Advances in technology and the increasing use of the internet have led the Reserve Bank of India (RBI) to approve a greater use of online banking. This includes channels such as National Electronic Funds Transfer (NEFT), Real-Time Gross Settlement (RTGS), the National Electronic Clearing Service (NECS), the Electronic Clearing Service (ECS), the Unified Payment Interface (UPI) and the Immediate Payment Service (IMPS).
In 2010, the RBI issued a circular acknowledging that the ways in which names may be written made it difficult to check that the beneficiary details in the receiving bank match the details in the transfer instructions. The RBI thus required banks to verify only the account number with receiving banks when transfers were made through the RTGS, NEFT, NECS and ECS. It was not necessary to confirm the account holder’s name. The onus of providing correct inputs lay with the remitter. Banks usually demanded transferees’ names and included them in the transfer notification, but relied only on account numbers to transfer the funds.

Managing Partner (Contentious Practice Group)
SNG & Partners
As phishing, false telemarketing, email scams, fraudulent representations, ATM fraud and card cloning became common, fraudsters identified the loophole that transfers are happening by account number matching and not by name. It allowed them a new way to divert funds. They pretended to be executives of known companies, inducing bank customers to make digital payments for non-existent transactions to individuals or companies whose identity appeared to be genuine. The fraudsters would provide their own account number. The receiving banks did not have to check the name of the beneficiary. The remitter, often an employee of a corporate victim, would never verify the account number. The sender remained under the impression that the payment was being remitted to the known identity. Sometimes, a lower-ranked employee would be persuaded that the fraudster was a director of their company.
Examples of such frauds, came before the Delhi High Court in the matter of Dabur India Limited v Ashok Kumar and Ors. This case along with numerous other similar cases involved breaches of intellectual property rights and in these petitions the issue of banks not requiring to match the name was also raised by pointing out fraud being perpetuated.
The court had previously directed that a multi-agency meeting be held to address the problem. The parties, including the Ministry of Home Affairs, the RBI and the Indian Bank Association, acted and put an affidavit before the court. This set out recommendations for new standard operating procedures to close the loophole. In a further hearing in December 2024, the court directed the RBI to act on the proposals.
The RBI issued a directive under the Payment and Settlement Systems Act, 2007, the same month. This requires banks using RTGS and NEFT to create beneficiary lookup facilities for customers. Ordered to be in place by April 2025, the facilities will allow remitters to verify transferee details against account numbers they have been given. Transferors will easily be able to identify fraudulent demands for payment and prevent themselves from becoming victims.
Following the high-level meeting and subsequent sub-groups, steps were taken to enable the targets of crime to report matters and raise public awareness. The Indian Cyber Crime Co-ordination Centre, or IC4, was established. The IC4 receives complaints from the public through either the National Cyber Crime Reporting Portal or a hotline. The IC4 has also set up the Citizen Financial Cyber Fraud Reporting and Management System, a network that enables the public, banks, and law enforcement to respond in real-time to reported cyber crimes.
Banks are bound to follow the directives of the RBI and any failure would make the banks accountable. However, members of the public must also be more vigilant when they carry out their banking transactions. They should safeguard the details of their bank accounts and be cautious about revealing such details to third parties.
The combined efforts of all banking stakeholders will reduce the misdirection of funds from the accounts of unwary customers and account holders.
Sanjay Gupta is managing partner (contentious practice group) at SNG & Partners