Digital Banking Frauds:

With the advances in information technology, all banks in India have migrated to core banking platforms and have moved transactions to payment cards (debit and credit cards) and to electronic channels like ATMs, Internet Banking and Mobile Banking. Fraudsters have also followed customers into this space. Internet Banking Fraud is a fraud or theft committed using online technology to illegally remove money from a bank account and/or transfer money to an account in a different bank. Internet Banking Fraud is a form of identity theft and is usually made possible through techniques such as phishing, lottery fraud scam etc.Types of Online Banking Frauds are:


Phishing is a type of fraud that involves stealing personal information such as Customer ID, IPIN, Credit/Debit Card number, Card expiry date, CVV number, etc. through emails that appear to be from a legitimate source. Nowadays, phishers also use phone (voice phishing) and SMS (Smishing). Fraudsters pose as Bank officials and send fake emails to customers, asking them to urgently verify or update their account information by clicking on a link in the email.


Website spoofing is the act of creating a website, as a hoax, with the intention of performing fraud. To make spoof sites seem legitimate, hackers use the names, logos, graphics and even codes of the actual websites. They can even fake the URL that appears in the address field at the top of the browser window and the Padlock icon that appears at the bottom right corner. Hackers send e-mails with a link to a spoofed website asking to update or confirm account related information. This is done with the intention of obtaining sensitive account related information like Internet Banking user ID, password, PIN, payment card / bank account number, card verification value (CVV) number, etc.


Skimming is a method used by fraudsters to capture information from the payment card that is later used to conduct fraudulent transactions. Fraudsters perpetuate this type of fraud by capturing the payment card information by way of a copying device normally known as a skimmer. The captured information will then either be stored within the device or transmitted to a designated computer to be used later for fraudulent activities.

Scams using UPI PIN:

UPI PIN is a kind of fraud in which the hackers would be sending "request money" links to the customer. Once the customer clicks on the link and authorises the transaction thinking they'll receive money, the amount gets deducted from their account. In few cases they would even convince the customer to disclose their UPI PIN over phone and would deduct money from the account. These days this UPI is being popularly used by all Online shopping sites, Food delivery sites, Google Pay, PhonePe , Paytm etc.

Scams using OTP

When a transaction is done through net banking / using your debit /credit card, an OTP is also sent as a two factor authentication. For OTP authentication, the bank sends an OTP through SMS on the registered mobile number with the bank records. Once the OTP is verified, the transaction is processed. OTP should not be disclosed to anyone. Once fraudster gets the details, they can authenticate the transactions and steal money from your account.

Debit and Credit Card Frauds done in online payments:

Debit and Credit card fraud occurs when a criminal gains access to your debit card number — and in some cases, personal identification number (PIN) to make unauthorized purchases or withdraw cash from the account. A fraudster steals the card data and creates counterfeit cards. This typically happens with withdrawal cash at an ATM or by using the card at the time of online payments. Fraudsters attach a foreign, device on ATMs or the debit card machine and capture your encrypted data.

Safety Precautions:

  • 1. Always treat unsolicited callers/emails/SMS with suspicion.

  • 2. Never share credit/debit card details with anyone claiming to be bank official or customer care executive.

  • 3. Never enter card details in online form sent by the caller. Your credentials might be stolen.

  • 4. Do not download remote access Apps as fraudster will get access to all your messages and emails.

  • 5. Never click on links in Phishing messages/emails appearing to come from government organizations, officials, banks, etc. They install malware/ spyware on your device.

  • 6. Be cautious while scanning a QR code sent for receiving payment. You may lose money from your account.

  • 7. Be careful of fake customer care number appearing in web search. Use two-factor authentication (Password + OTP) for all online accounts.

Fin Quest