Sign In
By signing in or creating an account, you agree with Associated Broadcasting Company's Terms & Conditions and Privacy Policy.
By signing in or creating an account, you agree with Associated Broadcasting Company's Terms & Conditions and Privacy Policy.
Mumbai: The city has recorded nearly 20,000 cyber-financial fraud cases in the last five years, with victims together losing more than Rs 2,000 crore. But despite the scale of the crime, very little money has been recovered. The rise in card cloning, OTP fraud and data theft has hit people across the city, from working professionals to senior citizens, while banks continue to deny refunds even in situations covered under RBI’s zero-liability policy.
Specialists say many of these incidents stem from weaknesses within the financial system itself. Instead of protecting customers, banks often shift responsibility onto them, leaving victims to deal with recovery agents, legal notices and unresponsive officials long after the fraud has taken place. Police figures show that 4,132 FIRs were filed for credit and debit card fraud, ATM-related crime, SIM swaps, cloning attempts and cases involving PIN or OTP misuse. Victims together lost Rs 161.5 crore in these cases, out of which only Rs 4.8 crore was recovered.
The frauds have come through different methods. One such case involved businesswoman Romaljit Kaur Makkar from Sakinaka. She lost Rs 2.5 lakh after her credit card was cloned. On April 3, while she was in a meeting in Mumbai with the card still in her wallet, a series of transactions were carried out on a machine located in Lucknow. She suspects that her PIN may have been captured on CCTV during a shopping visit earlier the same day.
Navneet Batra, a 64-year-old retired engineer from Borivli East, also received several calls from recovery agents and has even been served legal notices. This started in March 2023, after four fraudulent transfers amounting to Rs 1.9 lakh were made using his card details to purchase herbal products from Bihar. Although he filed a police complaint in Dahisar and blocked his card, his bank has still not reversed the charges.
As per RBI rules, a customer has zero liability if a card-related fraud is reported within three days. If the report is made within four to seven days, the customer’s share of the loss is limited to Rs 10,000–25,000, based on card limits. Losses caused by negligence, such as willingly sharing an OTP, fall on the customer until the fraud is reported. All later unauthorised transactions must be absorbed by the bank. Banks are required to reverse all charges within ten working days and settle unresolved complaints within 90 days.
Senior officials and cybersecurity experts say the problem begins long before an OTP is shared. Maharashtra Cyber Cell chief Yashasvi Yadav said criminals obtain card data through leaks and skimming devices. Cybersecurity expert Ritesh Bhatia argued that many of these cases are driven by large-scale data theft and weak verification systems, and that banks, not customers, should ensure the ecosystem is secure.
Former police chief D Sivanandhan stated that banks remain responsible unless a customer intentionally shares sensitive information. Cyber-law expert Dr Prashant Mali added that banks regularly ignore the RBI’s zero-liability directions. He said stronger KYC checks, faster card-blocking systems, better coordination and penalties for security lapses are necessary to protect customers.
