Know Your Customer (KYC) Frauds
Know Your Customer (KYC) is an identity verification process followed by various businesses/
new customers while joining and existing customers at periodical intervals.
Why KYC is important?
The main purpose of KYC is to prevent identity theft, terrorist financing, money laundering, and financial fraud. The KYC process helps Financial Institutions and businesses understand the customer better. As per the RBI norms, KYC has become mandatory requirement.
The following details of customers are collected to complete the KYC process.
- Legal name
- Identity proof
- Correct permanent address as per identity proof
- The legal status of the entity or person.
Taking undue advantage of this provision, the fraudsters send fake SMS /text message or make fraudulent calls, by pretending to be a bank representative to gather personal details of customers. The fraudsters may provide the customers with the phishing link, or 10 digit mobile number or convince them to give access to them digital device, through which they intend to get hold of customer’s personal details to get unauthorized access to their banking accounts to steal money.
Many innocent people have lost their hard-earned money to this fraud in recent times and still continuing.
How fraud take place?
Modus Operandi - In case of fraudulent calls:
- Fraudsters make a fake call to the victim pretending to be representative from a bank or e-wallet company, requesting them to update the KYC immediately and warning them of account block/suspension.
- The caller says that the validation/KYC can be done online to keep the account active, and asks the customer to download an APP on the digital device being used.
- Once the app is downloaded, the fraudsters will ask you to share code and grant certain permissions, which will enable them to gain access to your digital device.
- The caller then asks the victim to transfer a small amount from your bank account, which will enable them to see or access OTP sent on the digital device.
- When the victim transfers the money, the caller gets to see your password and other important details, which are used to carry out a fraudulent transaction and wipe out money from your bank account.
Modus Operandi - In case of fake Messages
- Message sent from a mobile number with a phishing link and/or 10 digit mobile number, for update of KYC.
- Upon clicking the link provided in the message, the victim is redirected to the spoofed website and prompted to enter the bank user name, password, OTP etc
- Upon calling the number provided in the message, the victim is provoked to share personal details like account user name, password, account number, OTP etc.,
- The fraudster makes use of these details to gain unauthorized access to the victim’s bank account to commit fraud.
The following are a few warning signs for the user, that may indicate that the message or call is from fraudsters:
- Request for confidential information like account number, PIN, Password etc.,
- Request for download of applications on personal device
- Sense of urgency is created, to take immediate action.
- Poor grammar, punctuation and unwanted capitalization of words in the message received.
- Message sent from a mobile number instead of the authorized banking customer care / service
- Message received, appears to be from unknown mobile number instead of the name of registered bank.
Safety tips for safeguarding against such cyber frauds:
* Never click on unknown links or links received from unverified sources.
* Always remember that a banks/ wallet companies or other authorized institutions, never does KYC on calls or send any links to its customers, for updating KYC.
* A valid customer care number can never be a 10 digit mobile number as generally given in the fake message.
* Never share your mobile number, account number, password, OTP, PIN or any other confidential details with anyone. Any authorized bank or customer service never asks its customers to share any confidential information.
* Avoid contacting the customer service/contact numbers provided on google search. Only contact the authorized numbers provided original banking websites.
* Your account will never be blocked by bank/ any e-Wallet unless if you have done fraudulent activities
* Do not give your access to your device for anyone by installing remote access type of applications (AnyDesk , Quicksupport ,Team Vier etc.)
* Only use original apps downloaded from authorized stores /websites, do not download third party apps.
* In case of any such issues immediately report to the specific bank authorities immediately.
* File an online complaint regarding any such frauds on the government portal www.cybercrime.gov.in