Banks' Digital Push, Disregarding Customers' Safety
Officials of Bank of Baroda (BoB), India's second-largest public sector bank (PSB), reportedly used fake mobile numbers to fulfil targets for new registrations to the Bank's new app, 'bob World', when it was launched last year. According to an investigative report by Al Jazeera, one officer in each branch had been given a target of on-boarding at least 150 existing Bank customers. When the registrations were running lower, the officials came up with the idea of linking the mobile numbers of random unknown people to boost the registrations.
It appears that BoB officials followed this modus operandi across the country. They first fetched the list of Bank accounts not linked to mobile numbers. They then linked these accounts to any mobile numbers they could gather to generate the one-time password (OTP) needed to join the app from the back-end.
The employees claim that they deregistered these customers from the app and reused the same mobile number in the same manner with other bank accounts to meet targets, the report says.
In many cases, a single mobile number was linked to more than 100 bank accounts. BoB's own policy states that one mobile number cannot be linked to more than eight accounts, and only if all these accounts are of the same family or address.
While this may shock most people, claiming fake hits on websites, boasting high but bogus app downloads and fake registrations are common underhand tactics among digital companies.
In 2021, Japanese investment giant SoftBank invested over US$170mn (million) in a little-known social media app called IRL, valuing it at US$1.17bn (billion). It turns out that 95% of its claimed 20mn user base was fake.
But when employees of India's second largest PSB, with a market valuation of over Rs100,000 crore, participate in fake app registrations to meet steep targets, it is not only reprehensible but has much bigger implications for customers of banks and financial services. This episode raises three issues in the Indian context.
1. Safety of customers: If a fake contact number can be inserted from the back-end to generate bogus registrations for a genuine bank customer, it is obvious that the customers' safety gets compromised. According to Al Jazeera, internal emails from BoB acknowledged that the safety of tens of thousands of bank accounts was at risk since they were linked with the mobile numbers of strangers.
One internal email shows that in the Bhopal zone, close to 1,300 mobile numbers were tied to anywhere from 30 to 100 Bank accounts, putting nearly 62,000 Bank accounts at risk. That is, on average, 47 Bank accounts linked to a single mobile number. This is a serious breach of fiduciary responsibility and assumes significance in light of the widespread digital frauds happening to bank customers.
2. Integrity of bankers and breach of trust: The genesis of this problem is steep compulsory targets, which automatically lead to bad behaviour. The same target-oriented approach and high incentives for selling life insurance as a protection-cum-savings product have led to massive misselling and fraud.
Apart from malincentives, we have also come across cases of bank fraud where the role of insiders is highly suspect.
Dr Ajay Sood, a non-resident Indian (NRI) settled in the US, found Rs1.33 crore withdrawn from his account in Bank of India, that too when the original cheques ostensibly used for withdrawal remained with him. His registered mobile number was changed and an Aadhaar number, which does not belong to him, was added to the account. This simply could not have happened without the involvement of Bank insiders. "There was a fraudulent communication with the bank in my name via a non-registered email before a bank official approved the transfer of funds," he told us. He had kept this large sum in the Bank for his mother who lived in India. (Read: Rs1.33 Crore Withdrawn from NRI's Account through Fake Cheques and Changing His Registered Mobile Number)
Now, consider how BoB has made tens of thousands of people extremely vulnerable. A BoB official told Al Jazeera that many staffers had inserted their own mobile numbers with customer accounts. He also said that Bank staff often enter their own mobile numbers to Bank accounts if customers have not registered their numbers in order to fulfil mandates.
What are the implications? Digital transactions are driven by one-time passwords (OTP) that would go to that fake mobile number. Indeed, an internal email admits the risk of fraud: "It is a fraud-prone area, and if any fraud happens, the officials from the branch, as well as regions, will be held responsible."
3. Redress for customers: In the financial services business (also healthcare services), the service-provider is the king; the consumer is at their mercy. In the case of bank fraud, the default response of banks is to blame the customer and deny wrongdoing.
In Dr Sood's case, he ran from pillar to post, calling and speaking to several officials at Bank of India and even the Reserve Bank of India (RBI). His calls and email complaints to BoI chairman and managing director (CMD), nodal officer and assistant general manager at Chandigarh, did not elicit any response. RBI's consumer education and protection department, also never bothered to answer his calls and emails.
Dr Sood finally got his money back after our intervention. But the fight for justice is a tortuous process of escalation to the internal and external banking ombudsman (BO), which requires enormous effort, time and patience and is largely ineffective.
The Bank is apparently working on a clean-up, but it is not enough. The regulator is also investigating the case, but what will come of it? The culpability of banks (especially in misselling) is hard to pin down.
When proven, a monetary penalty is never high enough and never personal, which alone can act as a deterrence. Fraud and malpractices will escalate and many customers may find their accounts cleaned out.
RBI is fully aware of misselling by banks and digital fraud by staff but is moving with glacial speed. We, as customers, have to be conscious and careful to sidestep numerous different types of frauds made possible under a mindless shift to a digital ecosystem without customer redress procedures.
(This article first appeared in Business Standard newspaper)
5 months ago

The actual scenario on the ground, even with so called "efficient & professional" private banks is more darker (hopeless) than depicted here in the article.

There are experiences where software applications offered by the bank to its customers to carry out routine transactions (e.g. fund transfer) have been found to have "bugs". These were varying from benign user interface issues to "unhandled exceptions" in the code of these applications where by exposing the source code of the net banking core software itself through normal transactions. Often there are errors connected with "offers" by the bank. Sometimes, arrangement of message boxes and user acceptance buttons on the screen is such that customer is "tricked" on clicking for options without fully realizing the implications of the same. The list is endless.

With no robust complaint tracking system available to customers, only practical redressal is to report the bugs to the bank and sometimes even provide all supporting info (e.g. screen captures, messages etc.) to "prove" that the errors indeed occurred in the banking software applications. Many times, complaints are lodged purposely with "fixed life" so they get "closed" irrespective of the issues (mentioned in the complaint) are resolved to the satisfaction of customer or not.

Investigations, if done in time by the bank , sometimes lead to bank admitting flaws in their software applications otherwise the complaints are kept pending for months (& even years) and finally Bank conveys to customer that it cannot investigate the complaint as the supporting artefacts (like server logs etc.) are not preserved for such a long time. Even for more than average educated customer, it is tiring and cumbersome to take up these issues repeatedly with the bank. Though I have no first hand experience of what happens in knocking on court doors in such cases, but feel practically delays and costs involved are prohibitive.

Worst the bank never identifies who was responsible for the issues from their organization (the flaw/ shortfall), as if customer need not know that. Leave aside naming individual, even the internal department or roles are not identified. Bank says they will take punitive measures, at best either these actions are cosmetic or often nothing is done for serious shortfalls. In many cases, customer can guess who was responsible and often sees that person(s) getting promoted as if nothing happened.

I regret for this is longish comment, but the scenario is BAD.
5 months ago
The only alternative left is for a group of aggrieved customers to commence Criminal Proceedings against BOB, since integrity, accountability, customer safety, etc. have all taken the far back seat.
Blank indian
5 months ago
BOB is well known for shady underhand dealings with many fraudsters.It quickly freezes Accounts of small customers but leaves out Big elehants.Its Cannought place branch gave loans to bigshots without any verification.The cases are well known.
Ankan Ghosh
5 months ago
People working in banks need to return to becoming bankers from salesmen. The top down pressure tactics on ground level staff is the main culprit. This is a PSB that has been discussed here, imagine what then is happeining in private banks. Crippling financial penalties need to be levied on individuals rather than the bank. Future recalcitrance should lead to removal and blacklisting of these individuals. Punishing the institution will not serve any purpose. It is individuals who make any institution.
Free Helpline
Legal Credit