Mumbai tops the list of cities with the highest number of frauds reported by banks, with the money involved totalling Rs400 crore per year for the past five years.
While for the financial year 2010-11, banks in Mumbai reported 787 fraud cases involving Rs1,049 crore, the tally for the national capital was 335 cases, with the net amount lost being Rs269 crore, according to the documents obtained under the Right to Information (RTI) Act from the Reserve Bank of India (RBI).
Interestingly, the total number of banking frauds reported in Mumbai every year is more than those of Delhi, Chennai, Kolkata and Bangalore taken together. While a five year average figure for Mumbai is about 800 cases, the number for other cities is approximately 200.
As per the report, of the 4,099 cases registered in Mumbai since 2006, only 564 cases (those where the amount involved is above Rs1 lakh) have been closed.
The city lost Rs1,882 crore over these five years, of which only Rs63 crore has been recovered, reveals the RTI response. Experts blame the low recovery rate on the lack of know-how in
detecting and preventing frauds in the era of internet and mobile banking.
Firstly, the banks do not even seem to have the required classification of internet-related frauds. According to the RBI, “there is no distinct category of ‘Phishing Complaints’’, and as such no separate data/information is classified/compiled in this regard.” But phishing is a common method of online identity theft where information such as usernames, password and other bank details are acquired.
According to the internet banking guidelines issued by the RBI in 2001, banks need to assess the risks arising out of phishing, consider them as ‘operational risk’ and cover it with insurance.
“Either they are ignoring the RBI mandate or are hiding the information,” said Na Vijayashankar, cyber law expert.
Banks evade responsibility
DNA also has found out that bank managements’ reluctance to own up to such frauds is also a factor causing a pile-up of banking fraud cases, and consequently, a low recovery rate. Sources in the banking industry confirm that banks do not follow up fraud cases and pass the buck to the customers despite RBI guidelines directing banks to take complete responsibility.
A former top official of Indian Overseas Bank said that banks avoid owning up to such cases out of fear that it will damage their reputation, with a resultant loss of customer base. “Most of the time banks pass the responsibility of recovering the money to the customers themselves,” he said.
There are several cases where banks have refused to take any responsibility for banking fraud. Gujarat Petrosynthese Ltd, a Mumbai-based company lost Rs.39, 00,550/ from its account with Axis Bank, Bangalore, on 20th June 2011 to hackers. “The police are investigating. But the banking sector has not been sympathetic,” said Urmi N Prasad, executive director with Gujarat Petrosynthese Ltd.
Similarly, Pramod B Bauskar from Mumbai lost Rs 1,97,000 from ICICI bank to an internet fraud in mid-2011. “Bank officials rejected my plea outright, saying it was my fault and the bank will not do anything about it,” said Bauskar.
Some Cases Not Registered
Apart from the registered cases where the recovery rate has been pathetic, many fraud cases are not even registered. Several bankers told DNA that most internet banking frauds cases at the customer level itself, as banks bully the customers into believing that they themselves are responsible.
RBI guidelines for fraud cases
The RBI requires banks to pursue fraud cases vigorously with the CBI or police authorities, and in court. In the case of public sector banks, all fraud cases below Rs1 crore should be reported to the local police, except when the CVO and CMD consider it serious, and when the cases cannot be classified in monetary terms. In those cases, the frauds are referred to the CBI. Cases above Rs 1 crore must be referred to a different wing of the CBI depending on the category it falls into.
In the case of private sector banks, frauds of Rs1 lakh and above committed by an outsider in connivance with a bank official should be referred to the local police. So should cases of fraud committed by a bank employee involving funds of Rs10,000/- and above. DNA found that in many of the cases the banks do not follow the RBI guidelines.