In recent times, wallets and UPI have taken over the Indian digital payment ecosystem. Since its introduction in 2016 by the National Payments Corporation of India (NPCI), UPI has changed the payments paradigm.
But even as the reduction of friction in payments is driving the growth of new businesses, it is also orchestrating fraud. And with a likely influx into new-age payments platforms in the aftermath of the coronavirus outbreak, things may only get worse.
KYC is basically the collection and collation of customer data which is the most effective way of fraud mitigation. Newer and faster ways of getting KYC done are being implemented with the advent of AI and ML gradually taking over the legacy systems. So instead of having an agent visit the customer to manually check the details, more efficient ways like;
- Aadhaar Offline KYC (Processing KYC without the use of biometrics)
- Electronic KYC (Accessible to only customers with Aadhaar number)
- Central KYC
- Video KYC. This involves capturing all details and identification via a video.
Types Of KYC Related Frauds In India
Usually, a re-KYC is required, to ensure an updated database of the customer in areas where they might have been a change. For instance, address or marital status or in case there was a minor mistake in the data.
This is the most common attempt of KYC fraud in India where the fraudster places a forged phone call pretending to be a bank/company representative. He/she asks you to provide your KYC information on an emergency basis otherwise the account will be “blocked”.
They will collect your information from social networking sites like Facebook, Linkedin, Twitter and so on. Once they have enough information, they will call you to talk to you about an ‘emergency’. Once they are confident that you are sold on the idea, they will ask you about your personal account details citing those ‘emergency’ reasons. Once you provide the details, he/she will further transfer the money from your account to some other account.
Vishing (voice phishing) is an attempt where fraudsters try to seek personal information like Paytm Bank PIN, Paytm OTP, Card expiry date, CVV etc. via a phone call. The miscreant acts as an employee from Paytm, the government or a bank. He/she asks you for your KYC details. They will state various reasons like reward points, free cashback, reactivation of account, etc for this. These details are then used for accessing your account without your knowledge.
Smishing (SMS phishing) is when a SMS/Email/WhatsApp message is used to lure you for calling back on a fraudulent phone number, visiting fraud websites or downloading malicious content via your phone. Fraudsters will send you SMS/Facebook Requests/WhatsApp messages to inform you that you’ve won some prize money, cashback offer or the like. They’ll ask you to share your Paytm account/Paytm Payments Bank account details. Unaware of what might happen, once you do that, they will initiate fraudulent transactions using your account details.
Identity Theft occurs when someone uses your KYC information to obtain a Credit Card, Loan and other services in your name. Then those will be used for fraudulent transactions. They try to gain access to your details through any of the measures stated above. They contact you and try to collect KYC details pretending to be a Paytm employee!
Common KYC Frauds In India
According to CNBC, The Government of India has announced many beneficial schemes to help small businesses. Example: interest/EMI waive-off for MSME, microloan for unorganized vendors, a moratorium of EMI for various loans up to 6-months. But in most cases, common people might find it challenging to avail of these schemes. This is due to the amount of paperwork and the general complexities involved in dealing with banks. There is also a possibility of many bogus agents approaching small business owners. They provide fake offers of support in exchange for money. These fraudsters may use fake KYC documents to avail such benefits or could run a racket of fund diversion.
Some examples :
- In a May report by Times of India, A 70-year-old retired government employee from Hyderabad lost Rs 4.2 lakh in a KYC (know your customer) fraud case. An unidentified man, posing as a Paytm employee, lured him into completing the fake KYC process and the customer provided all bank account details for fear of account termination.
- In a Hindustan Times report, a senior citizen (67) from Borivali, Mumbai was duped by a cyber fraudster of Rs 3.18 lakh. The fraudster posed as an executive from a popular e-wallet service provider and under the pretext of updating his KYC (Know Your Customer) details he ricked him into sharing his bank details, including OTPs (one-time passwords). The accused used these details and fraudulently transferred money to another bank account. The complainant is a retired government employee and lives in a Borivali (West) housing complex, the police said,
- In July, as per a report by Hindustan Times, a 38-year-old woman from Kothrud, Pune had been duped of Rs 14.49 lakh in a KYC (know your customer) fraud. According to the police, the complainant owns a business in the city.
- The cybercrime wing of Maharashtra Police has received a number of complaints against eSIM swapping scams. In this, people have lost large sums of money in cases reported across the country. A July article by Indian Express mentions how the target user initially receives a call from a person posing as a customer care representative of the service provider, who, under various pretexts, deceives the user into forwarding an email sent to the user’s registered mail address with the service provider. In many cases, the user is contacted under the pretext of updating Know Your Customer (KYC) details.
- Earlier this January, reports by Times Of India indicated that frauds through KYC were on the rise in Chandigarh with over 50 complaints in just 15 days. According to the Cyber Crime Investigating Cell, complainants have lost amounts ranging between Rs 10000 to Rs 45000.
- In June of this year, a resident of Ballygunge, Kolkata was duped by an unknown fraudster who called the wife of the complainant on the pretext of KYC update. The caller convinced her to click on a link shared with her and enter OTPs multiple times after login. The complainant has lost Rs. 48000 in this process.
The Right Way To KYC For Banks & Financial Institutions
In order to clarify and strengthen KYC in the financial sector, the four minimum elements needed for an effective program are:
However, none of these processes require customer bank account information. The data rests with the organization itself while the customer account is created. Most organizations tend to offer to warn their customer channels on the same.
VideoKYC — Fighting Financial Fraud
To prevent fraud and money laundering, the BFSI sector needs to comply with KYC norms. These were introduced by RBI and are based on the Government of India’s (GOI) PMLA Law of 2002. Aadhaar-based KYC verification had simplified the process. It also reduced the time taken by the BFSI sector to on-board customers drastically.
But, things changed with the Supreme Court order dated September 26, 2018, made the use of Aadhaar-based KYC by private players as unconstitutional. To overcome this hurdle, RBI brought Video KYC as an alternate tech-driven mode of KYC in its notification on January 9, 2020. It is based on the Aadhaar and Other Laws (Amendment) Bill, 2019, which was introduced by the government on June 24, 2019.
The process involves
- Information about the user is received via API
- User can opt for authentication using their smartphone/computer
- Document details are captured on live video: screenshots of PAN Card, other identity documents, selfies etc.
- Documents are scanned and data is automatically extracted and authenticated.
- Facial recognition between the picture on document and person showing it is done
- Liveliness and fraud prevention checks are conducted
- The whole process is recorded on live video
- The outcome of the verification process is assigned
- The data retrieved during the procedure is automatically forwarded to the client via API
While most people will tell you that being cautious and aware is the best way to fight fraud, the modern age is no longer just a battle of wits but of technology. If fraudsters can use advanced software and hardware to hoodwink your judgment, it is only fair that technology should come to the rescue. Besides, with novel ideas like VideoKYC, ven users with minimum knowledge about frauds and cyber threats can secure their accounts. After all, what might escape the human vision cannot defy computer vision.
Signzy is an AI-powered RPA platform for financial services. No matter how complex your workflow or operational complexity, Signzy is able to completely automate your back-operations decision-making process into a real-time API. This is possible due to a combination of Nebula — Our no-code AI model builder and our Fintech API Marketplace of over 200+ APIs. Today we work with over 90+ FIs globally including the 4 largest banks in India and a Top 3 acquiring Bank in US. Globally we have a strong partnership with MasterCard and offices in New York and Dubai to serve our customers in the 2 geographies. Our Product team of 120+ people is building a global AI product out of Bangalore.
Visit www.signzy.com for more information about us.
You can reach out to our team at email@example.com
Reach out to our team: firstname.lastname@example.org
For sales queries: Swati Saxena
Email : email@example.com