News

Getting Calls For KYC Update? RBI Issues Warning; Check Tips To Stay Safe

RBI issued a warning on increasing KYC frauds, urging public vigilance against unsolicited KYC updation messages. Read on to know the do's and don'ts.

RBI issued a warning on increasing KYC frauds
info_icon

The Reserve Bank of India (RBI) on February 2, 2024, reiterated its earlier warning to the public with more tips amidst the rising instances of frauds related to Know Your Customer (KYC) updation.

RBI amplified the cautionary tips issued earlier to the public on September 13, 2021, "in the wake of continuing incidents/ reports of customers falling prey to frauds being perpetrated in the name of KYC updation".

Modus Operandi of KYC Frauds

Typically, customers receive unsolicited communications such as phone calls, SMS, or emails, asking them to reveal personal information, account or login details, or install unauthorised apps through links provided in the message.

The messages often tactically create a sense of false urgency, threatening account freezing or closure if the customer fails to comply. When customers share essential personal or login details, fraudsters gain unauthorised access to their accounts and engage in fraudulent activities.

Immediate Reporting

To tackle with financial cyber frauds, the RBI urged victims to immediately file complaints on the National Cyber Crime Reporting Portal (www.cybercrime.gov.in) or through the cybercrime helpline in 1930.

The RBI advises the public not to share account login credentials, card information, PINs, passwords, and OTPs with anyone.

Preventive Measures Recommended by RBI

The RBI listed several do's and don'ts to safeguard individuals from falling victim to KYC fraud.

The RBI advises the public not to share critical information such as account login credentials, card details, PINs, passwords, or OTPs with anyone. Furthermore, individuals are cautioned against sharing KYC documents with unknown or unidentified entities and refrain from clicking on suspicious or unverified links received in mobile or email. Further "Do not share any sensitive data/ information through unverified/unauthorized websites or applications," RBI said.

When you receive any KYC updation request, directly contact the bank or financial institution for confirmation and assistance. Obtain contact numbers or customer care phone numbers only from the official website or sources. Inform the bank immediately in case of any cyber fraud incidents. Enquire with the bank to ascertain available modes for updating KYC details.

Further, it highlighted the guidelines on KYC updation to ensure that what you are about to do is accurate.

RBI Guidelines on Channels Used For KYC Updation

The RBI, in its Master Direction on KYC, dated February 25, 2016, with subsequent amendments, says “periodic updation shall be carried out at least once in every two years for high-risk customers, once in every eight years for medium-risk customers and once in every ten years for low-risk customers from the date of opening of the account or last KYC updation.”

In case of no change in the KYC information, a self-declaration from the customer in this regard shall be obtained through the customer’s email registered with the RE, the customer’s mobile number registered with the RE, ATMs, digital channels (such as online banking or internet banking, mobile application of RE), letter, etc.

In case of a change only in the address details of the customer, a self-declaration of the new address shall be obtained through the abovementioned channels and the declared address shall be verified through positive confirmation within two months, by means such as address verification letter, contact point verification, deliverables, etc.