Fraud or Magic at SBI Cards?
At SBI Cards some magic appears to be
happening. 2+2 is adding upto some thing different than 4 and the managers
seem to be unable to sort out why it is happening?.
I am giving below an extract of a statement from a Card
a
ccount
which shows a one month statement of expenses for April 2008
including transactions booked internally by the Bank. According to simple
arithmetic, the statement adds up to indicate a net amount payable by the
client to the extent of Rs 4678.02. However, the Bank indicates an amount
payable of Rs 9453.42.
Despite being presented with this statement the
authorities at SBI Cards which is managed by GE Finance, are unable to sort
out the issue of how the statement shows an amount of RS 9453.42 payable
instead of RS 4678.02.
The matter has been reported to the Chairman of SBI as
well as the Banking Ombudsman. Their intervention has also been ignored by
the Card division.
Though it would have been possible for the Bank to
manually correct the error, there is no positive action by the SBI Card
division nor the Bank. They seem to think that if the "Computer says 2+2=5,
then it must be correct!"
The incident raises an important question whether
the customer’s money in the Bank safe? Can the shareholders of the Bank
trust the management of the Bank for safeguarding the investor’s interest?
As an Information Security observer, one of the
possibilities indicated by the incident is that the software of the card
division might have been fraudulently manipulated and at certain
conditional fulfillment, it charges customers an amount higher than what is
payable.
If the money is not payable by the customer, then where
is it being credited? Is it going to any individual in the Bank? or is the
Bank getting enriched by the software bug?
I would like to mention that this is the second incident
of software related fraudulent possibility that has been indicated by
the undersigned at SBI. Two years back I had notified the Bank that there
was an indication of a software bug in their “Senior Citizen Account
Software” and it was resulting in an excess of 16% being charged on the
expenses account in the Bank compared to whatever interest was due to be
paid to a customer. ie. For every RS 100 paid to the customer, RS 116/- was
debited to the charges account. This was based on the observation of two
accounts in one of the branches which was stated to have similar problems
in 70 more cases. I had then notified the Bank that this was indicative of
a possible fraud amounting to nearly R 8000 crores. I had also suggested
that there was a need for software audit to eliminate the problem.
(For details please read
SBI...and TCS.. owe an explanation and
SBI.. Solid Foundation is Melting )
To the best of my knowledge nothing has been
done in this regard though there was a public statement at that time from a
DGM that it was due to a software error and would be corrected from the
following accounting year.
The SBI Card incident now being reported being
the second incident in which a potential fraud in SBI has been brought to
the notice of the public, I hope that the top management of the Bank would
realise that they may be liable for negligence in not taking appropriate
action. I bring it to the notice of SBI top brass that under Section 85 of
ITA 2000, if there is any fraud in the computerized accounting in the Bank,
the liabilities under Section 66 would be vicariously carried to the
officials of SBI including the Chairman unless they demonstrate "Due
Diligence".
Now through this open forum the attention of
SBI is being drawn once again to the need for top management attention on
the matter. The matter requires an independent Source Code audit of the
Card accounting software to determine why the accounting is going wrong. In
view of the possible fraud behind this incident it is necessary for a CBI
enquiry to be ordered to make an impartial investigation.
Until then the card division should suspend
its activities.
I urge all customers of SBI cards to check their
accounts regularly, add up the card usage and check if the amount shown as
payable in the statement is correct.
I look forward to a response from SBI management in this
regard at the earliest. I also call upon RBI to respond with their view on
how to make the Ombudsman scheme effective if the Bank refuses to act on
the reference made by the Ombudsman.
Naavi
November 10, 2008
