In recent times, wallets and UPI have taken over the Indian digital payment ecosystem. Since its introduction in 2016 by the National Payments Corporation of India (NPCI), UPI has changed the payments paradigm.
But even as the reduction of friction in payments is driving the growth of new businesses, it is also orchestrating fraud. And with a likely influx into new-age payments platforms in the aftermath of the coronavirus outbreak, things may only get worse.
KYC is basically the collection and collation of customer data which is the most effective way of fraud mitigation. Newer and faster ways of getting KYC done are being implemented with the advent of AI and ML gradually taking over the legacy systems. So instead of having an agent visit the customer to manually check the details, more efficient ways like: Aadhaar Offline KYC (Processing KYC without the use of biometrics); Electronic KYC (Accessible to only customers with Aadhaar number); Central KYC; Video KYC, which involves capturing all details and identification via a video.
Types Of KYC Related Frauds In India
Usually, a re-KYC is required, to ensure an updated database of the customer in areas where they might have been a change. For instance, address or marital status or in case there was a minor mistake in the data.
This is the most common attempt of KYC fraud in India where the fraudster places a forged phone call pretending to be a bank/company representative. He/she asks you to provide your KYC information on an emergency basis otherwise the account will be “blocked”.
They will collect your information from social networking sites like Facebook, Linkedin, Twitter and so on. Once they have enough information, they will call you to talk to you about an ‘emergency’. Once they are confident that you are sold on the idea, they will ask you about your personal account details citing those ‘emergency’ reasons. Once you provide the details, he/she will further transfer the money from your account to some other account.
Vishing (voice phishing) is an attempt where fraudsters try to seek personal information like Paytm Bank PIN, Paytm OTP, Card expiry date, CVV etc. via a phone call. The miscreant acts as an employee from Paytm, the government or a bank. He/she asks you for your KYC details. They will state various reasons like reward points, free cashback, reactivation of account, etc for this. These details are then used for accessing your account without your knowledge.
Smishing (SMS phishing) is when a SMS/Email/WhatsApp message is used to lure you for calling back on a fraudulent phone number, visiting fraud websites or downloading malicious content via your phone. Fraudsters will send you SMS/Facebook Requests/WhatsApp messages to inform you that you’ve won some prize money, cashback offer or the like. They’ll ask you to share your Paytm account/Paytm Payments Bank account details. Unaware of what might happen, once you do that, they will initiate fraudulent transactions using your account details.
Identity Theft occurs when someone uses your KYC information to obtain a Credit Card, Loan and other services in your name. Then those will be used for fraudulent transactions. They try to gain access to your details through any of the measures stated above. They contact you and try to collect KYC details pretending to be a Paytm employee!
Common KYC Frauds In India
According to CNBC, The Government of India has announced many beneficial schemes to help small businesses. Example: interest/EMI waive-off for MSME, microloan for unorganized vendors, a moratorium of EMI for various loans up to 6-months. But in most cases, common people might find it challenging to avail of these schemes. This is due to the amount of paperwork and the general complexities involved in dealing with banks. There is also a possibility of many bogus agents approaching small business owners. They provide fake offers of support in exchange for money. These fraudsters may use fake KYC documents to avail such benefits or could run a racket of fund diversion.
Also Read:- IRDAI allows insurers to conduct video-KYC
To cite some examples: In a May this year leading newspapers had reported about a 70-year-old retired government employee from Hyderabad losing Rs 4.2 lakh in a KYC (know your customer) fraud case. An unidentified man, posing as a Paytm employee, lured him into completing the fake KYC process and the customer provided all bank account details for fear of account termination. There were at least 4-5 instances of KYC related frauds in the recent few months.
The cybercrime wing of Maharashtra Police has received a number of complaints against eSIM swapping scams. In this, people have lost large sums of money in cases reported across the country. A July article in another newspaper mentions how the target user initially receives a call from a person posing as a customer care representative of the service provider, who, under various pretexts, deceives the user into forwarding an email sent to the user’s registered mail address with the service provider. In many cases, the user is contacted under the pretext of updating Know Your Customer (KYC) details.
Video KYC — Fighting Financial Fraud
To prevent fraud and money laundering, the BFSI sector needs to comply with KYC norms. These were introduced by RBI and are based on the Government of India’s (GOI) PMLA Law of 2002. Aadhaar-based KYC verification had simplified the process. It also reduced the time taken by the BFSI sector to on-board customers drastically.
But, things changed with the Supreme Court order dated September 26, 2018, made the use of Aadhaar-based KYC by private players as unconstitutional. To overcome this hurdle, RBI brought Video KYC as an alternate tech-driven mode of KYC in its notification on January 9, 2020.
- The process involves:
- Information about the user is received via API
- User can opt for authentication using their smartphone/computer
- Document details are captured on live video: screenshots of PAN Card, other identity documents, selfies etc.
- Documents are scanned and data is automatically extracted and authenticated.
- Facial recognition between the picture on document and person showing it is done
- Liveliness and fraud prevention checks are conducted
- The whole process is recorded on live video
- The outcome of the verification process is assigned
- The data retrieved during the procedure is automatically forwarded to the client via API
While being cautious and aware is the best way to fight fraud, the modern age is no longer just a battle of wits but of technology. If fraudsters can use advanced software and hardware to hoodwink people’s judgment, it is only fair that technology should come to the rescue. Besides, with novel ideas like Video KYC, even users with minimum knowledge about frauds and cyber threats can secure their accounts. After all, what might escape the human vision cannot defy computer vision.
About the author: Ankit Ratan is the co-founder of Signzy, an AI powered RPA platform for financial services.