Closing loopholes: Steps for prevention of banking fraud

Advances in technology and the increasing use of the internet have led the Reserve Bank of India (RBI) to approve a greater use of online banking. This includes channels such as National Electronic Funds Transfer (NEFT), Real-Time Gross Settlement (RTGS), the National Electronic Clearing Service (NECS), the Electronic Clearing Service (ECS), the Unified Payment Interface (UPI) and the Immediate Payment Service (IMPS).

In 2010, the RBI issued a circular acknowledging that the ways in which names may be written made it difficult to check that the beneficiary details in the receiving bank match the details in the transfer instructions. The RBI thus required banks to verify only the account number with receiving banks when transfers were made through the RTGS, NEFT, NECS and ECS. It was not necessary to confirm the account holder’s name. The onus of providing correct inputs lay with the remitter. Banks usually demanded transferees’ names and included them in the transfer notification, but relied only on account numbers to transfer the funds.

Sanjay Gupta
Sanjay Gupta
Managing Partner (Contentious Practice Group)
SNG & Partners

As phishing, false telemarketing, email scams, fraudulent representations, ATM fraud and card cloning became common, fraudsters identified the loophole that transfers are happening by account number matching and not by name. It allowed them a new way to divert funds. They pretended to be executives of known companies, inducing bank customers to make digital payments for non-existent transactions to individuals or companies whose identity appeared to be genuine. The fraudsters would provide their own account number. The receiving banks did not have to check the name of the beneficiary. The remitter, often an employee of a corporate victim, would never verify the account number. The sender remained under the impression that the payment was being remitted to the known identity. Sometimes, a lower-ranked employee would be persuaded that the fraudster was a director of their company.

Examples of such frauds, came before the Delhi High Court in the matter of Dabur India Limited v Ashok Kumar and Ors. This case along with numerous other similar cases involved breaches of intellectual property rights and in these petitions the issue of banks not requiring to match the name was also raised by pointing out fraud being perpetuated.

The court had previously directed that a multi-agency meeting be held to address the problem. The parties, including the Ministry of Home Affairs, the RBI and the Indian Bank Association, acted and put an affidavit before the court. This set out recommendations for new standard operating procedures to close the loophole. In a further hearing in December 2024, the court directed the RBI to act on the proposals.

The RBI issued a directive under the Payment and Settlement Systems Act, 2007, the same month. This requires banks using RTGS and NEFT to create beneficiary lookup facilities for customers. Ordered to be in place by April 2025, the facilities will allow remitters to verify transferee details against account numbers they have been given. Transferors will easily be able to identify fraudulent demands for payment and prevent themselves from becoming victims.

Following the high-level meeting and subsequent sub-groups, steps were taken to enable the targets of crime to report matters and raise public awareness. The Indian Cyber Crime Co-ordination Centre, or IC4, was established. The IC4 receives complaints from the public through either the National Cyber Crime Reporting Portal or a hotline. The IC4 has also set up the Citizen Financial Cyber Fraud Reporting and Management System, a network that enables the public, banks, and law enforcement to respond in real-time to reported cyber crimes.

Banks are bound to follow the directives of the RBI and any failure would make the banks accountable. However, members of the public must also be more vigilant when they carry out their banking transactions. They should safeguard the details of their bank accounts and be cautious about revealing such details to third parties.

The combined efforts of all banking stakeholders will reduce the misdirection of funds from the accounts of unwary customers and account holders.

Sanjay Gupta is managing partner (contentious practice group) at SNG & Partners

Internship & Articleship

Error: Contact form not found.

Disclaimer

By proceeding further and clicking on the “I ACCEPT” button below, you acknowledge that you of your own accord wish to know more about SNG & Partners (“The Firm”) for your own information and use. You further acknowledge that there has been no solicitation, invitation or inducement of any sort whatsoever from SNG & Partners or any of its employees, partners, associates or members to create an attorney-client relationship through this website. You further acknowledge having read and understood this Disclaimer.

This website is a resource for informational purposes only and is intended, but not promised or guaranteed, to be correct, complete, and up-to-date. While SNG & Partners has taken utmost care to ensure accuracy and completeness of the information contained on this website, the Firm does not warrant that the information contained on this website is accurate or complete, and hereby disclaims any and all liability for any loss or damage caused or alleged to have been caused to any person by relying on any information contained on this website. The contents of this website should not be construed as an opinion, legal or otherwise, on any issue or subject. 

SNG & Partners further assumes no liability for the interpretation and/or use of the information contained in this website, nor does it offer a warranty of any kind, either expressed or implied. The owner of this website does not intend links from this site to other Internet websites to be referrals to, endorsements of, or affiliations with the linked entities. The Firm is not responsible for, and makes no representations or warranties about the contents of websites to which links may be provided from this website.

Furthermore, the owner of this website does not wish to represent anyone desiring representation based solely upon viewing this website or in a Country/State where this website fails to comply with local laws and ethical rules of that state. You may note that the use of the internet or email for conveying confidential or sensitive information is susceptible to risks of disclosure associated with sending email over the internet.

The Firm advises against the use of the communication platform provided on this website for exchange of any confidential, business or politically sensitive information. User is expected to use his or her judgment and such information shared will be solely at the user’s risk.

Communication through this website in any form shall be for the purpose of enquiries only and shall not hold good for service of any kind of court proceedings, summons, advance notice, pleadings etc. For service of any such document and/or notice to the Firm and/or to any of its partners under the act or rules including under CPC, Cr. PC and/or any other law shall be served at our concerned office or to the concerned advocate dealing with the matter.