-risk subset of the rail.

And the central regulators — RBI, NIPL, the relevant overseas counterparts, should be acknowledging publicly that receive-side remittance fraud and outbound UPI-attack fraud are two faces of the same underlying problem. The current siloing of these two issues into separate policy buckets is the reason neither is being properly defended.

The Quiet Cost of Being the World's Biggest Receiver

Here is the part that gets uncomfortable.

India's reception of ₹11.2 lakh crore in annual remittances is, on every dimension that policymakers care about, a triumph. It strengthens the rupee. It supports the current account. It funds household consumption and asset formation across rural and semi-urban India. It is one of the most under-celebrated stabilising forces in the Indian macroeconomy.

It is also, structurally, one of the largest concentrated targets in the global financial system. The same scale that makes it economically important makes it fraud-attractive. The same cultural-linguistic networks that make it operationally efficient make it operationally vulnerable. The same regulatory light-touch that makes it macroeconomically valuable makes it microeconomically exposed.

The export of UPI compounds the problem in the opposite direction. India has built, deliberately and successfully, the world's most widely exported instant-payment infrastructure. That infrastructure carries Indian software, Indian standards, Indian banking integration, and Indian fraud-attack patterns, in that approximate order of velocity. The receiving countries get the rail before they get the defence layer that should accompany it. NIPL is not, currently, exporting Sign3-grade intelligence stacks alongside the technical integration. Perhaps it should be.

There is a version of the next decade in which India's payments ecosystem leads the world not just in transaction volume and infrastructure export, but in the intelligence-layer stack that makes those rails defensible. That version requires Indian banks, Indian PSPs, NIPL, and the regulators to accept that the defence layer is a strategic export equal in importance to the rail itself. Build the graph, fuse the modalities, embed the intelligence at the rail layer, and ship it alongside the integration. Sign3, with its multi-modal intelligence platform — device, behavioural, network & graph, image, location, digital footprint, is the kind of infrastructure layer the country needs to back the rails it has already built.

The alternative version is the one in which the inbound remittance corridor continues to leak quietly into the hands of receive-side ring operators, the outbound UPI rail continues to be attacked from inside India by operators who know the system better than its defenders, and both losses keep happening underneath the bilateral celebration speeches at every G20 sideline meeting.

The choice between those two versions is not, technically, a choice the central banks make. It is a choice the platforms make. The banks. The PSPs. The fraud-intelligence layers that operate beneath the regulatory layer and decide, every quarter, how much they are going to invest in being able to see what the regulators structurally cannot.

₹11.2 lakh crore comes home every year. UPI goes abroad. The defence has to travel with both flows or neither. It is, in the end, the same problem.

Sources: Reserve Bank of India remittance data, FY2024–25 (released June 2025); World Bank Migration and Development Brief, January 2025; Ministry of External Affairs Indian diaspora estimates 2024; International Organization for Migration World Migration Report 2024; NPCI International Payments Ltd. (NIPL) press communications 2025–2026; February 2023 India–UAE Comprehensive Economic Partnership Agreement on local-currency cross-border transactions; Singapore Police Force scam advisory communications, 2026; Kerala Police Cyber Crime division case patterns, 2024–2025; FXC Intelligence and Money20/20 — The New Era of Asia's Cross-Border Payments, 2026.

[https://asia.money2020.com/resources/crossborder-payments-2026-whitepaper]