In 2021, reported fraud losses rose to $5.8 billion, an increase of more than 70 per cent in a single year. 

One of the most effective ways to combat the rise in financial fraud and money laundering is to reduce anonymous bank accounts and monitor suspicious activity. 

For financial organizations, that means knowing who customers are and continuously monitoring for risk factors, a process called KYC or “know your customer.” 

It is vital in the battle against monetary crimes and money laundering. Hence, client credentials and identification are the first and foremost step in checking his/her authenticity. Reserve Bank of India has prohibited a person or organization from opening or operating any bank, demat, or trading account without finishing the KYC process. 

KYC plays a crucial role in the country’s regulatory landscape. Its necessity is now more critical than ever. Therefore, we have done a detailed deep dive into the different aspects of KYC, from its types to its pros and cons for hassle-free customer verification. 

Having established the context for KYC and its necessity, it is now time to address the fraudulent aspects associated with this function of financial regulation. 

In Know Your Customer (KYC) processes, confidential information about consumers is used to complete identification with the bank, NBFC, or financial institution. This confidential information, in turn, becomes a gold mine for scammers operating in this landscape. 

Scammers pretend to be bank officials or agents and try to obtain confidential information to exploit the data further and benefit financially. They also pose threats, such as blocking your account unless you update your KYC.

However, if we had to bifurcate the fraud between businesses and general customers/public, we can see the following tactics being deployed.

For Businesses

KYC fraud targeting businesses involves capitalizing on the weaknesses in Know Your Customer (KYC) processes to perpetrate fraudulent activities against organizations. This type of fraud typically involves the following tactics:

• Business identity theft: Fraudsters may steal or fabricate business information, such as registration documents, tax identification numbers, or ownership details, to create fake businesses or hijack legitimate ones for fraud.
• Fake business relationships: Scammers may establish fake relationships with legitimate companies to gain access to sensitive information or exploit their reputations for fraudulent activities, such as money laundering or financial fraud.
• Insider collusion: Insiders or business employees may collude with external fraudsters to bypass KYC procedures, provide false personal information, or facilitate fraudulent transactions for personal gain.
• Document forgery: Fraudsters may create counterfeit or falsified documents, such as invoices, contracts, or financial statements, to deceive businesses or financial institutions during the KYC verification process.

For Individuals

KYC fraud targeting customers involves con men exploiting the vulnerabilities of individuals and coercing them to divulge sensitive details using tactics such as 

• Phishing: Fraudsters may impersonate legitimate organizations or financial institutions to trick individuals into providing sensitive personal information such as bank account details or identification documents.
• Account takeover: Criminals may gain unauthorized access to individuals’ accounts by using stolen or compromised credentials. They may then conduct fraudulent transactions or steal funds from the account.
• Identity theft: Fraudsters may steal personal information, such as names and addresses, to create fake identities or open accounts in the victims’ names without their knowledge.
• Fake KYC verification: Scammers may create phoney websites or documents that appear legitimate KYC verification portals. They trick individuals into submitting their personal information, which is then used for fraud.
• Social engineering: Fraudsters may manipulate individuals into divulging sensitive or personal information or performing actions compromising security, such as revealing passwords or authorizing fraudulent transactions.

Criminals steal personal details (e.g., name, Aadhaar, Social Security Number) to open fraudulent bank accounts, take loans, or conduct financial transactions.

• Synthetic identity fraud involves creating fake identities using real and falsified details, making detection difficult.
• In the U.S., synthetic identity fraud is the fastest-growing financial crime, costing banks billions annually.

In telecom fraud, cybercriminals:

• Impersonate users and request a SIM card replacement from mobile providers.
• Gain access to the victim’s phone number, intercept OTPs, and hack financial accounts.
• Use compromised SIMs for illegal transactions or blackmail.

Cybercriminals now use deepfake technology to pass video KYC verifications.

• AI-generated faces and voice replicas trick identity verification systems.
• In a case in the UAE, fraudsters used deepfake video calls to impersonate a company director and steal $35 million.

Scammers set up fake KYC update websites and send phishing emails or messages urging people to update their details.

• Victims unknowingly enter Aadhaar, bank details, and passwords, leading to financial theft.
• The rise of WhatsApp and SMS KYC scams has resulted in millions in fraud losses globally.

Fraudsters sometimes bribe or collude with employees in banks and financial institutions to approve fake KYC documents.

• Insider fraud allows criminals to create multiple fraudulent accounts for money laundering.
• Document forgery using advanced editing tools helps bypass security checks.

In 2021, a sophisticated fraud scheme unfolded in the UAE involving deepfake technology. Fraudsters created a highly convincing video of a company director using AI-generated voice and facial manipulation. This deceptive video was used to trick a bank into approving a $35 million transfer. Despite stringent compliance checks, the bank’s verification systems failed to detect the forgery, resulting in a massive financial loss.

A hacker group in the UK successfully executed a SIM swap scheme targeting high-net-worth individuals. By impersonating legitimate customers, the attackers managed to convince mobile providers to issue duplicate SIM cards. With control over their victims’ phone numbers, they intercepted OTPs and gained unauthorized access to banking accounts. The scam led to £5 million in losses before authorities intervened.

In India, cybercriminals exploited vulnerabilities in Aadhaar-linked eKYC systems to open fraudulent bank accounts. They used forged documents and manipulated digital verification systems to bypass security checks. The scam facilitated unauthorized transfers amounting to ₹150 crore. By the time authorities detected the fraud, a significant portion of the funds had been funneled through various dummy accounts.

Southeast Asia witnessed a surge in KYC-related scams involving fake update portals. Fraudsters developed websites designed to mimic legitimate financial institutions’ portals. Victims were lured through phishing emails and SMS messages, which directed them to these fake sites under the guise of updating their KYC details. Once the victims submitted sensitive information, the fraudsters used the data for unauthorized financial transactions across international accounts.

Do

Directly contact your bank

RBI has advised users to reach out directly to their bank or financial institution for confirmation and assistance if they want to update the KYC or get the KYC done. This becomes even more important when someone calls you for the KYC completion.

Get the bank’s contact details from the official website only

Every bank and financial institution lists customer support details on its official website and app. It is advisable to head to the official source to get the correct contact details for the bank to ensure authenticity.

Report fraud immediately

Another vital thing RBI has asked users to do is report it as soon as possible to a bank or financial institution to mitigate the potential risks in case they have been duped.

Enquire about KYC options

Visit your bank branch to inquire about the available modes and options for updating your KYC details.

Don’t 

Never share login credentials

Never share your personal information account login credentials, card information, PINs, passwords, or OTPs with anyone, regardless of the situation.

Refrain from sharing KYC documents

Do not share your KYC documents or copies with unknown or unidentified individuals or organizations to prevent misuse.

Stay away from unverified apps/websites.

Refrain from sharing sensitive data or information through unverified or unauthorized websites or apps.

Never click on any link received via SMS

Do not click on suspicious or unverified links received via mobile or email, as they may lead to phishing attempts.

Avoid Sharing Sensitive Information

Limit the exposure of your personal data online by using secure methods of communication. This helps reduce the risk of phishing, identity theft, and other cybercrimes.