Cybersecurity Cloud & Data

Digital banking fraud: 55% of frauds in India were third-party account takeover frauds

As per the 2024 Digital Banking Fraud Trends in India report by BioCatch a digital fraud detection platform powered by behavioural biometric intelligence, account takeover represents more than half of all fraud cases for its customers in India. The findings come on the heels of a recommendation by the Reserve Bank of India (RBI) that financial institutions in India are abandoning text-based one-time-passcodes as a method of secure authentication.

The existing OTP-based authentication doesn’t protect customers against new-age frauds, including customer-initiated fraudulent transactions

Charanjeet S.Bhatia, counter-fraud expert and former Head of Group Fraud Risk and Investigations at First Abudhabi Bank

“The existing OTP-based authentication doesn’t protect customers against new-age frauds, including customer-initiated fraudulent transactions,” counter-fraud expert and former Head of Group Fraud Risk and Investigations at First Abudhabi Bank, Charanjeet S.Bhatia said in response to the RBI recommendation. “With the right technology and implementations, banks can do a lot more than what they are currently doing to protect customers.”

Read more: Enhancing security through technology: The future of safety measures

The report also notes a concerning bump in mule accounts in India, in line with what BioCatch data shows as a growing global threat. At one partner bank in the country, BioCatch found nine out of every 10 mule accounts went undetected.

A “money mule” or a mule account is established with a stolen identity. Money mules, individuals who are witting or unwitting participants, are then used to transfer illicit funds to other accounts. They become part of a logistical network that moves money to the pockets of criminals. Mules remain a massively underreported plague with every device found to participate in mule activity in India logged into an average of 35 accounts each.

BioCatch customers saw more mule activity (14% of the total) in Bhubaneswar than anywhere else in the country. Lucknow and Navi Mumbai accounted for 3.4% of recorded mule activity, two cities in West Bengal, Bhagabatipur and Gobindapur, 1.7% and 2.6% respectively, Mumbai 2.2%, Bengaluru 1.8%, and Cuttack 1.6%.

The prevalence of mule accounts potentially represents the most under-the-radar trend in the entire fraud space

BioCatch Director of Global Fraud Intelligence Tom Peacock

“The prevalence of mule accounts potentially represents the most under-the-radar trend in the entire fraud space,” BioCatch Director of Global Fraud Intelligence Tom Peacock said. “The mule accounts banks succeed in identifying almost certainly represent just the tip of the iceberg. Indian financial institutions must employ more robust security measures to both detect and then shut down these sprawling mule networks.”

Read more: Cyber state: APAC business organizations & home networks face sophisticated cyberattacks

Account takeover attacks still dominatein India, accounting for 55% of all fraud. Third-party account takeover fraud still represents a bigger slice of the fraud pie than the social engineering scams.

Indian banks must pull up their socks and bolster their fraud defenses.

The fraud threats we see in India are a mix of both common threats seen globally and unique threats we find only in this region. All around the world, we’re seeing explosive growth in mule activity, fraud attacks, and scams that grow more sophisticated by the day

BioCatch’s APAC Vice President of Sales Richard Booth

“The fraud threats we see in India are a mix of both common threats seen globally and unique threats we find only in this region,” BioCatch’s APAC Vice President of Sales Richard Booth said. “All around the world, we’re seeing explosive growth in mule activity, fraud attacks, and scams that grow more sophisticated by the day. To combat this onslaught of fraud and financial crime, BioCatch continues to believe that banking and financial institutions need as much intelligence on the criminals, their tactics, and their fraud arsenals as possible.”

Fraudsters are likely accessing Indian mule accounts from outside the country. While 86% of the first session of documented mule account activity came from within India, after a month that number fell to just 20% – and 16% of those sessions used a VPN.

Navanwita Bora Sachdev

Navanwita is the editor of The Tech Panda who also frequently publishes stories in news outlets such as The Indian Express, Entrepreneur India, and The Business Standard

Recent Posts

Is AI Hitting a Plateau? The Scaling Debate OpenAI Prefers to Avoid

I think OpenAI is not being honest about the diminishing returns of scaling AI with…

2 hours ago

PayalGaming becomes India’s first female gamer to win an international award

S8UL Esports, the Indian esports and gaming content organisation, won the ‘Mobile Organisation of the…

10 hours ago

Funding alert: Tech startups that raked in moolah this month

The Tech Panda takes a look at recent funding events in the tech ecosystem, seeking…

1 day ago

Colgate launches AI-powered personalized dental screenings

Colgate-Palmolive (India) Limited, the oral care brand, launched its Oral Health Movement. The AI-enabled initiative…

1 day ago

The role of ASR in voice bots: Revolutionizing customer interaction through real-time recognition

This fast-paced business world belongs to the forward thinking organisations that prioritise innovation and fully…

2 days ago

Disrupting Fintech: How product studios are transforming financial services

In the rapidly evolving financial technology landscape, innovative product studios are emerging as powerful catalysts…

1 week ago