Taking cognizance of the spike in cases of gullible customers falling prey to Know Your Customer (KYC) updation frauds, the Reserve Bank of India (RBI) recently cautioned the general public about such frauds.
With regular advertisements and messaging, the central bank has been advising people to remain vigilant against these malpractices. It has been noticed that irrespective of the type of KYC fraud, the modus operandi revolves around exploiting this sense of urgency and fear, coercing unsuspecting individuals into divulging sensitive personal details or login credentials.
Armed with these essential details of customers, fraudsters gain unauthorised access to the bank or investment accounts of victims and carry out a variety of fraudulent activities and unauthorized transactions.
Pulling a fraud: The methodology
One of the most common KYC frauds involves fraudsters masquerading as genuine bank executives reaching out to customers, claiming that their accounts face imminent blockage unless they provide personal details to initiate KYC verification.
Similarly, cases of phishing have been on the rise as well. This involves fraudulent attempts to obtain sensitive details, such as user names, passwords, and credit card information, by posing as a trustworthy executive from a bank or financial institution. At times, gullible individuals are directed to fake websites or apps designed to mirror legitimate banking portals, where they unknowingly end up disclosing their essential credentials.
Identity theft is another method in which scammers steal personal information, Aadhaar ID and Permanent Account Number (PAN) details of an individual, to pull various forms of financial fraud.
Smishing—a combination of SMS and phishing—is another on the list that entails the use of text messages to lure individuals into divulging essential information or downloading malicious software onto their mobile or electronic devices.
The Cyber Crime Portal and the RBI Ombudsman are responsible for receiving and acting on a complaint registered by a victim; there is no official data to showcase how many such KYC scams have been reported so far. The general estimate is that they are on a significant rise.
Synthetic identity creation has emerged as a sophisticated form of identity theft, wherein scammers ingeniously combine genuine and counterfeit personal details to create entirely new identities. Such fabricated identities are then used to perpetrate various frauds, including credit card and bank fraud. Moreover, traditional KYC methods, while once regarded as reliable, are facing considerable challenges, particularly in detecting cases of synthetic identity fraud, say experts.
Banking and KYC frauds: Remaining vigilant
With changing levels of sophistication in pulling a KYC fraud, individuals need to adopt proactive measures to safeguard their personal information and financial details.
First and foremost, remain wary of unsolicited communications, especially those that pressurise an individual into disclosing sensitive information or downloading untrusted apps.
Then, before responding to any requests for KYC updates or personal information, it is necessary to verify the legitimacy of the sender by reaching out to the bank or financial institution directly through official contact details. More importantly, one should refrain from sharing with anyone sensitive information, such as passwords, personal identification numbers (PINs), or one-time passwords (OTPs). This is regardless of their purported affiliation with a banking or financial institution.
It is crucial to keep oneself updated on the latest scams and emerging frauds by regularly checking updates from reputable sources such as the RBI or consumer protection agencies.
Essentially, KYC updates or transactions should be undertaken only via official channels provided by a bank or financial institution’s website or mobile app instead of clicking on links embedded in unsolicited messages, say experts.
Additionally, usage of trusted caller ID apps aids in promptly blocking suspicious numbers and reporting such calls as spam helping protect an individual and others from falling victim to KYC scams.
Traditional KYC approach: An eye on limitations
The traditional KYC method involves manual identity verification, which can be a time-consuming exercise while being labour-intensive and costly.
Generally, it involves meticulous document checks, often leading to delays and frustrations for both customers and businesses alike. Moreover, the risk of missing critical data elements adds to the complications of this approach.
In addition, manual KYC processes are prone to human error, raising the chances of overlooking fraudulent activities. Often, fraudsters capitalise on these vulnerabilities by exploiting gaps in identity verification systems, say experts.
Updation of KYC guidelines by the RBI
With its latest updates related to KYC guidelines in 2023, the apex bank has ensured that India’s KYC framework addresses the benchmark set by the Financial Action Task Force (FATF), the organization that sets standards to combat global money laundering and terrorist financing.
The central bank has adopted a risk-based approach to KYC instead of the previously deployed one-size-fits-all approach. As a result, banks, NBFCs, and fintechs are mandated to create risk profiles for their customers based on their identity, geographic location, transaction history, and line of profession or business. After the risk profiling is complete, low-risk customers are required to undertake a simplified KYC. On the other hand, high-risk customers need to undergo stricter due diligence.
Rajiv is an independent editorial consultant for the last decade. Prior to this, he worked as a full-time journalist associated with various prominent print media houses. In his spare time, he loves to paint on canvas.