India’s digital fraud crisis is becoming bigger, faster and far more sophisticated than traditional banking safeguards were designed to handle.
As IndiaToday.in reported earlier, India’s rapid shift toward real-time digital payments has also created a fraud ecosystem that increasingly relies not just on hacking — .
Victims across the country are losing money through fake investment apps, phishing links, remote-access scams, impersonation calls, KYC fraud, fraudulent trading platforms and so-called “digital arrest” scams. In many cases, customers are not hacked at all. They are manipulated into transferring money themselves.
The consequences are often devastating.
Just a few days ago, an 87-year-old retired executive in Pune allegedly spent posing as senior CBI officials.
In Delhi, an elderly couple allegedly lost nearly Rs 14 crore after scammers posing as police officers and Supreme Court judges kept them under virtual surveillance for days.
The growing scale and sophistication of such frauds is now raising uncomfortable questions for India’s banking system: How quickly can banks detect suspicious activity? How fast can mule accounts be frozen? And are existing fraud-detection systems equipped to deal with scams driven more by psychology than by technology?
IndiaToday.in sent detailed questionnaires via email on May 7, 2026 to HDFC Bank, Axis Bank, State Bank of India, Yes Bank, ICICI Bank and Punjab National Bank seeking responses on digital fraud complaints, AI-based detection systems, customer compensation timelines, mule account monitoring and safeguards against sophisticated scams.
None of the banks responded over the following seven days till the time of publication.
The questions were straightforward: How quickly are suspicious accounts frozen? What happens when customers authorise payments under coercion? How effective are banks’ AI systems against modern scams? How are mule accounts tracked? And how long does it take customers to recover money once fraud happens?
The silence comes as experts warn that fraud is evolving faster than traditional banking safeguards.
“We are seeing a strong and increasingly proactive response from banks and financial institutions in India,” said Abhinav Parashar, Co-Founder and CEO of Digio, a fintech company focused on digital onboarding, KYC, compliance and fraud-prevention solutions for banks and financial institutions.
According to him, banks have moved beyond traditional rule-based fraud checks and are increasingly embedding intelligent, real-time risk orchestration systems directly into customer journeys.
Banks today are deploying selfie and liveness verification, behavioural biometrics, device intelligence, synthetic identity detection and AI-led anomaly monitoring to identify suspicious activity before transactions are completed.
But experts say the threat itself has fundamentally changed.
Traditional banking fraud systems were largely built to detect stolen passwords, unauthorised logins and suspicious transaction patterns. Today’s scams increasingly rely on manipulation rather than hacking.
Fraudsters pose as police officers, bank officials, investment advisers or even company executives. Victims are pressured into transferring money themselves — often while frightened, isolated or psychologically overwhelmed.
“The threat model has shifted from impersonating the bank’s customer to weaponising the customer themselves,” said Sagarika Chakraborty, CEO – India & Gulf, Global Head of Investigations, IIRIS Consulting, a risk advisory and investigations firm working with banks and financial institutions on fraud and financial crime cases.
According to Chakraborty, fraud values reported to the Reserve Bank of India (RBI) in just the first half of FY25 , marking an eight-fold jump over the same period a year earlier.
In one corporate fraud case cited by IIRIS Consulting, a company allegedly received a convincing deepfake video instruction appearing to come from its promoter, directing payments to a new vendor account. The transactions moved through three banks and layered beneficiary accounts without triggering alerts because every authentication layer appeared legitimate.
Parashar said newer fraud vectors such as “digital arrests”, impersonation scams and deepfake-enabled identity fraud represent a different category of threat because they rely heavily on psychological manipulation and social engineering.
“A large percentage of fraud today is still rooted in social engineering,” he said.
That is making fraud prevention far more difficult.
Kishan Sundar, Senior Vice President & Chief Technology Officer at Maveric Systems, a banking and financial services technology company focused on AI, digital transformation and fraud-risk solutions, told IndiaToday.in
“Prevention still lags detection,” Sundar said, adding that proactive behavioural analytics, contextual risk scoring and pre-authorisation intervention remain inconsistent across institutions.
He also warned that most AI-based fraud systems are still designed to detect transaction anomalies rather than coercion-driven scams where victims willingly authorise payments.
Another major weakness, experts say, is the speed at which money moves once fraud begins.
Scammers often route funds through multiple mule accounts across several banks within minutes, making recovery increasingly difficult once money leaves the original account.
“The biggest gap is the speed asymmetry between money and intelligence,” Chakraborty said, noting that money can move across multiple institutions in minutes while fraud intelligence sharing still takes hours or days.
Parashar also pointed to the need for stronger ecosystem-wide coordination on fraud intelligence sharing and mule account tracking.
Experts argue that banks may increasingly need to introduce behavioural friction into high-risk transactions through transaction cooling periods, contextual warnings, multilingual fraud alerts and additional verification layers for unusual transfers.
The debate around liability is also becoming harder for banks to avoid.
Under existing rules, customers often struggle to recover funds if transactions were technically authorised using OTPs, verified devices or valid credentials — even if they were manipulated into making the transfers.
But experts say coercion-based scams are changing the nature of responsibility itself.
“The responsibility cannot lie solely with the customer in cases of psychological fraud that is intricate and well-designed,” Sundar said.
Chakraborty pointed to the RBI’s proposed compensation framework for digital fraud losses below Rs 50,000, under which the RBI and banks may share liability for certain fraud cases.
As IndiaToday.in explored in the earlier parts of this series, the fraud battle is no longer just about cybersecurity. It is .
And as scams become more sophisticated and losses mount into crores, one question still hangs over India’s banking system: if customers can lose their life savings within hours, are banks truly prepared for the next era of digital fraud?
You can read the first two parts below: