RBI’s Directive to Banks: Report All Digital Frauds, Irrespective of Amount Involved 2023
RBI’s Directive to Banks: Report All Digital Frauds, Irrespective of Amount Involved 2023
According to the RBI’s FY23 annual report, the value and number of digital frauds perpetrated using cards and internet-based payment methods virtually quadrupled, despite the overall amount of copies recorded by Indian banks halving from Rs 59,819 crore in FY22 to Rs 30,252 crore in FY23.
During the annual FY23 examination of books and internal procedures, the Reserve Bank of India (RBI) has focused more on the growing digital fraud in the banking sector. It is more interested in learning about the online fraud prevention measures put in place by the banks.
“RBI is paying more attention to this. With the introduction of UPI (Unified Payments Interface), the quantum of digital fraud is decreasing, but the volume is increasing, according to a top banker in the public sector.
The banker stated that although there has been a lot of cleanup on the advances side, primarily due to implementing many risk management measures, digital frauds of lesser magnitude continue to represent an operational risk to banks.
According to the RBI’s FY23 annual report, the value and number of digital frauds perpetrated using cards and internet-based payment methods virtually quadrupled, despite the overall amount of copies recorded by Indian banks halving from Rs 59,819 crore in FY22 to Rs 30,252 crore in FY23.
While lenders reported 3,596 card and online banking thefts totalling Rs 155 crore in FY22, that number nearly quadrupled to 6,659 digital frauds totalling Rs 276 crore in FY23.
According to bankers, the RBI is requesting information from lenders about customer service contact information provided to users, measures in place to avoid transaction payment frauds, and whether or not banks have a functional grievance redressal unit.
“They are investigating fraud prevention techniques. For instance, in transaction frauds, once a scammer has obtained a customer’s credentials, they must conduct multiple transactions because there is a maximum amount per transaction. If the velocity of the transactions is high, the bank’s system should be able to recognize and flag the fraud, the banker said.
Since not all clients are highly watchful when making online payments, according to another senior banker from a private sector institution, the RBI has ordered lenders to run customer awareness programmes about cyberfrauds.
“Many clients use online tools, but regrettably, among other problems, many of them leak their OTP or have their SIMs hijacked. The banker explained that the RBI has been focusing heavily on this area for a while and has asked banks to increase their vigilance. He added that banks have been asked to implement processes that enable real-time tracking of online payment issues, flagging specific fraud websites and fraudulent merchant QR codes, among other things.
Private sector lender Kotak Mahindra Bank stated in an unusual exchange disclosure that it wrote twice to the RBI in August 2022 urging that it impose uniformity in fraud reporting procedures by all banks.
“We have seen that other banks’ decisions on the information they disclose to the regulator differ significantly. In response to a media story, the lender released a clarification in which it stated, “We have appealed to the regulator via our letters dated 17th March 2022 and 30th August 2022 to enforce standardization in reporting requirements during Q1FY23; Kotak Bank reported a staggering 5,278 fraud incidents, with 97% of them being linked to digital and card-related crimes. On the other hand, the largest bank in India, the State Bank of India (SBI), has only reported nine instances of fraud during the same time frame.
The PSU banker who was previously mentioned acknowledged that there were differences in how banks reported fraud to the regulator. In light of this, the RBI has now instructed lenders to report digital copies of all sizes, not just those involving sums more than Rs 1 lakh. According to them, this metric will provide a clearer view of the total digital fraud situation.
The Reserve Bank requires all banks in India to report any digital fraud, no matter the amount involved. This move is aimed at increasing transparency and accountability in the banking sector. Previously, banks were only required to report digital fraud involving a sum greater than Rs 1 lakh.
The directive by RBI is part of its ongoing efforts to curb digital fraud and boost the safety and security of online transactions, thereby strengthening the digital banking ecosystem.
As digital banking grows exponentially in India, so does the risk of fraud. Before this directive, the RBI had mandated banks to report all instances of fraud amounting to Rs 1 lakh and above. The motive behind this rule was to tackle high-value scams, which pose significant risks to the financial stability of the banking system.
However, this threshold-based reporting requirement was criticized for potentially leaving a blind spot for numerous small-scale frauds that collectively amounted to substantial losses. The shift to a zero-threshold reporting system is seen as an attempt to plug this loophole.
In its recent circular, the RBI has asked all scheduled commercial banks (SCBs), small finance banks (SFBs), payments banks, and foreign banks operating in India to report all types of digital fraud irrespective of the amount involved. This includes scams related to credit and debit cards and those linked to Internet banking, mobile banking, prepaid payment instruments, UPI, wallets, and other digital payment modes.
This directive aims to gather a thorough and precise evaluation of digital frauds that take place in the banking industry, including their nature, amount, and worth. The RBI aims to promote transparency and responsibility in the sector through this new regulation, enhancing customers’ trust in digital transactions.
This directive necessitates significant changes in the way banks operate. Banks must now establish more robust systems and processes for detecting, reporting, and combating digital frauds of all scales. They must also invest in better fraud monitoring and tracking systems, improve their forensic capabilities, and enhance customer awareness programs.
This move is expected to incentivize banks to take proactive measures to prevent digital frauds, as a rise in reported scams could impact their reputation. Banks must ensure secure banking practices, provide regular customer education, and implement state-of-the-art security measures to prevent fraud and build customer trust.
RBI’s new directive is a welcome move towards creating a safer and more transparent digital banking environment in India. By mandating the reporting of all digital frauds, it aims to provide a clearer picture of the state of digital banking security and fraud in the country. This will help devise better strategies to combat such issues and promote responsible behaviour among banks, thereby strengthening the overall banking ecosystem.
While it will necessitate significant investments in fraud detection and prevention systems, it also presents an opportunity for banks to bolster their security protocols and improve customer trust. Given the explosive growth of digital banking in India, this move represents a vital step in ensuring the sustainability and security of the sector in the long run.
