Last year, a retired scientist received a call purportedly from SBI informing him that his account is blocked for non-compliance of KYC. They sent him a password to be shared with the caller. He promptly did it. The caller then asked for confirming the name, account number and Aadhar number, that too he did. Soon the entire money in the account, his pension, was wiped out, leaving a few hundred rupees. The loss was nearly Rs.2 lakhs. As soon as the first withdrawal happened, he immediately reported it to the branch and the customer care. Though the RBI Instructions say, “If someone has fraudulently withdrawn from your bank account when you notify the bank, remember to take acknowledgement from your bank and the bank has to resolve your complaint within 90 days.” The issue has not been resolved even after a year.
RBI also says, “If the transaction has happened because of your negligence, —sharing your password, PIN, OTP etc—— you will have to bear the loss till you report it to your Bank. If the fraudulent transactions continue even after you have informed the bank, your bank will have to reimburse those amounts. If you delay the reporting, compensation will be decided based on the RBI guidelines and the policy approved by the board”.
In this case, the scientist had informed the branch immediately after the first debit was done and the SMS was received, But the branch could not stop further debits, and he lost nearly Rs.2 lakhs. The first debit was only Rs.20000. The bank has not refunded the balance amount.
The question is how did the fraudster come to know the details of the customer’s name, account number and balance? Is it the fault of the system and bank? Why should he bear the loss, including the first debit? The Banks have insurance policies. Can it not claim and pay the customer? RBI has told in its circulars that numerous complaints of similar nature have been received. Why has the RBI or the Cyber Crime cell of the Govt not been able to do anything so far? In the above case, the customer complained to the Cyber Cell and the Director General of police, but in vain.
RBI Circular RBI/2017-18/15, DBR No: Leg. BC, 78/09.07.005/2017- 18 dated July 6, 2017, titled, Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Banking Transactions says, that Banks must put in place-
i. Appropriate systems and procedures to ensure the safety and security of electronic banking transactions carried out by customers.
ii. Robust and dynamic fraud detection and prevention mechanism.
The same circular also says the following.
A customer’s entitlement to zero liability shall arise where the unauthorised transaction occurs in the following events.
i. Contributory fraud/negligence/deficiency on the part of the bank (irrespective of whether or not the transaction is reported by the customer)
ii. Third-party breach is neither the sin of the banks nor that of the customers. The problem lies elsewhere in the system. The customer who notifies the bank within three working days of the fraud receives the communication from the bank regarding the unauthorised transactions.
But the banks don’t comply with these.
A similar incident happened to a 90 years old freedom fighter who has an account with Punjab National Bank, Nagercoil. He lost Rs.50000. The Bank has not paid it back though he reported it within 24 hours. I keep receiving a number of complaints like this from friends and in spite of proper complaints, the banks are not repaying.
The fraudsters always use KYC updation to get the password, and then they carry out the transactions. Why have banks not been able to trace their money? Why is the Cyber Crime wing unable to catch the fraudsters?
Another big attempt to commit fraud in SBI happened two weeks back in Delhi. A high-value customer with a good balance in the account got a call, as usual, claiming to be from SBI. A request to share details for KYC updation was made in a TEAM call. The customer grew suspicious and called me. I said it cannot be from the bank. She immediately blocked the internet banking account and alerted the Bank. By that time, her Savings Bank account balance was transferred to a Recurring Deposit (RD) account. Luckily, she could stop further transactions and later went to the branch and closed the fraudulently created Recurring Deposit Account. Her alertness saved her!
The bank officials said that it’s easy for a fraudster to debit an RD account and many such incidents have been happening, but they could do nothing. If RBI & SBI could do nothing, why do customers have to meet the loss?
Prevention of money laundering does not require every Indian to prove his honesty in the name of KYC, that too frequently. The Govt knows who does money laundering and how. Those people live in style. Move around in high-end imported cars, and live in palatial houses, and it is not the common customers who do money laundering. Terrorists use Blockchain and other similar technologies and target common people’s accounts. Recently, newspapers have reported that the country has imported more pearls than produced in the entire world! The Govt. should go after these importers. This is money laundering. Corporates have foreign companies for money laundering.
It is high time to stop KYC.
In another harassment, in the name of KYC, an 80-year-old IAS officer was informed by the bank that his account is blocked because he has not updated KYC, though he had done it just before Covid-19 by going to the Bank. Here, it was the Bank of India. He had to complain to the top management quoting Oct 21, 2014, Circular, which also says, “do not insist on the physical presence of the customer at the time of periodic updating; do not seek fresh proof of identity and address at the time of periodic updating in case of no change in status for low-risk customer; allow self-certification; accept a certified copy of the document by mail/ post etc.”
Unfortunately, we don’t know whether we are low risk or high risk, still; we get notifications about our accounts being frozen.
In yet another case, a senior retired IAS officer who was the Finance Secretary, with the GOI, and who is now above 80 years of age and has an account with SBI for 60 years got a message that his Credit Card was blocked as KYC was not updated. Nobody had asked him for KYC details. He took the help of his daughter to call the customer care as well as the branch but no help was received. It took 5 days and calling different people to restore the operations of the Credit Card. These are just examples. They harass every citizen in the country who has a bank account in the name of KYC.
In a new method of fraud, a customer of South Indian Bank got a call that they have received a parcel from the UK in his name in Delhi and the duty has to be paid. An account number was given. He got a mail from a Facebook friend in the UK which said, “Gifts including Cash and Valuables are sent for Xmas.” The customer, a priest, believed it and remitted money to the account. More money was asked, saying the value of the gift is found to be more. A photo of the parcel was also sent. He remitted more money but soon became suspicious. He asked the bank not to release the money to the account holder. On verification with the bank, the Delhi address of the Account holder was received and checked. There is no such person or company at that address. Notice sent by the bank also returned. On top of everything, the fraudsters had opened the account with complete KYC. It proves that fraudsters can still open accounts with KYC.
So, KYC is only good for harassment. Not only is it unable to prevent fraud, money laundering and funding terror, but it also creates more frauds. It is yet another foolish attempt like demonetisation. It’s high time the RBI puts a stop to this.
(Readers who have been affected like this can send their details by mail to the Financial Accountability Network at firstname.lastname@example.org so that these cases can be taken up with the respective banks, RBI, and Ombudsmen.)
Thomas Franco is the former General Secretary of All India Bank Officers’ Confederation and a Steering Committee Member at the Global Labour University.
Centre for Financial Accountability is now on Telegram. Click here to join our Telegram channel and stay tuned to the latest updates and insights on the economy and finance.