What is the fake screenshot scam on Fonepay in Nepal?

The customer at the till opens a doctored screenshot mocked up to look like a Fonepay or eSewa payment-successful screen, complete with a fake transaction ID and timestamp, and shows it to the shopkeeper. The shopkeeper, busy at the counter, hands over the goods without checking their own SMS, voice-notification, or Fonepay Business app. Hours or days later, the shop runs the day's reconciliation and the entry is missing. The transaction never happened. The pattern shows up regularly in merchant reporting at Kathmandu small shops and mirrors the UPI fake-screenshot scam well documented across India.

Can a Fonepay or eSewa transaction be reversed if I get scammed?

A genuine completed Fonepay or wallet transaction cannot be reversed by the customer or shop. Once the payer's bank or wallet has authorised the debit, the credit lands in the merchant's account through NCHL clearing and is settled. Fonepay's recourse paths are for transactions that errored out mid-flow or settled to the wrong account, not for transactions you wish had not happened. For scams, the only routes are filing a Nepal Police Cyber Bureau complaint (cyberbureau@nepalpolice.gov.np, 01-5319044), reporting the fraudulent number to your wallet operator for KYC review, and pursuing the criminal angle under the Electronic Transactions Act 2063.

How does the QR sticker overlay scam work in Nepal?

A scammer prints a Fonepay-style QR sticker pointing to their own merchant account, walks into a busy shop, and pastes it over the genuine sticker at the counter or on the menu. For hours or days, customer payments scan the fake sticker and credit the scammer, not the shop. Cyber Alert Nepal documented a multi-outlet Kathmandu restaurant chain where this happened across several locations before anyone noticed. The fix is static-QR shops switching to dynamic QR (a fresh code per bill from the Fonepay Business app), tamper-evident stickers, or counter staff who verify their notification on every transaction before releasing the bill.

What is the OTP refund call scam on eSewa and Khalti?

A caller spoofs the customer-care line of eSewa, Khalti, or IME Pay, claims there is an issue with a recent transaction, and asks the victim to share an OTP sent to their phone to 'reverse' the charge. The OTP is in fact for a withdrawal from the victim's wallet to the scammer's account. The Nepal Police Cyber Bureau and every wallet operator publish the same warning: no legitimate wallet or bank in Nepal will ever ask you to read out an OTP. According to the Cyber Bureau, 217 cases of eSewa, Khalti, and bank-account scams were registered in the current fiscal year alone.

How do I report a Fonepay or wallet scam in Nepal?

Email cyberbureau@nepalpolice.gov.np with a written complaint attaching your citizenship copy, the scammer's phone number or wallet ID, screenshots, and the transaction reference. The Cyber Bureau is at Bhoteahiti, Kathmandu, with phone 01-5319044. Also report the fraudulent number directly to your wallet's customer care (eSewa, Khalti, IME Pay all have in-app reporting) so the KYC team can freeze the receiving account. Outside Kathmandu Valley, file at the nearest district police office; they forward to the Cyber Bureau.

Is the QR scam different from the bank phishing SMS scam in Nepal?

They are different attack surfaces with the same payoff. QR scams sit at the merchant point of sale (fake screenshot, sticker overlay). Bank phishing SMS targets the customer at rest with messages from shortcodes like 'AT Alert' or 'The Alert' claiming suspicious activity and asking you to click a link or share an OTP. The Kathmandu Post quoted Superintendent of Police Deepak Raj Awasthi on the surge: 'Original Windows or software companies do not send such messages. Banking wallets never ask for OTPs this way.' Cyber Bureau complaints jumped from 2,301 in FY 2076/77 to over 14,000 in FY 2081/82 — roughly six-fold in five years.

Fonepay QR Fraud in Nepal: 3 Scams Shopkeepers See Daily

A friend who runs a small kirana shop in Patan asked me last Asoj if he was the only one losing money to "Fonepay scams." On three separate occasions that month, customers had shown him a "payment successful" screen on their phone, walked out with cigarettes or biscuits, and his SMS notification had never arrived. Each one was Rs 300 to Rs 1,200. Annoying individually. Concerning when it keeps happening.

He is not the only one. Across Kathmandu Valley and Pokhara, the same three patterns are running daily. The Cyber Bureau registered 217 wallet-fraud cases out of 13,426 cybercrime complaints in the current fiscal year and the underreporting is large because most shop-floor losses never reach a formal complaint. This post documents the three Fonepay-era QR scams that are live in Kathmandu in 2025 and 2026, why Fonepay's design lets each one work, and what shopkeepers and customers should do about them.

Why Fonepay's design lets these scams work

Fonepay is the rail behind almost every QR sticker on a Nepali counter. The network connects 64 banks and digital wallets and over 1.7 million merchants accept it. The architecture is solid; the human seam is not. Three properties of the typical small-merchant setup make all three scams possible:

Property	What it enables
Static QR by default. Most shops use the same printed QR sticker for every bill. The customer types the amount on their phone, the shop checks "Rs 250 received," and moves on.	Customers can type any amount, including pretend amounts. The sticker can also be replaced.
Shop-side notification asymmetry. The shopkeeper relies on SMS, the Fonepay Business app, or the new voice notification. The customer relies on their own app screen.	A doctored customer-side screen looks identical to a real one. The shop has to actively check its own side.
No transaction-level merchant verification per bill. Unless the shop runs dynamic QR, there is no per-bill audit trail tying a specific sale to a specific receipt.	Reconciliation only happens at end-of-day, when remedies are hardest to pursue.

Dynamic QR (a per-bill code generated from the Fonepay Business app with the amount baked in) closes the first two gaps. Voice notification (launched by Fonepay in June 2024 and now standard at modern restaurants and pharmacies) closes the third. Most small shops in Patan, Bouddha, Lagankhel, and similar busy lanes still run a static sticker without voice, which is where the scammers find their margin.

Scam 1: the fake-screenshot scam

The pattern that comes up most often in merchant reporting at small shops. Mechanically simple:

Customer pretends to scan the shop's QR, opens a doctored Fonepay or eSewa "payment successful" screen on their phone instead.
Shows the screen to the shopkeeper from a polite distance.
Walks out with the goods before the shopkeeper checks their own SMS or app.
The transaction never existed. The "screenshot" was generated by a fake-payment-app generator widely available in app stores.

The fake screens are convincing. Fake transaction ID, fake timestamp, the right colours, the right merchant name. The same template runs against UPI in India and against PIX in Brazil; a practical breakdown of the Indian variant from Razorpay walks through the typical victim profile: small shopkeepers, street vendors, OLX and Facebook Marketplace sellers, freelancers, restaurant owners, petrol pumps.

What stops it, for shops:

Voice notification on the Fonepay Business app. Every Rs 100, Rs 250, Rs 500 transaction announces itself out loud. The shopkeeper does not have to check anything. If a customer claims to have paid and the speaker did not call out the amount, the payment did not land.
Reading the SMS or Business app entry before releasing goods. The 5-second discipline. A handful of cases will be late-arriving network blips; the rest are scams.
Dynamic QR per bill. The amount is baked in; the customer cannot type a different number on their side, and the receipt at the shop end matches the bill at the till. Generating a dynamic QR is one tap in the Fonepay Business app for every Rs 100+ bill.

What stops it, for customers: nothing direct, but a customer who scans the right QR and types the right amount never overpays.

Scam 2: the QR sticker-overlay scam

The middle scam, and the most invisible. Mechanically:

Scammer prints a QR sticker pointing to their own Fonepay-linked merchant account or wallet.
Walks into a shop pretending to be a customer or a Fonepay agent.
Pastes the fake sticker over the shop's real sticker at the counter, on the menu, or on the pole near the till.
For hours or days, every legitimate customer payment scans the fake QR and credits the scammer, not the shop.

Cyber Alert Nepal documented a multi-outlet restaurant chain in Kathmandu where this exact play ran across several locations before staff noticed the silent drop in QR receipts. The losses ran into days of revenue. The Nepal Police's April 2026 awareness campaign was built around the same pattern, using a deliberately misleading QR sticker as a teaching device.

What stops it, for shops:

Tamper-evident stickers or sealed acrylic holders. A peeled-and-replaced sticker should be visually obvious. Fonepay and acquiring banks issue standees on request; ask the partner bank for a fresh standee with tamper-evident overlay.
End-of-day reconciliation against expected footfall, not against the QR receipts alone. If footfall says 80 bills and Fonepay says 60, the gap is the problem.
For higher-volume shops, dynamic QR generated on a tablet rather than printed. No physical sticker means no overlay.
Train counter staff: if anyone you do not know fiddles with the QR area, that is the scam in progress. The counter QR is shop property; an "agent" should never show up unannounced.

What stops it, for customers: after scanning, verify the merchant name shown on your wallet matches the shop. The fake stickers route to a personal Fonepay account under an unrelated name. A momentary glance is enough.

Scam 3: the OTP-refund call scam

The wallet-side scam, played at the customer rather than the shop. Mechanically:

Scammer calls a number bought from a leaked database, often spoofing a caller ID that looks like eSewa or Khalti customer care.
Claims there is a problem with a recent transaction. "Your last payment of Rs 2,400 has failed. The amount will be reversed if you confirm the OTP we sent you."
The OTP is in fact for a withdrawal from the victim's wallet to the scammer's wallet.
Once shared, funds move in seconds. The Cyber Bureau quotes over 500 active cell numbers running variants of this play across eSewa, Khalti, IME Pay, and bank impersonation. Some scripts run the opposite way: a sham incorrect-account credit appears, the scammer asks for a refund, but the original credit reverses.

A parallel SMS variant uses shortcodes like "AT Alert" or "The Alert" to send phishing links claiming account suspension. Superintendent of Police Deepak Raj Awasthi quoted in the Kathmandu Post:

"Original Windows or software companies do not send such messages. Banking wallets never ask for OTPs this way."

eSewa's own scam-awareness blog hammers the same line: "Banks and digital wallets never ask for OTPs, passwords, or PINs."

What stops it:

Treat every inbound call about a wallet as a scam by default. Hang up. Call the wallet's published number yourself if you genuinely want to verify.
Never read an OTP to anyone. The OTP is your half of the security check; if you share it, the security check has failed by design.
Turn on biometric authentication on the wallet app. A scammer with an OTP still needs the face/fingerprint check, which raises the bar.
For phishing SMS, do not click. Open the wallet app yourself if you want to check account status.

What the Cyber Bureau numbers say

The Nepal Police Cyber Bureau warning issued in Chaitra 2081 put concrete numbers behind the anecdote pattern:

Metric	Value
Total cybercrime complaints, current FY	13,426
Specifically eSewa / Khalti / bank-account scams	217
Total cybercrime complaints, prior FY (2080/81)	19,730
Complaints in FY 2076/77 (baseline)	~2,301
5-year growth	~6×
Active scam numbers identified	500+

The 217 figure is what reaches the Bureau formally. The shop-floor losses (a Rs 300 cigarette pack here, a Rs 1,200 grocery bill there) almost never make it into a complaint because the per-incident loss is below the friction of a formal filing. The Cyber Bureau's own data is a strict undercount of the true volume, and any operator who runs reconciliation against expected footfall sees the gap.

How to report it, if it hits you

The procedure is short and free.

Collect evidence. The scammer's number, the wallet ID if visible, screenshot of the fake screen the customer showed (ask politely if you catch them, otherwise reconstruct from CCTV), your shop's actual transaction record showing the gap, and the time and amount.
Email the Nepal Police Cyber Bureau at cyberbureau@nepalpolice.gov.np. Attach a written complaint, citizenship copy, screenshots, and a clear timeline. The Bureau accepts online financial fraud as a complaint category.
Or visit in person at Bhoteahiti, Kathmandu. Phone 01-5319044. Outside the Valley, the nearest district police office forwards to the Bureau.
Report the fraudulent number to your wallet through in-app reporting (eSewa, Khalti, IME Pay all support it). The KYC team can freeze the receiving account if multiple complaints stack against the same number.
Do not expect refunds. The Electronic Transactions Act 2063 and the Notary Nepal cybercrime summary confirm that successful wallet transactions cannot be reversed by the wallet operator. The criminal case is the path; civil recovery is rare.

What you actually need to know

Three things, whichever side of the counter you are on.

For shopkeepers, voice notification and dynamic QR close most of the gap. The static-sticker, SMS-only setup that runs at most kirana shops, pharmacies, and tea stalls is the configuration scams exploit. Both upgrades are free or cheap and take ten minutes to set up via your acquiring bank.
For customers, never share an OTP. Ever. The OTP-refund call scam runs because the average user does not understand the OTP is an authorisation code, not a verification step. A bank or wallet that calls you and asks for an OTP is, with no exceptions, a scammer.
Report it even if the loss is small. The 217 figure in the Bureau's data drives the wallets' KYC review queues. A Rs 300 fake screenshot you do not report is a number you let the scammer keep running tomorrow at the next shop.

This post is part of the Nepal Money Basics guide — the Protect What You've Saved section. For specific incidents (a sticker you suspect was overlaid, a refund call you took, a fake screenshot you caught after the fact): email parjanya57@gmail.com.