QRKavach
Built for Nepal — eSewa · Khalti · Fonepay · NEPALPAY

Stop QR Fraud
Before It Strikes.

AI-powered QR fraud protection trained on Nepal's payment rails. Detects COLLECT-vs-SEND scams, typosquats, and phishing in under 100ms — in Nepali and English.

Rs 958B
QR PAYMENT VOLUME FY24/25
2.34M
QR MERCHANT CODES
19,730
CYBERCRIME CASES 2024
Rs 450M
E-FRAUD LOSSES FY24/25
NRB Public Advisory

“You scan to pay — you don't scan to receive.”

तपाईंले पैसा तिर्न मात्र QR स्क्यान गर्नुहोस् — पैसा प्राप्त गर्न होइन।

02 · Threat Surface

Active QR Fraud Vectors in Nepal

HIGHEST VOLUME

COLLECT-vs-SEND Confusion

Fraudsters pose as buyers on Hamrobazar/OLX/Facebook and send sellers a QR 'to confirm payment.' The QR is actually a COLLECT REQUEST — it debits the seller. Nepal's #1 QR fraud type.

AI defense

Wallet deeplink parsers detect intent at decode time, before the payment screen opens.

HIGH RISK

Fake NEA / NTC Bill QR

AI-generated fake utility bills with malicious QR codes via WhatsApp / Viber. NPR 45M+ stolen in Kathmandu Valley in 2024 alone.

AI defense

Document authenticity scoring + institutional QR certificate validation.

HIGH RISK

Merchant Sticker Overlay

Fake QR stickers placed over real Fonepay/eSewa merchant codes at Thamel shops, restaurants, petrol pumps. Customers pay the fraudster believing they are paying the merchant.

AI defense

Visual tamper detection compares QR against the merchant's signed certificate.

MEDIUM

Daraz / eSewa Phishing QR

Fraudsters impersonating customer service send QR codes to 'verify your account' or 'claim refund.' QR redirects to credential-harvesting login pages.

AI defense

URL reputation + typosquat detection (Levenshtein vs known wallet hosts).

EMERGING

Dynamic Redirect QR

QR codes using shorteners that change destination after initial inspection — legitimate at scan time, malicious hours later.

AI defense

Continuous redirect chain monitoring + destination drift detection.

EMERGING

Cross-Border Exploitation

Indian UPI payments at 1.5 lakh+ Fonepay merchants since 2024; 10-country NEPALPAY tourist QR. Fraudsters exploit the weaker verification on cross-border rails.

AI defense

Joint fraud signal sharing with NPCI and Alipay (post-funding).

03 · System

How QRKavach works

Five stages, sub-100ms end-to-end. Heuristic layer always runs; ML layer adds depth.

01

Capture

User scans a QR via camera, upload, or screenshot. Pixels intercepted before any URL opens.

02

Decode

EMV-TLV parser handles Fonepay/NEPALPAY merchant codes. Wallet deeplink parsers (eSewa, Khalti, IME Pay) extract intent — SEND vs COLLECT.

03

AI Analysis

Multi-layer model scores the payload: URL reputation, domain age, typosquat distance, redirect chain drift, Nepali phishing NLP.

04

Threat Intel

Cross-referenced against VirusTotal, PhishTank, APWG, and Cyber Bureau incident feeds (post-funding).

05

Decision

Risk score → Safe / Warn / Danger. Verdict surfaced in Nepali + English with the exact reason.

Nepal's payment rails need a security layer.
We're building it.

Pre-funding round open. Looking for investors and NRB / fintech partners ready to back AI fraud protection for the world's fastest-growing QR market.