Axis Bank customer Shiv Kumar from Gurgaon allegedly had Rs.4.8 lakh stolen from his salary account. His SIM card was blocked on Valentine’s Day, and the funds were transferred to a HDFC account through unauthorized transactions a week later.
Mr. Shiv Kumar’s Airtel SIM card was blocked on 14 February, and it allegedly took Airtel two weeks to reactivate the connection, during which time funds were transferred out of his account and into an unknown HDFC Bank account. The connection between the card being blocked and the funds being transferred highlights a gaping hole in the security framework of online fund transfers.
If the SIM card had been cloned, fraudsters could use the number to receive authentication like OTPs for transactions. The number could also be used to re-register for apps like Whatsapp, giving the fraudster access to previous chat histories. Bank account numbers, IFSC codes, account holder names, and sometimes even addresses have been sent in the thousands over this platform following demonetization. Pending payments were settled online through IMPS/RTGS transfers, and account details were sent across unregulated for the most part. A backup of this chat history downloaded onto a new phone using a cloned/copied SIM card for authentication creates the perfect crime, but fortunately, all transactions leave a trail online.
Mr. Shiv Kumar approached the Sector 10A police station, where Inspector Lal Chand has registered FIRs under Sections 419 (cheating by impersonation) and 420 (cheating) of the IPC and Sections 66 (computer related offences) and 66D (cheating by impersonation using a computer resource) of the IT Act. It is unclear at this time why the case was reported two months later, although cases of online fraud through IMPS/RTGS have been on the rise and banks have issued statements for customers to report such instances immediately.
Blocked SIM cards should be reported to the police and the network operator immediately. Unauthorized transactions, random messages that say an OTP has been generated using your credentials, requests for OTP, etc. should be reported immediately to the bank, and police station where necessary.