I refer to the news report in Midday indicating a new modus operandi in the commission of a Bank fraud in India. This fraud has been committed as a combination of “Phishing”, “Security lapses at the victim’s Bank”, “Compromise of KYC by the mobile operator” and “Compromise of KYC by the collecting Bankers”. The compromise of KYC at the fraudster’s bank has been caused by the use of Aadhar identities.
So far we have seen the first generation Bank frauds of this nature consisting of “Phishing” associated with the opening of fraudulent accounts at receiving branches. To complete this fraud the fraudster had to steal the password of the customer and then also use several recipient accounts. To open such accounts he normally used fake PAN card or other strategies. Opening and maintenance of such accounts as well as inability to spot the unusual nature of transactions during the fraud amounted to “Negligence” of the collecting Banker and failure of KYC process. This made the collecting bankers liable for the fraud along with the victim’s bank where the authentication system used passwords instead of the legally mandated “Digital Signature”. As a result, the victim’s bank as well as the banks where the fraudster’s accounts were held vicariously liable for the fraud.
This aspect has been brought to the attention of RBI and RBI has been issuing periodical guidelines to the Banks. Banks, on the other hand have formed a cartel to oppose any moves by RBI to secure the Bank transactions by improving the security. On the other hand they have pushed RBI to introduce more of insecure technology such as Mobile Banking. RBI has been a mute spectator to this technology invasion and gradual erosion of Bank security.
It is not out of place here to mention that the Ministry of Communication and Information Technology has been procrastinating on the appointment of the Presiding Officer of Cyber Appellate Tribunal and preventing legal remedies to be available for the victims of cyber crimes.
RBI has to take the responsibility for having made the Bank security dependent first on the OTP system and now on the Aadhar system. The linking of Aadhar to ban accounts was suggested by the UPA Government as a means of transferring certain subsidies directly to the beneficiaries. What this has achieved is a dilution of KYC at the bank level and dependence on Aadhar as the sole KYC to open the accounts. These Aadhar account holders have now become the facilitators of the fraud and have to face jail prospect. They can thank UPA for this favour!.
There is an immediate need for RBI to re consider its wisdom of linking Aadhar to the opening of Bank accounts and alert all the Banks to the possibility of Aadhar being misused.