BioCatch blog channel

Browse topics

India's fraud epidemic: What's being done, and what more can be done?

Written by:

Charanjeet Singh (Guest Blog)

India's fraud epidemic: What's being done, and what more can be done? featured image

The fight against fraud in India is a collaborative effort, extending far beyond banks and regulators to include telecom companies, industry bodies, and even the Prime Minister, who has actively raised awareness among citizens. Yet, despite these concerted efforts, we continue to see daily reports in print and digital media of individuals falling victim to scams, losing their hard-earned money.

Intriguingly, these frauds aren't confined to digital channels; people are even visiting bank branches to initiate transfers to fraudsters, unaware they are being scammed. The victim profiles are particularly striking – often educated individuals, some even retired from prestigious government or private organisations. This clearly indicates that it's not a simple case of lack of awareness. The reality is that fraudsters employ highly sophisticated and manipulative techniques, making them incredibly difficult to resist.


Recent statistics, including the 2025 Digital Banking Fraud Trends in India report by BioCatch, shed light on several critical aspects:

  • Delayed detection: Frauds reported to the RBI often pertain to incidents from years past, sometimes even five years old. This suggests a significant lag in detection by banks. While fraud numbers might decrease in some years, they rebound substantially, perhaps indicating delayed detection or fraudsters regrouping after identifying loopholes in existing controls.
  • Rise of social engineering: A staggering increase in social engineering scams is evident, with over 100,000 cases of "digital arrest" reported in 2024 alone. This highlights a shift in fraudsters' tactics: instead of attempting identity theft or account takeover, they prefer to convince customers to willingly transfer funds, thereby circumventing the very controls banks have in place to prevent unauthorised access.
  • Sophisticated systems = Higher detection: Banks leveraging advanced systems demonstrate higher rates of fraud detection. This is crucial because it means they are not solely reliant on customers to report fraud; instead, they can proactively identify and mitigate risks, leading to lower overall losses.

The current focus of most stakeholders—allocating resources, personnel, and systems—is primarily on protecting against unauthorised access to digital channels. While vital, this leaves a wide-open playing field for fraudsters to execute various forms of social engineering scams. Among these, the "digital arrest" scam has recently emerged as a significant threat. It's incredibly elaborate, leads to heavy financial losses, and often begins with nothing more than the victim's name and phone number. The web of deception is so intricately woven that customers volunteer information, which fraudsters then exploit to execute the scam.


The other crucial facet of the fraud spectrum is the beneficiary account—the destination for fraudulently transferred funds, whether initiated digitally or via a branch visit. Here, regulators are actively involved. The Reserve Bank of India (RBI) issues directives on periodic re-KYC and enhanced due diligence during onboarding. The Telecom Regulatory Authority of India (TRAI) is urging telecom companies to implement similar measures, and the Insurance Regulatory and Development Authority of India (IRDAI) is pushing insurance companies to follow suit. 


While these measures are undoubtedly essential for identifying mule accounts and other illicit activities, they also present an opportunity for fraudsters to weaponise such requirements for new social engineering scams. The RBI has even issued customer awareness campaigns specifically addressing this.


This brings us to two primary challenges: customer-initiated fraudulent payments and the widespread existence of mule accounts where these fraudulent payments are credited.


Before delving into solutions, it's important to acknowledge the inspiring stories of bank officials and law enforcement going above and beyond to support fraud victims. In several cases, they have been instrumental in preventing further losses. One notable instance involved a bank staff member delaying a suspicious fund transfer by telling the customer it would take time. Simultaneously, they alerted the police, who visited the victim's home and engaged with her relatives abroad to convince her about the digital arrest scam, ultimately saving her from significant financial harm.


Tackling the twin threats: Smarter strategies for scam and mule detection

So, what more can be done to address these complex challenges? As always, there's no single "silver bullet." What's required is a multi-layered approach:

  • Enhanced onboarding & continuous KYC: While periodic KYC is crucial, a robust, thorough KYC process at the time of onboarding is paramount to build a comprehensive customer profile. Any deviations from this established profile during subsequent transactions should trigger additional, rigorous checks.
  • Proactive behavioural analysis: We need to move beyond simplistic auto-dialer calls for transaction confirmation. If a customer is initiating a fraudulent payment under duress, they won't deny it. Instead, we need to "industrialise" the valiant acts of those few who proactively protect customers by leveraging sophisticated systems. How can we identify subtle behavioural shifts during a digital transaction that signal something is amiss? There are multiple red flags that, while not indicative of ID theft or account takeover, point to customer coercion:

    • Session time: Fraudulent payments initiated by customers often take significantly longer—sometimes double the time—compared to their genuine transactions.
    • Screen navigation patterns: Unusual navigation or hesitation, indicating the customer is waiting for instructions or struggling to make a decision, can be a red flag.
    • Text entry speed: A marked decrease in typing speed, suggesting the customer is reading instructions or being dictated to, could indicate a scam.
    • Transactional profile mismatch: Transactions that deviate significantly from a customer's usual spending habits or profile, these should use data across channels including branches.

By implementing such proactive measures, organisations stand to gain immensely. Demonstrating genuine care for customers, even when they are unaware they need it, builds unparalleled trust. A customer whose money has been saved by their bank is incredibly unlikely to switch. Banks invest heavily in acquiring new customers; protecting existing ones not only ensures retention but can also become a powerful unique selling proposition: "Bank with us, we protect your money."


Please share your comments and experiences in the comments section below.


 

Recent Posts

The agentic bank Banking / Financial services
June 12, 2025 The agentic bank
Read article
Only human after all: Why technology cannot be the only answer to tackling fraud Mule Accounts
June 10, 2025 Only human after all: Why technology cannot be the only answer to tackling fraud
Read article
Breaking down the data from this year’s Annual Report from UK Finance Fraud Prevention
June 05, 2025 Breaking down the data from this year’s Annual Report from UK Finance
Read article