If we are in the era of the Digital Revolution, it will not be too far-fetched to say that we are also in the era of Digital deception. 

The Threat Landscape 

Globally, newly released Federal Trade Commission data shows that consumers reported losing more than $10 billion to fraud in 2023, marking the first time that fraud losses have reached this benchmark. This staggering figure marks a 14% increase over reported losses in 2022, underscoring the alarming scale of the problem.

Consumers reported losing more money to investment scams—more than $4.6 billion—than any other category in 2023, a 21% increase over 2022. The second-highest reported loss amount came from imposter scams, with nearly $2.7 billion in reported losses. In 2023, consumers reported losing more money to bank transfers and cryptocurrency than all other methods combined.

These figures underscore the need to take precautions and protect ourselves from digital fraud and deception.

Closer to home, a total of 9,053 cases of fraud were reported in various banking operations, amounting to ₹45,598 core in 2021-22. The chart shows the latest RBI data on trends and banking progress in India.

These staggering numbers are generally sprinkled across two types of categories regarding the finance infrastructure.  

• Payment Related Frauds
• Identity-Related Frauds

Today, we will delve into the nuances of identity-related fraud and identity verification processes, especially the Know Your Customer section. 

So, before we delve into the deceit side of the road, let’s step back to understand our basics.

What is KYC?

In 2021, reported fraud losses rose to $5.8 billion, an increase of more than 70 per cent in a single year. 

One of the most effective ways to combat the rise in financial fraud and money laundering is to reduce anonymous bank accounts and monitor suspicious activity. 

For financial organisations, that means knowing who customers are and continuously monitoring for risk factors, a process called KYC or “know your customer.” 

It is vital in the battle against monetary crimes and money laundering. Hence, client credentials and identification are the first and foremost step in checking his/her authenticity. Reserve Bank of India has prohibited a person or organisation from opening or operating any bank, Demat, or trading account without finishing the KYC process. 

KYC plays a crucial role in the country’s regulatory landscape. Its necessity is now more critical than ever. Therefore, we have done a detailed deep dive into the different aspects of KYC, from its types to its pros and cons for hassle-free customer verification. 

Having established the context for KYC and its necessity, it is now time to address the fraudulent aspects associated with this function of financial regulation. 

What is KYC Fraud?

KYC fraud refers to fraudulent activities that exploit weaknesses or loopholes in the Know Your Customer (KYC) processes. KYC is a standard banking and financial industry procedure used to verify the identity of customers and assess potential risks associated with them, such as money laundering or terrorist financing.

KYC frauds, often facilitated by digital channels, have become prevalent. Fraudsters prowl, seeking vulnerabilities and personal information to infiltrate the financial system and steal sensitive data. These days, fraudsters trap customers easily by asking them to share their particulars, like account login information, card info, and OTP, so that they can get unauthorised access to their bank accounts.

How are these Frauds happening?

In Know Your Customer (KYC) processes, confidential information about consumers is used to complete identification with the bank, NBFC, or financial institution. This confidential information, in turn, becomes a gold mine for scammers operating in this landscape. 

Scammers pretend to be bank officials or agents and try to obtain confidential information to exploit the data further and benefit financially. They also pose threats, such as blocking your account unless you update your KYC.

However, if we had to bifurcate the fraud between businesses and general customers/public, we can see the following tactics being deployed. 

For Businesses 

KYC fraud targeting businesses involves capitalising on the weaknesses in Know Your Customer (KYC) processes to perpetrate fraudulent activities against organisations. This type of fraud typically involves the following tactics:

• Business identity theft: Fraudsters may steal or fabricate business information, such as registration documents, tax identification numbers, or ownership details, to create fake businesses or hijack legitimate ones for fraud.
• Fake business relationships: Scammers may establish fake relationships with legitimate companies to gain access to sensitive information or exploit their reputations for fraudulent activities, such as money laundering or financial fraud.
• Insider collusion: Insiders or business employees may collude with external fraudsters to bypass KYC procedures, provide false personal information, or facilitate fraudulent transactions for personal gain.
• Document forgery: Fraudsters may create counterfeit or falsified documents, such as invoices, contracts, or financial statements, to deceive businesses or financial institutions during the KYC verification process.

For Individuals

KYC fraud targeting customers involves con men exploiting the vulnerabilities of individuals and coercing them to divulge sensitive details using tactics such as 

• Phishing: Fraudsters may impersonate legitimate organisations or financial institutions to trick individuals into providing sensitive personal information such as bank account details or identification documents.
• Account takeover: Criminals may gain unauthorised access to individuals’ accounts by using stolen or compromised credentials. They may then conduct fraudulent transactions or steal funds from the account.
• Identity theft: Fraudsters may steal personal information, such as names and addresses, to create fake identities or open accounts in the victims’ names without their knowledge.
• Fake KYC verification: Scammers may create phoney websites or documents that appear legitimate KYC verification portals. They trick individuals into submitting their personal information, which is then used for fraud.
• Social engineering: Fraudsters may manipulate individuals into divulging sensitive or personal information or performing actions compromising security, such as revealing passwords or authorising fraudulent transactions.

Types of KYC frauds

So broadly, across the categories, the following types of fraud are rising in the ecosystem. 

Fake re-KYC

Scammers pretend to be banking officials, compelling customers to share their details to update KYC or face the threat of account suspension.

Phishing

Fraudsters gather customer contact information from sources like social media and pose as bank representatives, typically sending an SMS with a link to a fraudulent app or site. Victims are coerced into sharing their OTP while still on the call.

Vishing

In this scenario, fraudsters harvest user information from social networking sites, initiate a fake call pretending to represent a bank, and ask the victim to provide KYC information. Often, they convince the victim to install a malicious app and share a code, ultimately defrauding them.

Smishing

Victims receive SMS messages instructing them to call a particular number to update their KYC, a tactic known as smishing.

Identity theft

Identity theft involves someone using your personal information to commit crimes, which can lead to significant financial loss and damage to the credit score. 

Did you know? 

According to a leading digital identity verification firm, India, Bangladesh, and Pakistan are among the top ten countries in Asia-Pacific most affected by identity fraud committed using deepfake technology. The UK-based Sumsub Identity Fraud Report says 2023 recorded a significant rise in such cybercrimes, which will increase further next year.

How to lodge a complaint in the case of KYC Fraud?

In India, if you’re a victim of KYC (Know Your Customer) fraud, you can take the following steps to file a complaint:

• Contact the Bank or Financial Institution: Inform your bank or the relevant financial institution immediately about the fraudulent activity. They can guide you on the necessary steps and may investigate the matter.

• File a Complaint with the Police: If you believe a crime has been committed, such as identity theft or fraud, you can file a complaint with the local police station. Provide details of the fraudulent activity, any evidence you have, and any financial losses incurred.
• Report to Regulatory Authorities: Depending on the nature of the fraud and the entity involved, you can also report KYC fraud to regulatory authorities such as the Reserve Bank of India (RBI) or the Securities and Exchange Board of India (SEBI).

• File a Complaint with Consumer Forums: If the bank or financial institution fails to address your complaint satisfactorily, you can escalate the matter by filing a complaint with consumer forums such as the National Consumer Disputes Redressal Commission (NCDRC) or the Banking Ombudsman.
• Contact Cybercrime Cells: If the fraud involves online transactions or cybercrime, you can report it to the Cybercrime Cell of your state police or the national Cybercrime Reporting Portal (https://cybercrime.gov.in).
• Seek Legal Advice: If necessary, seek legal advice from a lawyer specialising in financial fraud or consumer protection law. They can advise you on your rights and options for recourse.

It’s essential to act promptly and provide as much detail and evidence as possible when filing a complaint. Keep records of all communications and documentation related to the fraud for future reference. Additionally, protect your personal and financial information to prevent further fraud.

Measures to prevent KYC Frauds

Incidents of digital deception commencing with a text message requesting an update of KYC details purportedly linked to a prominent private sector bank, which in turn leads to the loss of funds in the linked bank account, have been on the rise. So, how do you stay ahead of the curve in such a scenario?

Reserve Bank of India has issued new guidelines to spread awareness on KYC fraud.

Do

Directly contact your bank

RBI has advised users to reach out directly to their bank or financial institution for confirmation and assistance if they want to update the KYC or get the KYC done. This becomes even more important when someone calls you for the KYC completion.

Get the bank’s contact details from the official website only

Every bank and financial institution lists customer support details on its official website and app. It is advisable to head to the official source to get the correct contact details for the bank to ensure authenticity.

Report fraud immediately

Another vital thing RBI has asked users to do is report it as soon as possible to a bank or financial institution to mitigate the potential risks in case they have been duped.

Enquire about KYC options

Visit your bank branch to inquire about the available modes and options for updating your KYC details.

Don’t 

Never share login credentials

Never share your personal information account login credentials, card information, PINs, passwords, or OTPs with anyone, regardless of the situation.

Refrain from sharing KYC documents

Do not share your KYC documents or copies with unknown or unidentified individuals or organisations to prevent misuse.

Stay away from unverified apps/websites.

Refrain from sharing sensitive data or information through unverified or unauthorised websites or apps.

Never click on any link received via SMS

Do not click on suspicious or unverified links received via mobile or email, as they may lead to phishing attempts.

Leveraging tech to fight KYC Fraud

Automation and accuracy in compliance processes are pressing priorities today. In response to the demands of the changing regulatory landscape, businesses are increasingly leveraging digital technology to increase the speed and accuracy of KYC compliance.

Below are some of the latest technologies that enable KYC automation, simplify identity verification processes, and ensure ongoing monitoring and risk assessment:

• Document verification systems

These systems use Optical Character Recognition (OCR) and Near Field Communication (NFC) technologies to extract data from identity documents such as ID cards, passports, and utility bills.

• Biometric identity verification processes

Biometric verification is a quick and secure method of authenticating customer identities for KYC compliance. The most significant advantage of biometric indicators is that they can be integrated into multiple gadgets, including smartphones, ensuring convenience for users. Besides being customer-friendly, biometric technologies are an effective weapon against identity theft. They include –

• Liveness detection

This technology uses deep learning and motion-based algorithms to ascertain that the biometric data presented belongs to a live person and is not recorded or deep-faked.

• Artificial Intelligence (AI) and Machine Learning

AI and ML are invaluable in automating KYC processes and enabling risk assessment and fraud detection. AI/ML tools can analyse vast datasets, swiftly identify anomalies, and flag potentially fraudulent activity in real-time.

The Decentro Connect 

From a business perspective, when choosing a technology partner that can assist you with instant background verifications, there are several factors to consider, from the accuracy of the technology at hand to the customisation of the journey to best suit your needs. 

Decentro’s KYC and Onboarding stack can help businesses conduct instant background verifications with real-time KYC and KYB checks. We work with companies like Rupyy from Cardekho, NewTap Finance, CashE, and MoneyTap, helping 800+ enterprises grow and scale. 

Doing 800+ ID validations per hour and 500+ OCR & extractions per hour, Decentro fully understands the importance of enabling faster customer onboarding while being compliant, helping businesses reduce drop-offs and save costs. 

With Decentro, you get the following:

• A fully flexible API-based flow for identity verification processes, extraction, and onboarding of customers
• A single platform to cater to all your KYC needs across ID verification, KYC OCR, CKYC, Digilocker and Aadhaar XML
• Higher success rates with multiple partners integrated on our backend
• Fully compliant with KYC, UIDAI, and other governmental regulators

Ready to explore how Decentro can accelerate your KYC and onboarding process in a compliant manner?

Let’s Connect