How do these online banking frauds happen in India and how to prevent them


With the significant increase in the use of digital systems over the years, cyber criminals have invaded the internet to commit online crimes such as data fraud, theft as well as hacking and the banking sector is also not beyond their reach.

To perform illegal transactions, these cyber criminals attack online banking, credit/debit/ATM cards, payment portals and other online banking approaches. Over the years, cybersecurity experts have noticed one major factor: cybercriminals are becoming increasingly sophisticated, making it harder for organizations to defend against such attacks.

Roundabout ways

The most common forms of bank fraud in India are:

  • Vishing – Phone calls claiming to be from bank/non-bank e-wallet providers/telecom service providers to induce customers to share confidential information under the pretense of KYC update, account/SIM unlocking, debited amount credit, etc
  • Phishing – Spoofed emails and/or text messages designed to trick customers into believing the communication is from their bank/e-wallet provider and contain links to extract confidential details.
  • Remote Access – By getting customers to download an app to their mobile phone/computer that can access all customer data on that customer device.
  • Misuse UPI’s “collect requests” feature by sending fake payment requests with messages such as “Enter your UPI PIN” to receive money.
  • Fake bank/e-wallet provider numbers on web pages/social media and displayed by search engines etc.

It’s not that. According to a report from last year, the majority of online banking fraud occurs on the second and fourth Fridays of a month. Similarly, most bank fraudsters prefer to target victims using mobile phone apps rather than PCs and laptops, which are slower and more susceptible to being tracked. Cell phones are easy to throw away and are also cheaper.

RBI noted in its annual report, which was published on May 27 last year, “Central banks have made extensive use of their social media handles to educate people on safe digital banking practices. These efforts have proven useful for financial education, as the misdeeds of some fraudulent entities involved in phishing, financial fraud and other cybercrimes have increased during the lockdown.

Last year, RBI also said that in 2020-21, for the first time in 8 years, the total amount of fraud reported by banks has decreased, as private sector banks increasingly tend to report a higher number of thefts related to cards and internet banking.

RBI noted that commercial banks reported 1.38 trillion rupees of fraud in 2020-2021, compared to 1.85 trillion rupees the previous year. Banks reported fraud of Rs 36,342 crore in the first half of the current financial year.


First, it must be understood that consumers are not the only victims of online banking fraud. Businesses are becoming increasingly vulnerable to cyber fraud as the frequency of data breaches and fake emails targeting stores and organizations increases.

RBI in its latest updated guidance noted that fraudsters attempt to obtain confidential information including user ID, login/transaction password, OTP, card details debit or credit information such as PIN, CVV, expiration date and other personal information.

As mentioned by the central bank, “RBI urges members of the public to practice safe digital banking by taking all necessary precautions, while conducting digital (online/mobile) banking/payment transactions. This will help them avoid financial and/or other losses for them.

It has also issued certain guidelines for users to avoid such incidents. The RBI has urged customers to avoid sharing account details including login ID, password, card details and other information with anyone, not even those responsible for the bank, “as authentic as they may appear”.

According to the bank, any phone call or email claiming to block the bank account on the pretext of not updating the KYC or advising people to click on a link to do so is a common tactic used by fraudsters.

“Do not accept offers to change or speed up your KYC. Always go to your bank/NBFC/e-wallet provider’s official website or call the branch,” RBI said.

He also asked people to avoid downloading unknown apps on their smartphones, access bank/NBFC official website/e-wallet, ensure users do not share the password of the email linked to your bank account/e-wallet and follow other preventive measures.

“Do not be misled by advice suggesting depositing money in your name with RBI for overseas remittances, receiving commissions or lottery winnings. Secure your cards and secure a daily limit for transactions. You can also set limits and enable/disable for domestic/international use. This can limit losses due to fraud,” according to the notice.

“Regularly check your email and phone messages for alerts from your financial service provider. Immediately report any observed unauthorized transactions to your bank/NBFC/service provider for blocking the card/account/wallet, in order to avoid any further loss,” he added.

However, while massive data breaches in international companies tend to get the most attention, it’s a fact that all organizations are vulnerable to fraud. Bank fraud can quickly jeopardize a company’s finances and, in some situations, even destroy its brand. To avoid this, every organization must also follow certain security measures.

This can include educating employees, always using protected internet connections, using complex passwords, and paying attention to suspicious activity such as dodgy emails.

Read all the latest Assembly news, breaking news and live updates here.


About Author

Comments are closed.