Catching the Invisible Criminal: How Policemen Can Tackle the Surge in KYC Frauds

The evolution of crime has leapt from the streets to screens. Among the rising threats in the cyber landscape is KYC fraud—a subtle but dangerous tactic that has victimized thousands of citizens, draining their finances and trust in the digital system.

For police officers, staying ahead of this game isn’t just about investigation—it’s about prevention, public awareness, and precision in action. With India recording over 10,000 daily cybercrime complaints (as per NCRB data, 2023), KYC frauds form a significant chunk of financial cybercrime cases reported at both local stations and cyber cells.

What Is KYC and Why Is It Important?

KYC (Know Your Customer) is a government-mandated identity verification process followed by financial institutions to:

• Prevent identity theft and impersonation
• Curb money laundering and terror financing
• Detect suspicious transactions early
• Maintain transparency in digital transactions
   

RBI mandates banks, NBFCs, wallets, and insurance firms to regularly update KYC details. This requirement, while critical, is being weaponized by scammers to trap unsuspecting victims.

Anatomy of a KYC Fraud

Understanding how these scams unfold is the first step in stopping them. Here's the typical modus operandi used by criminals:

1. The Deceptive Call

Fraudsters pose as officials from reputed banks or mobile wallet services (like Paytm or PhonePe). They’ll say your KYC is outdated and your account will be frozen unless you update it immediately.

They then send a phishing link or ask you to download a remote access app like AnyDesk or TeamViewer. Once installed, they gain control over the victim’s device.

2. Phishing SMS/Emails

Scammers send SMS or emails that look like official communication from banks. These messages often:

• Include fake helpline numbers
• Use RBI logos or names of legitimate banks
• Create a sense of urgency like “KYC pending—Account will be frozen in 24 hours”
• Redirect users to phishing websites that mimic actual bank portals
   

3. The Money Drain

Once trust is gained, victims are tricked into sharing OTPs, debit/credit card numbers, or UPI pins. Money is siphoned off in minutes.

Fact: Over ₹1,200 crore was lost in UPI and KYC-related scams in India in 2023 alone (as per CERT-In reports).

Warning Signs Every Policeman Should Know

Recognizing red flags can help officers advise citizens more effectively and spot fraudulent patterns during complaints.

Red Flags in KYC Scam Calls or Messages:

• Caller asks for confidential info (OTP, CVV, Aadhaar number)
• Uses scare tactics (“Account will be blocked in 2 hours”)
• Comes from mobile numbers, not official channels
• Message is filled with spelling errors or poor grammar
• Instructs to download unknown apps
• Directs to URLs that don’t match the actual bank’s domain (e.g., hdfc-bank.support.com instead of hdfcbank.com)

How Can Policemen Fight KYC Frauds?

Your role isn’t just post-incident action. It's also about community protection. Here’s how you can take the lead:

1. Educate the Public Proactively

Run awareness campaigns in your jurisdiction. Partner with local banks to organize cyber awareness drives, especially in rural areas and senior citizen groups.

Case Insight: In Maharashtra, local police stations reported a 32% drop in KYC scams after conducting weekly street plays and WhatsApp group campaigns.

2. Always Log FIRs or Online Complaints

Every KYC fraud case should be documented. If victims have already lost money, immediately direct them to lodge a complaint at:

🖥️ www.cybercrime.gov.in
📞 1930 - Cyber Helpline

This ensures the funds are possibly frozen in transit before withdrawal.
 

3. Push for Digital Hygiene

Encourage citizens and fellow officers to:

• Never share OTPs or banking info on call
• Verify bank numbers only through official websites or apps
• Refrain from clicking unknown links or installing random apps
• Use UPI apps with transaction alerts and fraud detection
   

Tip: Encourage citizens to install apps like M-Kavach (from MeitY) that offer extra device protection.
 

4. Train Officers to Investigate Efficiently

Many local officers are not trained in digital tracing. Make sure your team:

• Understands how to trace IP logs and app activity
• Can identify phishing domains and trace digital footprints
• Coordinates with cybercrime cells for advanced recovery
   

Note: Digital crimes can be tracked through bank IMEI logs, IP-based location data, and third-party app telemetry—if reported on time.
 

5. Build WhatsApp or Telegram Communities

Create localized cyber alert groups with local business owners, bankers, teachers, and even rickshaw drivers. Share real-time scam alerts and safety tips. These networks act as a first line of information flow.

Case Study: The ₹85 Lakh Heist

In late 2023, a retired colonel in Delhi received a message from "SBI" urging him to update KYC. He called the number provided, shared his OTPs, and within 2 hours, ₹85 lakh was siphoned across 13 UPI transactions.

The police tracked the funds to mule accounts in Bihar, Jharkhand, and Nepal. Swift action by Delhi Cyber Cell and NPCI blocked ₹26 lakh before further damage.

Key Lessons:

• Every minute counts post-fraud.
• Verification of KYC requests must be emphasized.
• Mule accounts are part of a larger organized racket.
   

Suggested Measures for Policemen

Standard Operating Procedures (SOP) for KYC Fraud Response:

1. Register a digital fraud complaint immediately.
2. Guide victim to call 1930 for fund recovery.
3. Report phishing link/mobile number to CERT-In and social platforms.
4. Escalate high-value frauds to Zonal Cyber Cells.
5. Maintain a KYC Scam Database at the thana level.
    

Conclusion: Let’s Patrol the Cyber Streets

As custodians of public safety, your duty now extends beyond lanes and borders—it’s also on apps and screens. KYC fraud is not a petty scam; it's part of a multi-crore cyber racket that bleeds the economy and shatters lives.

By staying alert, updating your knowledge, and empowering your citizens, you become not just protectors—but cyber warriors.

Cyber fraudsters don’t knock on your door—they knock on your screen. Let’s make sure they don’t get in.

Cyber Hygiene Foundation