© IE Online Media Services Pvt Ltd
Tags:
Journalism of Courage
For Vivek Satpute (name changed), a 73-year-old retired government employee, the loss of Rs 35,000 –– his pension amount –– was not just about the money, it was a violation of trust. “It is not about the amount deducted but about the hard-earned money lost. Any Tom, Dick, and Harry should not have access to my earnings,” he said. Scammers duped him by sending a malicious link and prompting him to share a one-time password (OTP).
Even days after the incident, Satpute continued receiving suspicious OTP requests. It was the scammers trying to access his Unified Payment Interface (UPI) ID using the details they had already obtained, raising serious concerns.
In Hyderabad, a man, 60, approached the city cybercrime officials after he was duped of Rs 1.11 lakh. In his complaint, he stated that he received a link on his WhatsApp claiming to be an update on a bank’s KYC procedure. Similarly, a woman, 73, was duped of Rs 2 lakh under the pretext of updating KYC details in Mumbai.
These cases show how cybercriminals exploit the very system designed to protect consumers’ financial and personal information.
KYC (Know Your Customer) is a process to verify a customer’s identity, ensuring they are genuine, that they are who they claim to be. As commerce expanded, so did the need for efficient trust-building mechanisms, leading to the development of KYC systems. According to Ashok Hariharan, co-founder and CEO of IDfy, an independent identity verification firm in Mumbai, “KYC is a robust mechanism designed to eliminate fraud and establish trust.” Platforms like IDfy validate over 100 signals, such as document authenticity and government database checks, to ensure the legitimacy of transactions.
“KYC fraud happens when criminals exploit weaknesses in identity verification systems. They might use forged documents or stolen personal information to create accounts, apply for fraudulent loans, or perform unauthorised transactions,” said Hariharan.
Some common examples are:
📌Impersonation fraud: Tampering ID documents using photo or text editing.
📌Synthetic IDs: Creating fake IDs that don’t exist in official records.
📌Identity theft: Stealing personal IDs from unsuspecting victims.
📌Mule accounts: Using accounts of genuine users for illegal transactions.
KYC systems are the gatekeepers of financial security. Breaking this “gate” gives fraudsters access to sensitive data and financial services. For instance, scammers might use a stolen PAN card to apply for a loan or another person’s driving license to bypass legal scrutiny during a recruitment process.
“Fraudsters increasingly use tactics like phishing, malware, and AI-powered deepfakes to bypass KYC systems. Collaborative efforts and advanced technologies like encryption, tokenization, and AI fraud management tools like the ones we use at Visa are essential to counter these threats,” said Vipin Surelia, VP and head of risk services at Visa India and South Asia.
Surelia believes vigilance and awareness play a vital role in empowering consumers against scams and strengthening security protocols, preventing fraud to a great extent.
Hariharan, Surelia, and cyber specialist Shubham Singh recommend the following:
Avoid unsolicited requests: Never share OTPs, account details, or KYC credentials with anyone claiming to represent a legitimate organisation. Always verify through official channels.
Recognise fraud tactics: Be wary of urgency-driven scams or fraudsters impersonating bank officials.
Practice digital hygiene: Avoid sharing Aadhaar, PAN, or other personal IDs on public platforms. Don’t download remote-access apps like AnyDesk from unverified sources.
Disable unused features: Turn off biometric access on the UIDAI portal to prevent Aadhaar Enabled Payment System (AePS) fraud.
Report scams promptly: Contact the National Cyber Crime Helpline (1930) or use the Cyber Crime Reporting Portal (NCRP).
All three experts said that no legitimate entity will ask for OTP, passwords, or PINs from customers, as is also communicated regularly by entities like banks.
In case you fall prey to KYC fraud, you should complain promptly to mitigate the damage. Firstly, one should alert the concerned bank or financial organisation immediately. These institutions will guide the victim to take the right steps to secure their accounts and avoid further misuse. It is also vital to report the crime to the nearest police station and ensure that you provide all relevant details about the fraud, such as financial loss or identity theft. Also, depending on the nature of the fraud, one should inform regulatory bodies such as RBI or SEBI, especially in cases involving financial institutions.
In case the financial institution fails to address the complaint, users can also take the matter to forums like the National Consumer Disputes Redressal Commission (NCDRC). When it comes to online or cyber-related KYC frauds, one can report to the National Cybercrime Cell and their state’s cybercrime division through the official website: cybercrime.gov.in. In case of further clarity, one can also consult legal experts who specialise in financial fraud and consumer protection laws.
Hariharan predicts that advancements in AI, biometrics, and privacy-first solutions will revolutionise KYC processes making the process faster, more secure, and user-friendly.
The focus on privacy will minimise unnecessary data sharing, while global integrations could streamline cross-border verification. “Privacy-first solutions will minimise unnecessary data sharing, protecting user information. At some point in the future, seamless global integrations will allow for efficient cross-border verification, reducing friction for both users and businesses,” he said.
As fraudsters evolve, so will KYC systems to ensure security and compliance with data privacy laws.
