Cybersecurity experts point to a lack of standardised systems to identify patterns of fraudulent transactions in banks. | Photo Credit: istock

Hyderabad’s ₹5.66 crore ‘digital arrest’ scam shines spotlight on vulnerabilities in Indian banking

During the scam, which took place over 20 days, the victims closed their FDs in different banks and transferred large sums to multiple accounts provided by the scammers

11 Dec 2024, 15:51 by Lavpreet Kaur · The Hindu

A 69-year-old mother of two from Hyderabad’s Basheerbagh lost a staggering ₹5.66 crore in a ‘digital arrest’ scam. The amount was transferred from multiple bank accounts belonging to the victim and her two daughters in a series of 14 transactions over 20 days, starting November 14.

After the victim was made to believe that her mobile number linked to Aadhaar was involved in a money-laundering case, she was asked to transfer all her funds for verification, on the promise that they would be refunded. The woman transferred her life savings to at least nine different accounts, including those in HDFC, YES Bank, ICICI Bank, Bandhan Bank and IndusInd, provided by the scammers over a Skype call.

The three fraudsters, posing as officials from Telecom Regulatory Authority of India (TRAI), Reserve Bank of India (RBI) and Central Bureau of Investigation (CBI), ‘guided’ the victims with what they should tell the bankers when questioned about the large transactions. Purchasing a car or property; charity work; and personal reasons were among their suggestions.

Until December 3, the women made multiple visits to Canara Bank, Union Bank of India and Andhra Pradesh Mahesh Cooperative Urban Bank—where they have accounts—for premature closure of their fixed deposits (FDs) and transferring funds through Real Time Gross Settlement (RTGS), and no one took notice of the massive scam unfolding.

Five days later, on December 8, when the victim enquired about the refund, she was asked to visit the nearest CBI office in Sultan Bazaar, where she was informed that she had been scammed.

Insufficient customer verification

The series of events in this case and many others reported across the country highlight gaps in the banking system.

Senior officers from various Indian banks, cybersecurity experts and law enforcement officials pointed to the lack of standardised systems to identify patterns of fraudulent transactions and called for overhaul in customer verification across banks.

Director of Telangana Cyber Security Bureau (TGCSB) Shikha Goel said technological intervention to identify mule accounts could be a game-changer in bringing down cybercrime cases. “It is unusual that a large amount coming into an account is transferred into multiple accounts in a matter of a few seconds. Banks need to have systems to keep a watch on accounts, small or big, that see such rapid transactions. Officials should also be immediately alerted about accounts that become active for only a small period of time or see large numbers of transactions to and from different parts of the country,” she said.

A senior officer working with the Indian Cybercrime Coordination Centre in Delhi said, on the condition of anonymity, that existing fraud management systems in banks have to be tweaked or extended to identify the fraudulent transaction patterns. “While many banks claim they have mule account detection systems, whether they are working and yielding results is yet to be seen,” another official said, seeking anonymity.

Implementation of Reserve Bank of India’s ‘MuleHunter.AI’, a tool launched recently to identify frauds in mule accounts based on data from banks and payment operators in the country, could significantly help, the official said.

Banks walk a tightrope

Bank officials say they are walking a tightrope to balance customer privacy and stringent procedures. A senior officer from State Bank of India (SBI) said on the condition of anonymity that while all bank employees are sensitised to watch out for scams, most might not intervene or question a customer making large transactions to ‘not offend or harass them’.

The SBI officer, however, agreed that banks need to strengthen their Know Your Customer (KYC) procedure and actively identify mule account holders. “Gaps in KYC procedures are leading to so many mule accounts. Banks can identify mule accounts by closely monitoring the account turnover. If a current account sees transactions exceeding its usual activity level, it should immediately be verified,” the officer explained, adding that a security overhaul is needed in company registration procedure in the country as well.

Amid the rising cases of cyber frauds through mule accounts, the SBI has initiated geo-tagging to verify the address of customers who wish to open current accounts. “For non-individual current accounts, including partnerships, companies, trusts, societies or any other legal entities, bank officials verify the address by visiting the location. This step helps in avoiding opening of mule accounts,” the official added.

Experts collectively opined that banks should come up with protocol and subsequent training for bank employees, especially in customer-facing roles, to handle and help cybercrime victims.

Published - December 11, 2024 09:21 pm IST