Author: Vipin Mandloi, Student at Renaissance University, Indore
Introduction
Banking is considered the backbone of every country’s economy. Banks are trusted by the public because they safeguard money, provide loans, and act as financial intermediaries. In India, banks are not only important for individuals but also for industries, corporations, and even the government. However, with such a vital role, banks also face a major threat – banking frauds.
Banking fraud can be described in simple words as a wrongful or illegal activity done by a person or a group of people with the intention of cheating the bank or its customers. These frauds may involve taking money unlawfully, misusing technology, or manipulating financial documents. Banking frauds are not new, but in recent years, the number and nature of such frauds have increased drastically in India.
The growth of technology, digital banking, online transfers, and credit facilities has made banking faster and more convenient. But on the other hand, it has also opened new doors for criminals to cheat banks and their customers. The rise of online frauds, phishing scams, debit/credit card misuse, and loan frauds are some examples.
Types of Banking Frauds in India
Banking frauds can occur in many ways. Below are some common categories:
1. Cheque Frauds
Cheques are still widely used in India for business and personal transactions.
Fraudsters may forge signatures, alter cheque details, or use stolen cheque books.
Dishonour of cheques due to insufficient funds may also result in fraud-related disputes.
2. Credit and Debit Card Frauds
Skimming machines at ATMs or shops copy card details.
Many customers fall into the trap of sharing OTPs with unknown callers pretending to be bank officials.
3. Online Banking and Phishing Frauds
Fake emails or SMS messages are sent to customers asking for their login credentials.
Mobile apps and UPI-based frauds have become common in recent years.
4. Loan Frauds and Non-Performing Assets (NPAs)
Big corporate houses sometimes obtain huge loans without proper security.
When they fail to repay, it leads to NPAs, causing massive losses to banks.
Famous cases include Kingfisher Airlines and Nirav Modi’s PNB fraud.
5. Insider Frauds
Sometimes, bank employees themselves misuse their position.
By manipulating accounts, passing illegal loans, or misappropriating funds, they commit fraud.
6. ATM Frauds
Criminals tamper with ATM machines or install hidden cameras.
Customers unknowingly provide their PINs or get trapped while withdrawing cash.
Thus, banking frauds are not limited to only one form – they cover everything from simple cheque misuse to complex digital scams.
Major Causes of Banking Frauds
To prevent frauds, one must understand the reasons behind them. Some common causes in India are:
1. Weak Internal Controls – Many banks, especially cooperative banks, lack strong monitoring systems.
2. Lack of Customer Awareness – People still share OTPs, passwords, or bank details without realizing the risk.
3. Technological Misuse – Hackers use advanced tools to bypass security systems.
4. Insider Involvement – Corrupt employees within banks sometimes help outsiders.
5. Regulatory Loopholes – Delays in action by regulators and investigative agencies give criminals time to escape.
Relevant Laws Against Banking Frauds
Banking frauds are punishable under multiple laws in India. Some key ones are:
1. Indian Penal Code, 1860 (IPC)
Section 420 – Cheating and dishonestly inducing delivery of property.
Section 406 – Criminal breach of trust.
Section 409 – Criminal breach of trust by a public servant, banker, or agent.
Sections 467, 468, 471 – Forgery of valuable documents and using them as genuine.
2. Information Technology Act, 2000
Deals with cybercrimes, hacking, and data theft.
Section 66C – Identity theft.
Section 66D – Cheating by personation using a computer.
Section 43 – Unauthorized access to computer systems.
3. Prevention of Corruption Act, 1988
Applies when bank officials misuse their authority for personal gain.
4. Companies Act, 2013
Corporate frauds affecting banks can be prosecuted under Section 447.
5. SARFAESI Act, 2002
Provides remedies for banks to recover their money from defaulters by selling secured assets.
6. RBI Guidelines
The Reserve Bank of India regularly issues circulars and compliance rules for banks to strengthen fraud detection.
Regulatory Authorities and Their Role
Several agencies in India deal with banking frauds:
Reserve Bank of India (RBI): Supervises banks and issues directions to reduce fraud risks.
Securities and Exchange Board of India (SEBI): Deals with frauds relating to securities and stock markets.
Enforcement Directorate (ED): Investigates money laundering under the Prevention of Money Laundering Act (PMLA).
Central Bureau of Investigation (CBI): Handles high-value banking fraud cases.
Serious Fraud Investigation Office (SFIO): Investigates corporate frauds that impact the banking sector.
Judicial Approach and Case Laws
The Indian judiciary has played an important role in banking fraud cases. Some notable ones are:
1. Nirav Modi–PNB Scam (2018): A fraud of around ₹11,400 crore was committed through fake Letters of Undertaking. It exposed loopholes in internal controls of banks.
2. Vijay Mallya–Kingfisher Airlines Case: Mallya took huge loans from multiple banks but failed to repay. The case highlighted the issue of wilful defaulters.
3. Harshad Mehta Securities Scam (1992): Though related to stock markets, it affected banks and revealed weak supervision.
4. Satyam Computer Scam (2009): A corporate accounting fraud that also impacted banks financing the company.
These cases show how large-scale frauds not only damage banks but also shake public confidence.
Challenges in Dealing with Banking Frauds
Despite strict laws, India faces several challenges:
Delay in Investigations: Cases take years to conclude, giving fraudsters enough time to escape.
Cross-Border Issues: Many fraudsters flee abroad, making extradition difficult.
Technology-Driven Crimes: Use of crypto, dark web, and international servers complicates tracing.
Burdened Judiciary: Courts are already overloaded with pending cases.
Public Ignorance: Customers often fail to take basic precautions.
Legal Remedies Available
Victims of banking frauds, whether banks or customers, can take the following remedies:
1. Civil Remedies:
File recovery suits in civil courts.
Use Debt Recovery Tribunals (DRT) for speedy resolution.
Banks may use SARFAESI Act to recover loans.
2. Criminal Remedies:
Lodge FIR under IPC sections (420, 406, etc.).
Cyber complaints under IT Act.
3. Consumer Remedies:
Approach Consumer Forums under the Consumer Protection Act, 2019, for deficiency in banking services.
4. Alternative Dispute Resolution:
Mediation and arbitration can sometimes resolve disputes faster.
5. Banking Ombudsman Scheme:
Customers can file complaints before RBI’s Ombudsman for quick redressal.
Common Banking Frauds
A. Phishing and Smishing (Email/SMS Traps)
Phishing is when a fraudster sends an email that looks like it is from a bank. Smishing is the same trick done through SMS. The message usually says something urgent like “your account will be blocked” or “KYC expired.” It pushes the customer to click a link or share OTP. Once the person shares details, the money starts moving out.
Beginner tip: banks never ask for OTP, PIN, CVV, UPI PIN, or full passwords. If someone asks, it is a fraud.
B. UPI and Social Engineering
UPI is fast and helpful. But the same speed can be misused. A very common trick is “request money” on UPI. Fraudsters pretend to buy your product and ask you to “accept” a collect request, promising that accepting will credit money. In reality, accepting a collect request pays them.
Beginner tip: to receive money, you never need to enter your UPI PIN. PIN is only for sending money.
C. KYC/Job/Loan App Scams
Fake apps and websites promise quick KYC updates, instant loans or high-paying jobs. They first ask for access to contacts, photos and files. Later they threaten and blackmail, or they auto-debit money through hidden permissions.
D. SIM Swap and OTP Takeover
Fraudsters may get a duplicate SIM in your name using fake documents. Then all OTPs start coming to their phone. With OTP control, they can access net banking or UPI.
Beginner tip: if your network suddenly stops working for hours without reason, call your telecom provider. It might be a SIM swap.
E. Loan Fraud and Shell Companies
Some borrowers inflate project values, show fake invoices, route funds to related parties and stop repaying. This becomes a non-performing asset. The public then suffers because taxpayer money supports the banking system.
Beginner tip: big loan frauds often start small, with weak due diligence and poor monitoring. Strong internal audits reduce the risk.
F. Insider Collusion
Sometimes a bank insider helps create fake accounts, pass unauthorised loans, or override alerts. Insider cases are serious because the person knows internal controls and how to bypass them.
Beginner tip: whistle-blower hotlines and rotation of duties are essential to reduce insider risk.
How a Banking Fraud Case Usually Moves (Step by Step)
1. Incident happens – money leaves the account or a suspicious transaction is noticed.
2. Immediate block and intimation – the customer informs the bank’s branch, call centre, or cyber helpline (and blocks card/UPI/net banking). Sooner is better.
3. Bank flags and traces – the bank marks the transaction as disputed, tries to trace beneficiary accounts, and may alert other banks.
4. Police/Cyber complaint – victim files an FIR (under IPC/IT Act) or an e-complaint on the cyber portal. FIR under CrPC Section 154 helps start investigation.
5. Freezing of funds – police may request banks to freeze “mule” accounts where stolen money landed.
6. Investigation – collection of logs, device IPs, CCTV at ATM, merchant records, KYC papers, and employee statements. For digital evidence, Section 65B Evidence Act certificate is useful.
7. Charge-sheet and trial – after investigation, police file a charge-sheet. Court conducts trial under the relevant laws (IPC, IT Act, etc.).
8. Civil/Consumer remedies in parallel – depending on facts, the victim may also go to DRT/civil court for recovery or to Consumer Commission for deficiency in service.
9. Ombudsman – if the issue is about service failure or unauthorised electronic transactions where bank liability may arise, a complaint can be filed before the RBI’s Integrated Ombudsman after first writing to the bank.
10. Final outcome – recovery, compensation, conviction, or a mix of these.
Your Practical Toolkit if You Are a Victim
Act within minutes. Inform the bank through helpline/email/app and block channels (card/UPI/net banking).
Write a short email to your branch noting: date/time, amount, reference number, and that it was unauthorised.
Collect evidence: screenshots of SMS/app notifications, emails, phone numbers that called, links clicked, and timestamps.
File a police/cyber complaint and get a copy/acknowledgement. Mention IPC 420 (cheating), IT Act 66C/66D (identity theft/cheating by personation using computer), and any other relevant offences like forgery (IPC 468/471) if documents were faked.
Ask bank to raise inter-bank alerts to freeze downstream accounts where money travelled.
Follow up weekly in writing. Simple, short follow-ups create a record.
If service failure seems clear, escalate to the bank’s nodal officer and then to the RBI Ombudsman.
When Is the Bank Potentially Liable?
Banks may be liable in scenarios like:
Proven deficiency in service (e.g., ATM swallowed card, repeated wrong debits not reversed, or known skimming at a machine that was not fixed).
Unauthorised electronic transactions where customer did not share credentials and reported promptly, but the bank’s systems or processes failed.
Negligence in KYC or monitoring (e.g., opening mule accounts without due diligence) that directly contributes to loss.
Banks usually defend themselves by saying:
The customer shared OTP/PIN (which is a breach of terms).
Delay in reporting reduced the chance to block funds.
The transaction was done from the customer’s registered device or correct credentials, so it looked authorised.
In real life, responsibility depends on facts and evidence. That is why preserving logs and reporting quickly makes a big difference.
Civil and Recovery Routes
A. Debt Recovery Tribunal (DRT)
DRTs mainly help banks and financial institutions recover loans from borrowers. For a fraud-affected bank, DRT can be faster than ordinary civil courts. Orders can include attachment of property, appointment of receivers, and recovery certificates.
B. SARFAESI
When a loan is secured by property, banks can enforce security without going to court first by following SARFAESI procedures. They issue a demand notice, take symbolic possession, and then auction the asset. Borrowers may challenge specific steps before the DRAT/High Court. In fraud cases, SARFAESI is a strong recovery tool.
C. Ordinary Civil Suit
If a person or a merchant benefited from fraud, a civil suit for money recovery and injunction can be filed. Limitation for a simple money recovery suit is generally three years from the date of cause of action (broad, beginner-friendly pointer).
D. Consumer Commissions
If the complaint is about service deficiency (like wrongful denial of refund for a clearly unauthorised transaction), consumers can approach the District/State/National Commission depending on the claim value.
Criminal Laws
IPC 420 – cheating and dishonestly inducing delivery of property.
IPC 406/409 – criminal breach of trust (409 is specifically for banker/public servant/agent).
IPC 467/468/471 – forgery, forgery for purpose of cheating, and using forged documents.
IT Act 66C – identity theft (using another’s password/signature).
IT Act 66D – cheating by personation using a computer resource.
Prevention of Corruption Act – when an insider public servant is involved.
PMLA – if the proceeds of crime are laundered, the Enforcement Directorate can step in for attachment and prosecution related to money laundering.
Evidence Basics (So Your Case Does Not Fall Apart)
1. Section 65B Certificate for electronic records (screenshots, emails, logs). It basically confirms the manner of production of the electronic evidence.
2. Device and network logs – IPs, login times, device IDs from bank/app.
3. CCTV – ATM or branch footage if relevant.
4. Telecom records – call detail records and SIM swap history.
5. Forensic images – of phones or computers when hacking/malware is alleged.
6. Bank’s internal records – KYC, alerts ignored, exception overrides, audit reports.
The more organised your evidence is, the simpler it becomes for the court or ombudsman to see what happened.
How Banks Try to Prevent Fraud
KYC and ongoing due diligence to spot mule accounts.
Transaction monitoring using rules and machine learning (e.g., new device + high value + midnight = trigger alert).
Two-factor authentication and risk-based OTP checks.
Velocity controls (limit on number/amount of quick transactions).
Geo-fencing (unexpected foreign IP addresses get flagged).
Concurrent audit and surprise checks at branches/ATMs.
Whistle-blower channels for staff to report insider misconduct.
Reporting to FIU-IND (Suspicious Transaction Reports) to flag laundering patterns.
Common Defences and How to Respond
Bank says you shared OTP:
Respond with your call logs, screenshots, and a clear statement that you did not share any confidential data. If a fraudster took over your SIM, mention it and attach telecom proof.
Bank says you delayed reporting:
Provide exact timestamps of first call/email to the bank. Even a small delay should be explained (e.g., network down, late night, medical emergency).
Bank says transaction was from your device:
Ask for the device ID, IP address, and login data. If there was malware or remote access, seek a forensic report and file a cyber complaint.
Ombudsman Route
1. First write to your bank and wait for their reply (or 30 days).
2. If not satisfied, file online under the RBI Integrated Ombudsman with your proofs.
3. You can seek refund, interest, or compensation for mental harassment if justified.
4. Orders usually tell the bank to fix the issue or explain clearly why not.
This is useful when the dispute is about service failure or unauthorised electronic transactions and you need a faster and friendly remedy.
Simple Safety Checklist
Never share OTP, PIN, CVV, password, or card images.
To receive money, no PIN is ever required.
Do not click unknown links; type the bank URL yourself.
Install apps only from official stores; check the developer.
Keep phones updated; use screen lock and app lock.
If network dies suddenly, call telecom (possible SIM swap).
Report fraud immediately to bank and cyber cell; keep ticket numbers.
Review statements monthly and set transaction alerts.
Use a different UPI PIN from your ATM PIN.
Don’t keep high limits by default; reduce daily limits.
Conclusion
Banking frauds in India are a serious problem that affects not only banks but also the common people and the economy as a whole. With the advancement of technology, fraudsters have found newer ways to cheat. Although India has strong laws like IPC, IT Act, SARFAESI Act, and institutions like RBI and CBI, challenges such as delay, cross-border issues, and lack of awareness continue.
Therefore, a combined effort of laws, regulators, banks, and customers is needed. Public awareness and faster justice are equally important. Only then can banking frauds be controlled and trust in the financial system be maintained.
FAQS
Q1: What is banking fraud?
Banking fraud is any illegal activity done to cheat banks or customers, such as fake loans, card frauds, or online scams.
Q2: Can banks be held responsible for fraud?
Yes, if fraud happens due to negligence of banks, they can be held liable under consumer law.
Q3: What to do if someone becomes a victim of online fraud?
Immediately report to the bank, file a complaint at the local police station, and also register the case on the Cyber Crime Portal.
Q4: Is online fraud punishable in India?
Yes, under the IT Act, 2000 and IPC provisions, online fraud is punishable with imprisonment and fine.
Q5: Can RBI Ombudsman help?
Yes, RBI Ombudsman can resolve complaints related to banking services including fraud cases.
