Police said that the fraudsters had updated data of the thousands of customers.
It was not just the confidence of RBL Bank customers that certainly took a hit following the breach of the ‘classified’ data of credit cardholders, but the data of State Bank of India and Axis Bank is also at risk.
Sources in the police department have confirmed that certain groups of cyber fraudsters operating their country-wide network from the National capital, were constantly updated with the ‘fresh’ data of credit cardholders.
“We are getting bank fraud cases from the customers of SBI and Axis Bank also. It is yet to be verified whether the data has been leaked or not. There might be data loss or it could be some social engineering fraud,” Telangana’s Cyberabad Crimecrime police said.
After Cyberabad police unearthed Delhi-based fake call centres and arrested 16 persons from Delhi and Ujjain, it had exposed the flaws in customers data security and also in the issuing of SIM cards by the network providers without any proper verification. The gang was involved in nearly 35 cases in Cyberabad, and 166 cases across the country.
Police said that the fraudsters had updated data of the thousands of customers who received new credit cards and it was a bank’s insider who is the architect of this whole fraud.
The investigators are wracking their brains to know how exactly and from where the data leak had taken place in the banking company and how did the mobile service provider company issued over 1,000 SIM cards without any verification by accepting forged Aadhaar cards and PAN Cards.
“This is a classic case to explain the poor procedure practised by the network providers while issuing SIM cards, and of course the data security system at the banks,” a senior police officer said.
They froze ₹15 lakh in a bank account, seized three cars, including a BMW 520, a KTM bike, 865 fake Aadhaar cards, voter and PAN cards, 1,000 SIM cards, 37 cheque books, 34 mobile phones, apart from other material from the possession of the accused.
However, police are still clueless about the insider (bank employees) who constantly went on leaking the updated data of their credit cardholders to the arrested kingpins of the frauds, Deepak Chaudhary and his associate Vishal Kumar alias Vishal Chouhan, both residents of Uttam Nagar, New Delhi. Deepak had previous experience with the banking sector and had a well-oiled network within the bank to get his things done.
“As of now, we could not track him/them. The bank is also helping us with leads to know from where the database was leaked. Even they are worried as their customer information got leaked,” Cyberabad’s Deputy Commissioner of Police (Crimes) Rohini Priyadarshini told The Hindu.
When asked about how the SIM cards were issued on forged/fake identification cards, Ms. Priyadarshini said “like earlier days, there is no robust verification mechanism right now, which is resulting in such several cyber frauds.” She said that the verification process should happen at the highest level where it can be fixed, but not at the vendor’s end.
Police teams are also on the job to arrest Deepak’s two sisters and three more women from Delhi who were part of the fraud.
Further, explaining the modus operandi of the arrested gang, the officer said that the callers pretended as RBL Bank employees and cheated the account holders to the tune of ₹3 crores.
Recently, a victim approached the police stating that he got a call from a person who identified herself as a representative from RBL Bank to check whether his credit card was delivered or not.
When the complainant informed the caller that he had received the credit card but not the PIN number. The fraudster asked him to provide PAN card details and also asked him to send the code which he would receive on deactivating the insurance amount of ₹24,000. When he shared the code immediately and he received a message from the bank that an amount of ₹97,996 was debited from his credit card. Based on his complaint, a case was registered and a probe was launched.
With the help of call spoofing applications, they contact the cardholders, who received new credit cards, by posing as bank employees. Then they collect OTPs by misguiding the customers in the name of activation of card or deactivation of insurance or increasing the credit card limit etc. After collecting OTPs, the fraudsters make transactions on their websites using the credit card details of the victims.
“They have registered six websites and three Individual Merchants linked them with payment gateways and used them for transferring the swindled amount into their bank accounts,” the officer said.
“After taking the remanded accused into police custody, we might get to know the details of the bank employee/employees who were helping them with the data,” Ms. Priyadarshini added.