From sending more than 20 million fraud-awareness messages to customers in a year to penalising own employees for clicking on phishing links, large banks are undertaking aggressive awareness programmes to tackle the menace of cyber frauds.
Ravi Santhanam, chief marketing officer (CMO) and head of liability products and managed programmes at HDFC Bank, said over the course of the last one year, the bank sent more than 20 million SMS text messages to customers on fraud awareness, and in excess of 8.5 million emails. The CMO said HDFC Bank has conducted over 5,900 training programme on fraud awareness and secure banking, covering more than 62,500 customers.
“The bank uses an omnichannel approach to reach out to a large set of customers, using both external and internal channels, such as newspaper advertisements, website, net banking, application, digital media, SMS and emails,” he said.
An ICICI Bank spokesperson said the lender sends email alerts to customers for every transaction in their accounts and credit cards. In the alert, the bank asks the customer to check the transaction and report it in case of a scam. “In every alert, we keep reminding them to be vigilant, and not share sensitive and confidential details, including OTP, URN, passwords, CVV with anyone, even if the person claims to be a bank employee,” the spokesperson said, adding that it has introduced a new feature in its iMobile Pay app, which does not allow any screen-sharing application.
Large banks have also signed brand deals with influencers and actors to promote customer awareness.
The campaigns gain significance as the Reserve Bank of India’s (RBI) Financial Stability Report for December 2022 showed that though the overall amount of banking frauds decreased from Rs 36,316 crore in H1FY22 (April-September) to Rs 19,485 crore in H1FY23, the card and internet banking frauds rose from Rs 60 crore in H1FY22 to Rs 87 crore in H1FY23. The overall number of online banking frauds and card frauds increased from 1,532 in H1FY22 to 2,321 in H1FY23, the data showed.
Evolving trends of online frauds
Scamsters are increasingly evolving their phishing and vishing techniques to lure customers into fraud, bankers and experts say. According to V Vaidyanathan, MD & CEO at IDFC First Bank, there is a new fraud, called the ‘Boss Scam’. Boss Scam is a cyber attack wherein fraudsters impersonate a top corporate executive to target employees, and trick them into buying gift cards, transferring money, among others.
The MD said online frauds are a “very serious issue” and IDFC First Bank is educating customers through website, mobile application, and other means to insist for an OTP (one-time password) for certain transactions and SIM-binding, among others. “…In our bank, we have introduced a penalty for employees if you click on phishing link…,”
K Paul Thomas, MD and CEO at ESAF Small Finance Bank, said fraudsters are utilising several social engineering techniques to obtain personal information, such as the victim customer’s mobile number. After getting the number, scamsters impersonate bank staff and cleverly acquire the victim’s login credentials. “Weak passwords, such as those related to the user ID or date of birth, increase the likelihood of success for these attacks,” he said.
Once fraudsters obtain the victim’s credentials, they manipulate the victim with stories about KYC expiry or account blocking and deceive them into providing the OTPs required for fund transfers, he said, adding that funds are then transferred multiple times through various accounts before being withdrawn, which makes it difficult for law enforcement agencies to track and recover the funds. “As part of increasing awareness on safe banking practices, the bank has displayed necessary posters and banners at all our physical outlets that cover all the customer touch-points, including business correspondents and ATMs.”
As per Rajashekara V Maiya, vice president and global head of business consulting at Infosys Finacle, constant attacks are being made by organised dark networks on banks and their data centres, servers, and websites to exploit any vulnerability. “What we have found is that multi-factor authentication will prevent many such frauds along with the right amount of awareness for digital service users.”
HDFC Bank CMO said at present there is no data available to track the exact number of frauds at an industry level, and fraudsters seem to be creating and newer methods of defrauding customers. “We take our responsibility seriously of spreading awareness about the issue and advising on safe banking practices.”