Public sector bank, Bank of Baroda (BoB) has suspended 60 employees, including 11 assistant general managers (AGMs) following investigations into the recent know-your-customer (KYC) scam, according to a report by moneycontrol. The investigation was done in the wake of irregularities discovered in the on-boarding process for the bank’s digital app, BOB World.
The scam unfolded after the Reserve Bank of India (RBI) asked BoB to stop its on-boarding process for customers on the app due to certain irregularities in the registration process. Most of the employees suspended were from the Vadodara region of Gujarat. Among those suspended were officials holding key positions as AGMs, area managers and zonal heads. The suspension is in line with a rectification drive prompted by an audit of the BOB World app. Suspension letters reveal serious irregularities, such as unauthorised changes to customer accounts and BOB World applications.
With electronic payments becoming very common, scams involving fake bank calls asking for personal information have also become very common. Of late, there has been an unusual increase in cybercrimes, and among them, KYC frauds have emerged as a significant threat, putting not only consumers’ finances at risk, but also their personal data.
A recent report by PWC India reveals that over the past 24 months, 52 per cent of Indian organisations encountered fraud or economic crime. The pandemic also contributed to a surge in fraud cases, particularly within financial institutions. Globally, organisations are grappling with a changed risk landscape, shaped by environmental, geopolitical, financial, and social pressures.
What is a KYC Fraud?
You would be likely familiar with the KYC process, where you share confidential information for identification with a financial institution. Unfortunately, some of you may have also encountered KYC frauds through calls, where scammers, posing as bank officials request for KYC updates and issue threats, such as blocking your account unless you comply. While digital methods have simplified paperwork, they have also exposed information to potential misuse by fraudsters.
Says Sachin Yadav, partner, financial advisory, Deloitte India: “Digitalisation across the banking/e-commerce sectors have simplified some of the most complex procedures for customers by providing convenience, such as saving time, and enhancing customer experience. KYC is a process that mainly authenticates the identity of the customers. However, with the advancement of technology, fraudsters have been able to take advantage of certain loopholes in the organisational ecosystem and are using them to gather valuable information.”
“Some KYC frauds include unsolicited KYC verification calls, phishing, smishing, identity theft, and PAN/Aadhaar card-related update frauds – all of which are various fraudulent techniques deployed by scammers to gather personal information from the customer. People should be made aware of such scams so that they exercise caution and follow security measures recommended by the banks or other organisations requiring KYC details,” Yadav adds.
Common Tactics Employed By Fraudsters In KYC Scams
Here are some of the common tactics employed by fraudsters in KYC scams
Fake And Duplicate KYC: Scammers impersonating as banking officials contact customers and claim that their accounts will be blocked unless they share personal details for KYC updates.
Phishing: Fraudsters gather customer contact information from online sources posing as legitimate bank representatives. They coerce customers into updating their KYC through an SMS with a link to a fraudulent app or website, where they are prompted to share OTPs while on the call. Scammers prevent customers from disconnecting, allowing for unauthorised transactions before detection.
Identity Theft: Identity theft involves using someone else’s identity for criminal activities, such as applying for credit or filing taxes. This can result in substantial financial loss and damage to credit score.
Smishing: This is conducted through malicious messages with links or attachments, while appearing to be from reputable sources. Customers are instructed to click on the link, granting scammers access to their phones and enabling data theft.
What To Do In The Event Of KYC Frauds
If you find yourself in any of the aforementioned situations, follow these steps to address the KYC fraud.
Immediately notify your bank and your local police station about the scam.
Compile and submit all details related to the fraud, covering the entire timeline.
Document evidence by taking screenshots and obtaining printouts of relevant documents, including messages, call details, and emails.
Present this evidence to the bank for further investigation.
File an official complaint at the local police station, providing the same evidence along with a bank statement.
How To Prevent KYC Fraud?
Steering clear of KYC fraud begins with steering clear of uninvited calls, emails, or messages. These often serve as the initial point of contact for scammers posing as bank officials. Even if you happen to answer such calls, resist the temptation to share personal details for supposed “verification purposes” as requested by these fraudsters. This sensitive information includes bank details, credit/debit card particulars, location data, and more, which can be exploited by fraudsters to siphon off money from your account.
Another tactic employed by scammers involves sending links to third-party apps or websites, potentially leading to phishing sites. It’s crucial to exercise caution and refrain from downloading such apps or opening these websites, as they can easily compromise your data and lead to financial exploitation.
Says Vineet Tyagi, head of India operations and global chief technology officer (CTO), Biz2Credit, a fintech SaaS platform, “To avoid KYC fraud, customers should not share their sensitive information with anyone who claims to be from their bank, or other entities over phone calls, emails, messages, or websites. They should not click on any links or download any apps that they receive from unknown sources or one that look suspicious. They should not provide their KYC documents to anyone without verifying their identity and purpose.”
“They should regularly check their account statements and credit reports for any unauthorised transactions or activities. They should update their contact details with their bank and other entities regularly. They should use secure devices and networks when accessing their online banking or other financial services. They should report any suspicious calls, messages, emails, websites, or apps to their bank and the cybercrime authorities as soon as possible,” he adds.
One should also beware of scammers who claim that you are due for a payment, and provide you with a link. This is a deceptive scheme, where the link often results in making a payment instead of receiving one. If you encounter such calls, promptly block the number and report the incident to the nearest police station.
According to experts, individuals should refrain from sharing sensitive information like OTP, ATM PIN, CVV, and others. Additionally, one should avoid opening unfamiliar attachments in SMS or emails.
To further mitigate fraud, financial institutions can also play a role by embracing eKYC more frequently. Given that eKYC is a secure and foolproof method of verification, non-banking entities can provide a safer platform for their customers.
As a practice, customers should always remain vigilant when anyone approaches them to share any confidential information.
“They should do so only once they have fully confirmed its authenticity. One should not open any suspicious links on their phone or laptop or download unverified third-party apps on their phones. Also, in order to prevent misuse of Aadhaar, customers can also lock their biometrics by going to the UIDAI website. This will make your biometrics details inaccessible until you choose to unlock it again. If one becomes a victim of such fraud, one should immediately report the same to their bank or insurer and file a complaint with the cyber cell or at the local police station,” says Abhishek Balan, chief information security officer, Digit General Insurance.