The Reserve Bank of India (RBI) will focus on a series of measures aimed at reducing payment frauds and enhancing the security of the financial ecosystem in FY25.
One of the key measures is the expansion of the Central Payments Fraud Information Registry (CPFIR) reporting to include local area banks, state cooperative banks, district cooperative banks, regional rural banks (RRBs), and non-scheduled urban cooperative banks (UCBs). This move, under the Utkarsh 2.0 initiative, aims to create a more comprehensive and robust fraud reporting system across various financial institutions.
“The Central Payments Fraud Information Registry (CPFIR) reporting will be extended to local area banks, state cooperative banks, district cooperative banks, regional rural banks (RRBs) and non-scheduled urban cooperative banks (UCBs) for payment fraud reporting (Utkarsh 2.0),: the RBI said in its Annual Report for FY24.
ALSO READ: Cyber frauds are rising, are banks prepared?
Currently, the payments ecosystem, including card networks, banks, and Prepaid Payment Instrument (PPI) entities, predominantly uses SMS-based one-time passwords (OTPs) as an additional factor of authentication (AFA). However, with advancements in technology, the RBI is exploring alternative risk-based authentication mechanisms. These innovative solutions include behavioural biometrics, location and historical payments data, digital tokens, and in-app notifications, which are expected to address payment fraud and reduce transaction friction more effectively.
Enhancing systems
Furthermore, the RBI plans to enhance the centralized payment systems, such as Real-Time Gross Settlement (RTGS) and National Electronic Funds Transfer (NEFT). Presently, these systems rely solely on account numbers and Indian Financial System Codes (IFSC) for fund transfers. To curb fraud and improve the payment experience, the RBI will explore the introduction of real-time payee name validation before actual fund transfers. This initiative will be in compliance with the newly enacted Digital Personal Data Protection Act, 2023, ensuring that personal data is protected during the transaction process.
ALSO READ: Bank frauds jump nearly 300% in 2 years, amount involved halved: RBI
Fraud cases rise
An analysis of fraud cases reported across banks revealed a significant increase in the number of incidents, according to the RBI’s annual report. The number of reported fraud cases surged to 36,075 in FY24, representing nearly a 300% increase from the 9,046 cases recorded in FY22. Despite this rise in cases, the total amount involved in these frauds fell dramatically from Rs 45,358 crore to Rs 13,930 crore.
The central bank noted a 46.7% annual decline in the monetary value of frauds reported in FY24. Private sector banks reported the highest number of fraud cases over the past three years, while public sector banks accounted for the largest share of the total fraud amount.
Frauds predominantly occurred in digital payments, including card payments and internet transactions. However, in terms of value, most frauds were reported in the loan portfolios. The RBI’s analysis highlighted that small-value card and internet frauds were most frequently reported by private sector banks, whereas public sector banks mainly experienced frauds in their loan portfolios.
The number of fraud cases related to card and internet payments skyrocketed from 3,596 in FY22 to 29,082 in FY24. The monetary value of these frauds also saw an increase, from Rs 155 crore in FY22 to Rs 1,457 crore in FY24.
Additionally, the RBI’s study of cases reported during FY23 and FY24 identified a significant time lag between the occurrence and detection of fraud. In FY23, 94% of the total value of frauds reported pertained to incidents from previous financial years. Similarly, in FY24, approximately 89% of the reported fraud value involved cases from prior years.