Tools to detect frauds have to be far superior, says Infrasoft Tech CEO

Assessment of frauds have taken a shorter time because banks have the systems in place, says Rajesh Mirjankar

Frauds continue to rise in the banking sector. A total of 2,480 cases of fraud involving Rs 31,898.63 crore were reported in 

the first quarter of FY20. This came on the back of the Rs 71,500 crore in frauds for FY19, a tad more than what was put into state-run banks by way of recapitalisation. Rajesh Mirjankar, managing director & chief executive officer of Infrasoft Technologies, spoke to Raghu Mohan on the pitfalls in banks going all out to woo customers through newer channels, and the pressure to on-board them quickly. Edited excerpts:

What explains the high levels of frauds despite the substantial investments made by banks in technology?

I think the system per se does not have a flaw, but there could be lack of micro-management at assessing the fraud at the individual bank level. I have seen from our experience that the staff in the fraud-control departments –whether it's audit or risk management – are very competent and capable. But given the volume of transactions, I think it is difficult to do micro-management of transactions. It is typically on reported frauds, or reported scenarios.

The other point I want to add is that the banking system has been very prudent in the way it reacts and responds to frauds. Banks are able to come back with the assessment and impact of the fraud pretty much within a few days. Hence, if they have at their disposal the tools to detect micro-level non-compliances such as anti-fraud systems, it would certainly help. The tools that are required have to be far more advanced than what they are today. 

What is your view on the time-lag between fraud detection and resolution?

Assessment of frauds have taken a shorter time because banks have the systems in place. The issue has more to do with the legal aspect when a fraud happens; like details of the fraud and closing the case. If you have frozen an account, then getting the proceeds from the account to whoever is the creditor is difficult because it has to go to the courts. You need to have the witnesses and all the people involved within that. So, it does take time in certain cases for frauds to be dealt with in a legal manner. But from my perspective, I think the response to frauds has been pretty quick.

Is there a database of red-flagged accounts which banks share?

There is a formal registry that the Reserve Bank of India (RBI) puts out of frauds which is shared among banks. It is now about opening this registry to more stakeholder, probably within the banking system at the lower-end in terms of involving the co-operative banks. The RBI has been proactive. It is just that some of these regulations have come after an event (of fraud) has happened. I think if you were to look at the standard operating procedure at banks, compliance with and monitoring of that (procedure) itself will enable to prevent frauds. Rather than saying that a fraud has happened, you are now checking if it is happening in other banks as well.

With banks opening up more channels for customer acquisition, you think enough precautions are in place?

It is inevitable that banks will open up more channels; it is also a fact that as you do so, be they manual or digital, the avenues for frauds will go up.

In the case mobile banking frauds, it has been noticed that the customer has not registered, or signed up, but somebody has used the mobile number, or cloned the SIM card. These calls that are either phishing, or somebody doing identity theft, have occurred, but can be largely avoided through the education of customers on using digital banking channels. The fact is that it is not about the customer not using a digital channel. Somebody could use identity theft to use the digital channel on behalf of the customer, behaving like the customer. This education has to be across all classes and not just for those who have applied for mobile banking. For this, more notifications have to go to the public through the media, to say, for instance, that ‘banks don’t send an e-mail asking for the log-in details’”.

Then you have these calls which say your particular card has qualified for an offer. If you want to get this cashback, can you give us the details? Being in the technology field, I am aware of the dangers involved, but others might get carried away. You are so used to cashbacks that you don't disbelieve the fact that there's a cashback on offer. So, you go ahead and give these details. This will stop happening only with the education of customers in their digital journey.

How do you view the move on the part of banks to quickly on-board customers like a telco?

When it comes to on-boarding of customers, new banking relationships (or partnerships), it is necessary to do an assessment of the counter-party that you're dealing with and do checks at the back-end. When eKYC was done through Aadhaar, it took three minutes to open an account. You validated with the Aadhaar details, and that was it -- you got the KYC sorted, and the account was on-boarded. Now with the Supreme Court saying that Aadhaar is not compulsory, it complicates matters because you have got so used to this three-minute on-boarding, but now have to put checks in place. So, this has made it necessary to have the normal checks to be done for opening an account for digital on-boarding as well. 

Is there a case for hiking penal charges?

I wouldn't want to comment on that but in overseas jurisdictions, the penalties are higher for banks. I guess this has to be left to the RBI’s judgment and wisdom. But then, a few crores for not following the KYC process is also high. It would also not be fair to link penalties to the profitability of the bank. In the United States, the implication is in several tens of millions of dollars, but it (penalty) has resulted in banks shutting down their business. Right now, it depends on the severity of the impact. Now, if it is that you have found that the proceeds from a fraud have been used for terror financing, or things like that, then there has to be a higher penalty. But if it's to do with the process not being followed and the impact is seemingly minimal, I don't think it necessarily needs for the RBI to initiate a higher penalty.