Many individuals have been receiving communications such as phone calls, SMS, or emails purportedly from legitimate sources like banks or financial institutions, seeking personal details to comply with Know Your Customer (KYC) requirements.
“These are KYC frauds,” said Kaushal Sampat, Founder of Rubix Data Sciences, a tech platform focusing on simplifying decision making for credit, risk, supply chain and compliance professionals.
In the wake of continuing incidents of customers falling prey to KYC updation frauds, the Reserve Bank of India (RBI) in February cautioned the public about such frauds.
Through its regular advertisements and messaging, the RBI has been urging people to stay vigilant. “Whatever the type of KYC fraud, the modus operandi hinges on exploiting this sense of urgency and fear, coercing unsuspecting individuals into divulging sensitive personal information or login credentials,” said Sampat. Once armed with details of customers, scammers gain unauthorised access to victims' bank or investment accounts and carry out a variety of fraudulent activities and unauthorised transactions, Sampat said.
Modus operandi of KYC fraudsters
The most common KYC fraud involves scammers posing as bank officials reaching out to customers, claiming that their accounts face imminent blockage unless they provide personal details for KYC verification.
“Another way is phishing, which involves fraudulent attempts to obtain sensitive information, such as usernames, passwords, and credit card details, by masquerading as a trustworthy entity,” said Sampat. Victims are often directed to fake websites or apps designed to mimic legitimate banking portals, where they unwittingly disclose their credentials, he added.
The third method is identity theft, where criminals steal individuals' personal information, Aadhaar ID and PAN details, to perpetrate various forms of financial fraud.
The fourth variety of KYC scams is ‘Smishing’—a combination of ‘SMS’ and ‘phishing’. Smishing entails the use of text messages to lure victims into divulging sensitive information or downloading malicious software onto their devices, Sampat said.
While the Cyber Crime Portal and the RBI Ombudsman have been entrusted with receiving and acting on victims’ complaints, there is no official figure on how many such KYC scams have been reported. However, the general sense is that they are rapidly increasing, Sampat said.
Also read | RBI panel proposes measures to improve customer services at banks
Synthetic identity fraud
Synthetic identity creation is a sophisticated form of identity theft, where fraudsters ingeniously combine genuine and counterfeit personal information to create entirely new identities. “These fabricated identities are then used to perpetrate various frauds, such as credit card and bank fraud. Traditional KYC methods, while once considered reliable, are facing many challenges, particularly in detecting synthetic identity fraud,” Sampat said.
Ways to avoid banking and KYC frauds
Given the sophistication and prevalence of KYC fraud, it is crucial for users to adopt proactive measures to safeguard their personal information and financial details.
Firstly, we must all be wary of unsolicited communications, especially those that pressure us into divulging sensitive information or downloading unfamiliar apps, Sampat said.
Secondly, before responding to any requests for KYC updates or personal information it is a must to verify the legitimacy of the sender by contacting the bank or financial institution directly using official contact details, he added. Sensitive information, such as passwords, PINs, or OTPs, should not be shared with anyone, regardless of their purported affiliation with a financial institution.
Knowledge is power; hence, we need to stay abreast of the latest scams and emerging frauds by regularly checking updates from reputable sources like the RBI or consumer protection agencies. “KYC updates or transactions should be undertaken only through official channels provided by the bank or financial institution’s website or mobile app, rather than clicking on links embedded in unsolicited messages,” Sampat warned.
“Lastly, usage of trusted caller ID apps helps in promptly blocking suspicious numbers and reporting such calls as spam helps protect oneself and others from falling victim to KYC scams,” he said.
Thus, by remaining vigilant and adopting best practices for online security, customers can mitigate the risk of falling victim to KYC fraud and safeguard our financial well-being even in this digital world. In this matter it is always better to err on the side of caution, he said.
Also read | No passwords, PINs: How banking can be made simple and fraud-free for senior citizens
Limitations of traditional KYC methods
“Manual identity verification, the cornerstone of traditional KYC processes, is time consuming, labour intensive, and costly, involving meticulous document checks and often leading to delays and frustrations for both customers and businesses,” Sampat said. The risk of missing critical data elements further compounds the inefficiency of this approach, he added.
Moreover, manual KYC processes are prone to human error, increasing the likelihood of overlooking fraudulent activities. “Fraudsters capitalise on these vulnerabilities by exploiting gaps in identity verification systems,” he said.
RBI updates KYC norms to keep pace with global standards
Through its latest updates to KYC norms in 2023, the RBI has ensured that India’s KYC framework meets the benchmark set by the Financial Action Task Force (FATF), the global money laundering and terrorist financing watchdog. “The RBI too has been diligently monitoring banks, NBFCs, and fintechs for implementation of KYC processes, sending notices and taking strong action where necessary,” said Sampat.
It is now the turn of banks, NBFCs and fintechs to follow the KYC norms in letter and spirit. They need to strengthen internal controls as well as relentlessly create awareness among the public about KYC frauds, he said.
“The RBI has adopted a risk-based approach to KYC, rather than the previously deployed one-size-fits-all approach,” said Sampat. Consequently, banks, NBFCs and fintechs are required to create risk profiles for their customers, based on their identity, geographic location, transaction history, and line of business. Once the risk profiling is complete, low-risk customers are required to undertake a simplified KYC while high-risk customers are made to undergo stricter due diligence, he said.
“The RBI has also mandated continuous monitoring of KYCs to weed out fake entities that threaten the integrity of the financial system,” Sampat added.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
