For 73-year-old retired government employee Vivek Satpute (name changed), losing Rs 35,000 – his pension amount – was not just a loss of money, but a breach of trust. “It’s not about the amount deducted but the money lost. No Tom, Dick and Harry should have access to my earnings,” he said. Scammers tricked him into sharing a one-time password (OTP) by sending him a malicious link.
Even days after the incident, Satpute continued to receive suspicious OTP requests. The scammers were trying to access his Unified Payments Interface (UPI) ID using details they had already obtained, raising serious concerns.
In Hyderabad, a 60-year-old man approached the city cybercrime authorities after being defrauded of Rs 1.11 lakh. In his complaint, he said he received a link on his WhatsApp claiming to be updated on the bank’s KYC process. Similarly, a 73-year-old woman was duped of Rs 2 lakh on the pretext of updating her KYC details in Mumbai.
These cases show how cybercriminals exploit systems designed to protect consumers’ financial and personal information.
What is KYC?
KYC (Know Your Customer) is the process of verifying a customer’s identity, ensuring that they are genuine, who they claim to be. As commerce expanded, so did the need for effective trust-building mechanisms, leading to the development of KYC systems. According to Ashok Hariharan, co-founder and CEO of IDfy, an independent identity verification firm in Mumbai, “KYC is a robust mechanism designed to eliminate fraud and establish trust.” Platforms like IDfy verify over 100 signals like document authenticity and government database checks to ensure the validity of transactions.
How does KYC fraud happen?
“KYC fraud occurs when criminals exploit weaknesses in the identity verification system. They can use fake documents or personal information to open accounts, apply for fraudulent loans or make unauthorized transactions,” Hariharan said.
Some common examples are:
- Impersonation Fraud: Tampering with ID documents using photo or text editing.
- Synthetic IDs: Creating fake IDs that exist in official records.
- Identity Theft: Stealing personal IDs from unsuspecting victims.
- Mule Accounts: Using the accounts of real users for illegal transactions.
Why do fraudsters target the KYC process?
KYC systems are the gatekeepers of financial security. Breaking this “gate” gives fraudsters access to sensitive data and financial services. For example, fraudsters can use a stolen PAN card to bypass legal scrutiny to apply for a loan or another person’s driving license. Recruitment process.
“Fraudsters use tactics like phishing, malware, and AI-powered deepfakes to bypass KYC systems. Collaborative efforts and advanced technologies like encryption, tokenization, and AI fraud management tools like the ones we use at Visa are needed to combat these threats,” said Vipin Surelia. , VP and Head of Risk Services for Visa India and South Asia said.
Surelia believes that vigilance and awareness play an important role in empowering consumers against scams and strengthening security protocols, preventing fraud to a large extent.
How to stay safe from KYC fraud:
Hariharan, Surelia, and cyber expert Shubham Singh suggest the following:
Avoid unnecessary requests: Never share OTP, account details, or KYC credentials with anyone claiming to represent a legitimate organization. Always verify through official channels.
Identify fraud strategies: Beware of instant-run scams or fraudsters impersonating bank officials.
Practice digital hygiene: Do not share Aadhaar, PAN, or other personal IDs on public platforms. Avoid downloading remote-access apps like AnyDesk from unverified sources.
Disable unused features: Disable biometric access to UIDAI portal to prevent Aadhaar Enabled Payment System (AePS) fraud.
Report scams immediately: Contact the National Cyber Crime Helpline (1930) or use the Cyber Crime Reporting Portal (NCRP).
All three experts said that no legitimate organization would ask for OTP, password or PIN from customers, as is routinely communicated by organizations like banks.
What to do if you are a victim?
If you are a victim of KYC fraud, you should file a complaint immediately to minimize the damage. First, the concerned bank or financial institution should be alerted immediately. These organizations will guide the victim to take the right steps to protect their account and avoid further abuse. It is also important to report the crime to the nearest police station and that you provide all relevant details about the fraud, such as financial loss or identity theft. Also, depending on the nature of the fraud, regulatory bodies like RBI or SEBI should be notified, especially in cases involving financial institutions.
If the financial institution fails to address the complaint, users can also take the case to forums like the National Consumer Disputes Redressal Commission (NCDRC). When it comes to online or cyber-related KYC fraud, one can report it to the National Cyber Crime Cell and their state’s Cyber Crime Department through the official website: cybercrime.gov.in. In case of further clarification, one can also consult legal experts specializing in financial fraud and consumer protection laws.
The future of KYC
Hariharan predicts that advances in AI, biometrics, and privacy-first solutions will revolutionize KYC processes, making them faster, more secure, and user-friendly.
A focus on privacy will reduce unnecessary data sharing, while global integration can streamline cross-border authentication. “Privacy-first solutions will reduce unnecessary data sharing, protecting user information. At some point in the future, seamless global integration will allow for efficient cross-border authentication, reducing friction for both users and businesses,” he said.
As frauds evolve, KYC systems will ensure security and compliance with data privacy laws.
Why should you buy our membership?
You want to be the smartest in the room.
You want access to our award-winning journalism.
You don’t want to be confused and misinformed.
Choose your subscription package