The Reserve Bank of India (RBI) has increased its attention on the rising digital frauds in banking system during the ongoing annual FY23 inspection of books and internal processes, and is more intent on seeing what are the online fraud prevention mechanisms set in place by the banks, three people aware of the matter told FE.
“RBI has enhanced its attention in this area. The quantum is less (in digital frauds), but the volumes are rising with UPI (Unified Payments Interface) coming into the picture,” a senior public sector banker said.
The banker said on advances side, a lot of cleaning up has already been done largely with several risk management processes being put in place but digital frauds of smaller quantum still pose an operational risk to banks.
According to the RBI’s FY23 annual report, even as the overall value of frauds reported by Indian banks halved from Rs 59,819 crore in FY22 to Rs 30,252 crore in FY23, the value and volume of digital frauds committed using cards and internet-based payment methods nearly doubled.
While 3,596 frauds amounting to Rs 155 crore using cards and internet banking services were reported by lenders in FY22, the volume nearly doubled to 6,659 digital frauds in FY23 amounting to Rs 276 crore.
According to the bankers, the RBI is asking lenders about mechanisms in place to prevent transaction payment frauds, the customer service handles that lenders are providing to users and whether banks have an effective grievance redressal cell in place.
“They are looking at what are fraud prevention systems. For example in transaction frauds, if a scammer has got hold of a customer’s credentials, since there is a maximum amount limit per transaction, scammer will have to conduct repeated transactions and if the velocity of transaction is high then bank’s system should be able to recognise and flag it, the systems in back end must be able to detect,” the banker said.
Another senior banker at a private sector bank said not all customers are very vigilant while conducting online payments, so the RBI has asked lenders to conduct customer awareness campaigns on cyber frauds.
“A lot of customers are using online tools but unfortunately many of them give away their OTP or get their SIM compromised, among other issues. Thus the RBI is highly focused in this area for quite some time and are asking banks to up their vigilance,” the banker said, adding that banks have been asked to put in processes which enable live tracking of online payment issues, flagging certain fraud websites, fraudulent merchant QR codes, among others.
In a rare exchange filing, private sector lender Kotak Mahindra Bank had, in August 2022, said it wrote twice to RBI requesting it to enforce standardisation in fraud reporting requirements by all banks.
“We have observed that there is significant variance in what is chosen to be reported to the regulator by other banks. We have appealed to the regulator vide our letters dated 17th March, 2022 and 30th August 2022 to enforce standardisation in reporting requirements,” the lender had said in a clarification issued to a media report. The report said that while Kotak Bank recorded 5,278 cases of frauds during Q1FY23, 97% of which were associated to digital and card related frauds, country’s largest lender State Bank of India (SBI) reported only nine fraud cases during the same period.
The PSU banker quoted above agreed that there were variances in the way banks reported frauds to the regulator. In view of the same, the RBI has now asked lenders to report all sizes of digital frauds and not just those frauds involving amount of upwards of Rs 1 lakh. This measure will give a better picture on the overall digital fraud scenario, they said.