Worried about bank fraud? Here's how you can keep your money safe

The Reserve Bank of India (RBI) has said in its annual report that bank frauds increased to 36,075 cases in the financial year 2023-24, from 13,564 in the previous fiscal year.

In volume terms, the frauds have occurred predominantly in the category of digital payments (card/internet), it added.

What's bank fraud?

A bank fraud is committed when there is an act or pattern of activity where the purpose is to defraud a bank of funds.

It is considered a white-collar crime, which refers to financially motivated nonviolent crime committed generally by business and government professionals.

We must understand that the aim of the perpetrator is to draw money from bank accounts but the ultimate victim may not necessarily be the bank. It may be the banks’ customers, too.

Indian Banks Association (IBA) Chairman MV Rao has said that the threefold increase in bank frauds reported in RBI’s annual report is largely due to customers being cheated by third-party vendors, and not breaches in banking systems.

'Golden hour' reporting

He has also called for increased awareness of early reporting within the ‘golden hour’ to address these frauds. “When you look into the root cause of these frauds, it is not that they are committed by breaching bank systems, but rather they are perpetrated on the bank customers," he said.

Banks’ systems are robust in India and very rarely we come across their security systems being broken to perpetrate fraud.

Mostly fraud on bank accounts happens when the customers are less-than-careful with the various mandatory passwords and precautions prescribed, or when there is some involvement of bank staff.

What can go wrong?

Customers are allowed access to their accounts via internet banking using their user ID and password. They can choose their user ID and password, which they are not supposed to reveal to anyone else.

When the customers reveal their passwords to others, or record them somewhere that can be accessed by others, they are opening the gates to fraudulent activities.

Any transaction in bank accounts are allowed only after two-level authentications. It may be through regular password or one-time password (OTP) or some number provided in the debit card, etc. Even OTPs are given out through registered phone numbers and emails only.

Giving others access to your phone and email account may therefore compromise on the safety of your account.

Secure your devices

We have come across bank customers who allow others to use their debit or credit card by sharing the PIN (personal identification number). There are people who write the PIN details on the card itself.

Some people store their PIN details on their phones or other electronic devices. Some even hand over the debit or credit cards to others. These may give scope for fraudsters to access vital details.

To start with, pay heed to the emails and SMSs that banks, financial institutions and regulators send regularly, warning you not to share financial and banking details, especially the OTP and PIN, with anyone.

Be alert when making online transactions, or using your card at retail outlets. Use shopping or banking websites or apps only on devices that belong to you. Avoid using a friend’s phone, a public computer, cyber cafe or free Wi-Fi for sensitive browsing, as data can be stolen or copied.

Change your user ID and, password regularly. Make the password difficult to copy.

Who bears the loss?

The safety of bank accounts, and debit and credit cards, lies both with the customer and the concerned bank.

There are RBI guidelines for determining customer liability when fraud is committed. If it is found that the bank is responsible for the fraud, the customer faces zero liability.

The bank is held responsible when there is contributory fraud, negligence, deficiency on the part of the bank (irrespective of whether or not the transaction is reported by the customer). It is also be held responsible when there is third-party breach where the deficiency lies neither with the bank nor the customer, but lies elsewhere in the system, and the customer notifies the bank within three working days of receiving the bank’s communication regarding an unauthorised transaction.

For instance, if a third-party like a wallet, website or app deducts the amount twice but does not refund the excess amount, and the customer receives a notification from the bank about the deduction, and the customer informs the bank within three days that the second deduction was unauthorised, the onus of returning the money lies on the bank.

Customer negligence

If the loss is due to customer negligence – say, because they shared their payment credentials – the customer will bear all the losses till the unauthorised transaction is reported to the bank.

This is why it’s important for customers to inform the banks at the earliest if any kind of breach or fraud in their bank account is noticed. After they report the fraud, the bank will have to bear all the losses.

Sometimes, when the account details are compromised, the account may be used for money laundering activities, though there may not be any financial loss to the account holder. But in such cases, the account holder will also be suspected to be involved in criminal activities.

Moreover, the account may be frozen and even the customer may not be able to draw their legitimate funds in the account.

Digital banking is not compulsory

If you're unfamiliar with the security features of digital banking, it is better for you to adopt good old traditional banking. Digital banking comes with numerous advantages, but it is not compulsory.

There is no need to even have a debit card. Accounts can be operated through cheque books, though you may end up foregoing all the benefits of modern-day banking.

(The views expressed here are the author's, and do not constitute investment advice.)