Fraud Prevention, Risk Management and Anti-Fraud Policy
Last Updated: July 01, 2026
FRAUD PREVENTION, RISK MANAGEMENT AND ANTI-FRAUD POLICY
Issued By: PROSPER PROFESSIONAL DEVELOPMENT LIFE PRIVATE LIMITED
Registered Office: CC Road, Tamkuhi Road, Kushinagar, Uttar Pradesh, 274406
Version: 1.0
Effective Date: 01 July 2026
1. INTRODUCTION
This Fraud Prevention, Risk Management and Anti-Fraud Policy ("Policy") has been formulated and adopted by PROSPER PROFESSIONAL DEVELOPMENT LIFE PRIVATE LIMITED ("PROSPER", "Company", "We", "Us", or "Our"), a technology-enabled B2B financial services and fintech company incorporated under the Companies Act, 2013, engaged in providing digital financial services, payment solutions, business correspondent services, merchant acquiring services, and financial inclusion services through its authorized agents, distributors, retailers, merchants, and banking partners across India.
PROSPER recognizes that fraud prevention, risk management, and financial crime mitigation are critical to maintaining trust, protecting customers, ensuring regulatory compliance, and preserving the integrity of the financial ecosystem. This Policy establishes a comprehensive framework to prevent, detect, investigate, report, and mitigate fraud, cybercrime, money laundering, identity theft, account takeover, payment fraud, and other financial crimes.
This Policy shall apply to all employees, agents, distributors, merchants, customers, service providers, technology partners, and third-party entities associated with PROSPER.
2. PURPOSE OF THE POLICY
The objectives of this Policy are:
- To establish a robust fraud prevention framework;
- To identify and mitigate operational and financial risks;
- To protect customers and agents from fraudulent activities;
- To ensure compliance with RBI, NPCI, FIU-IND, and other regulatory requirements;
- To establish procedures for fraud detection and reporting;
- To prevent money laundering and terrorist financing;
- To protect customer funds and data;
- To maintain the integrity of PROSPER's services and operations;
- To facilitate cooperation with law enforcement agencies.
3. REGULATORY FRAMEWORK
This Policy has been developed in accordance with:
- Prevention of Money Laundering Act, 2002 (PMLA);
- Prevention of Money Laundering Rules, 2005;
- Information Technology Act, 2000;
- Digital Personal Data Protection Act, 2023;
- Reserve Bank of India Act, 1934;
- Payment and Settlement Systems Act, 2007;
- RBI Master Directions on KYC;
- RBI Payment Aggregator Guidelines;
- RBI Cyber Security Framework;
- NPCI Operational Guidelines;
- FIU-IND Guidelines;
- CERT-In Directions;
- Aadhaar Act, 2016;
- FATF Recommendations;
- Other applicable laws and regulations.
4. SCOPE OF THE POLICY
This Policy applies to all services facilitated through PROSPER, including but not limited to:
- Bharat Bill Payment System (BBPS);
- Aadhaar Enabled Payment System (AEPS);
- Micro ATM Services;
- Domestic Money Transfer (DMT);
- Merchant Payment Services;
- UPI Payment Services;
- Prepaid Card Services;
- Business Correspondent Services;
- Account Opening Services;
- Insurance Facilitation Services;
- Loan Facilitation Services;
- Financial Inclusion Services;
- Other digital financial services.
5. DEFINITIONS
5.1 Fraud
Fraud means any intentional act, omission, misrepresentation, deception, forgery, manipulation, unauthorized transaction, cyber attack, or unlawful conduct intended to obtain financial gain, avoid obligations, or cause loss.
5.2 Financial Fraud
Any activity resulting in unauthorized financial gain through deception or misuse of financial systems.
5.3 Cyber Fraud
Any fraud committed through electronic means, digital systems, internet services, or information technology infrastructure.
5.4 Suspicious Transaction
A transaction inconsistent with a customer's profile, business pattern, or legitimate purpose.
5.5 Identity Theft
Unauthorized acquisition or misuse of another person's identity information.
6. TYPES OF FRAUD COVERED
This Policy covers, but is not limited to:
Customer Frauds
- Identity theft;
- Fake KYC;
- Account takeover;
- Social engineering fraud;
- Impersonation fraud;
- Fake payment confirmation.
Agent Frauds
- Unauthorized transactions;
- Commission fraud;
- False customer onboarding;
- Fake account creation;
- Misappropriation of funds;
- Collusion fraud.
Merchant Frauds
- Merchant collusion;
- Fake transactions;
- Transaction laundering;
- Refund abuse;
- Chargeback fraud.
Payment Frauds
- UPI fraud;
- QR code fraud;
- Card fraud;
- Wallet fraud;
- BBPS fraud;
- AEPS fraud;
- Micro ATM fraud.
Cyber Frauds
- Phishing;
- Vishing;
- Smishing;
- Malware attacks;
- Ransomware attacks;
- Credential theft;
- SIM swap fraud;
- Device spoofing.
Internal Frauds
- Employee fraud;
- Insider abuse;
- Data theft;
- Unauthorized access;
- Manipulation of records.
7. FRAUD RISK MANAGEMENT FRAMEWORK
PROSPER adopts a three-layer fraud management framework:
First Line of Defense
Operational teams, agents, and customer-facing staff.
Second Line of Defense
Risk management, compliance, AML, and fraud monitoring teams.
Third Line of Defense
Internal audit, external audit, and regulatory review.
8. CUSTOMER VERIFICATION CONTROLS
PROSPER shall implement:
- KYC verification;
- PAN verification;
- Aadhaar verification;
- Mobile OTP verification;
- Device verification;
- Bank account validation;
- Video KYC where applicable;
- Beneficial ownership verification.
No customer shall be onboarded anonymously.
9. AGENT AND MERCHANT DUE DILIGENCE
Before onboarding agents or merchants, PROSPER shall conduct:
- KYC verification;
- Business verification;
- AML screening;
- PEP screening;
- Sanctions screening;
- Criminal background checks;
- Bank verification;
- Fraud history assessment.
10. TRANSACTION MONITORING
PROSPER shall continuously monitor:
- Transaction frequency;
- Transaction velocity;
- Geographic anomalies;
- Device changes;
- Behavioral changes;
- Duplicate transactions;
- Unusual payment patterns;
- High-risk transactions.
Transactions may be automatically flagged, restricted, or blocked.
11. FRAUD DETECTION SYSTEMS
PROSPER may utilize:
- Artificial Intelligence (AI);
- Machine Learning models;
- Rule-based monitoring engines;
- Device fingerprinting;
- Behavioral analytics;
- Geo-location analysis;
- Velocity monitoring;
- Risk scoring engines;
- Fraud analytics systems.
12. HIGH-RISK ACTIVITIES
The following activities shall be treated as high-risk:
- Multiple failed login attempts;
- Rapid fund movement;
- Suspicious IP addresses;
- Multiple accounts from same device;
- Fake documentation;
- Large-value transactions;
- Sudden changes in transaction behavior;
- Transactions from restricted jurisdictions;
- High-volume cash transactions.
13. SUSPICIOUS ACTIVITY REPORTING
Employees, agents, and partners shall immediately report:
- Suspected fraud;
- Unauthorized transactions;
- Identity theft;
- Cyber incidents;
- Money laundering concerns;
- Security breaches.
14. ACCOUNT FREEZING AND TRANSACTION HOLD
PROSPER reserves the right to:
- Freeze accounts;
- Hold transactions;
- Suspend services;
- Restrict withdrawals;
- Block customers;
- Disable agents.
Such actions may be taken without prior notice where fraud is suspected.
15. FRAUD INVESTIGATION PROCEDURE
Upon identification of suspicious activity:
Step 1: Detection and initial review.
Step 2: Risk assessment.
Step 3: Temporary suspension or hold.
Step 4: Collection of evidence.
Step 5: Internal investigation.
Step 6: Regulatory reporting.
Step 7: Resolution and corrective action.
16. REPORTING TO AUTHORITIES
PROSPER may report fraudulent activities to:
- FIU-IND;
- RBI;
- NPCI;
- CERT-In;
- Cyber Crime Cell;
- State Police;
- Enforcement agencies;
- Courts of competent jurisdiction.
17. LAW ENFORCEMENT COOPERATION
PROSPER shall cooperate with:
- Cyber Crime Police;
- Financial Investigation Agencies;
- RBI;
- NPCI;
- FIU-IND;
- CERT-In;
- Courts and Tribunals.
The Company may provide:
- Transaction details;
- IP addresses;
- Device identifiers;
- Account information;
- KYC documents;
- Audit trails;
- Server logs;
- Digital evidence.
18. CYBER SECURITY CONTROLS
PROSPER implements:
- AES-256 encryption;
- TLS 1.2+ encryption;
- Multi-factor authentication;
- Device binding;
- Role-based access control;
- Intrusion detection systems;
- Firewalls;
- Security monitoring;
- Endpoint protection;
- Vulnerability assessments;
- Penetration testing.
19. CUSTOMER RESPONSIBILITIES
Customers shall:
- Maintain confidentiality of credentials;
- Protect OTPs;
- Verify beneficiaries;
- Report fraud immediately;
- Avoid sharing sensitive information;
- Exercise due care.
PROSPER shall not be liable for losses caused by customer negligence.
20. EMPLOYEE TRAINING
PROSPER shall conduct regular training on:
- Fraud awareness;
- Cyber security;
- AML/CFT;
- Social engineering;
- Financial crime prevention;
- Incident response.
21. DATA RETENTION
Fraud-related records shall be retained for:
- Minimum five (5) years;
- Or longer if required by law or investigation.
Records include:
- Transaction logs;
- KYC records;
- Investigation reports;
- Audit logs;
- Communication records.
22. PENALTIES AND DISCIPLINARY ACTION
Violations may result in:
- Warning;
- Suspension;
- Termination;
- Commission forfeiture;
- Financial recovery;
- Civil proceedings;
- Criminal prosecution.
23. GRIEVANCE AND FRAUD REPORTING
Fraud Prevention Officer
Name: Mr. Divyanshu Kumar
Address: CC Road, Tamkuhi Road, Kushinagar, Uttar Pradesh, 274406
Email: fraud@prosper.in
Alternate Email: legal@prosper.in
Phone: +91 9918784000
Working Hours: Monday to Saturday, 10:00 AM – 6:00 PM
Emergency fraud complaints may be reported 24×7 through designated channels.
24. POLICY REVIEW
This Policy shall be reviewed:
- Annually;
- Upon regulatory changes;
- Following fraud incidents;
- Upon introduction of new products.
25. GOVERNING LAW AND JURISDICTION
This Policy shall be governed by the laws of India.
Any disputes arising under this Policy shall be subject to the exclusive jurisdiction of the competent courts at Lucknow, Uttar Pradesh.
26. EFFECTIVE DATE
This Policy shall become effective on 01 July 2026 and remain in force until modified or withdrawn.
27. DECLARATION
This Fraud Prevention, Risk Management and Anti-Fraud Policy has been approved by the management of PROSPER PROFESSIONAL DEVELOPMENT LIFE PRIVATE LIMITED and shall be binding upon all employees, agents, distributors, merchants, customers, service providers, and business partners.
FOR AND ON BEHALF OF
PROSPER PROFESSIONAL DEVELOPMENT LIFE PRIVATE LIMITED
Registered Office:
CC Road, Tamkuhi Road, Kushinagar, Uttar Pradesh, 274406
Email: legal@prosper.in
Phone: +91 9918784000
Website: www.prosper.in
"PROSPER – Secure Payments. Trusted Services. Protected Customers."
