written by | February 23, 2022

Types of KYC Frauds and How to Avoid them

With the advent of e-payments, online marketing, and online banking, many KYC-related frauds in India have cropped up like never before. Scamsters are inventing new methods regularly to deceive people. Be it KYC-related frauds, various types of ATM frauds, and Banking frauds. These fraudsters haven’t stopped and are troubling people every day, cheating them out of their hard-earned money.

Some simple steps and guidelines should be followed by all to avoid getting duped into the scam. Government and cybercrime authorities have set rules and regulations to safeguard people from falling for it. In this post, we will talk about the types of KYC frauds and how to avoid them.

Did you know?

In the financial year 2021/2022, KYC frauds mostly targeted against educated and salaried class people.

What is KYC?

Know your customer (KYC) is a compulsory procedure of recognizing and authenticating the customer’s identity by all financial institutions functioning in India. In other words, it’s a way of knowing that the customers are genuine, financially viable and their financial position. It is a principled obligation for the financial sectors who are engaged with clients for opening as well as sustaining accounts. Banks and other financial sectors can directly deny opening an account or stop an ongoing financial association if the customer fails to comply with KYC documents. 

Nowadays, it is a vital component in the battle against monetary crimes and money laundering. Hence, client credentials and identification is the first and foremost step to check his/her authenticity. Reserve Bank of India has prohibited a person or an organization to open or operating any bank, Demat, or trading account without first finishing the KYC process. 

What are the Documents required for KYC?

The Documents required to comply with KYC are:

  • Passport.
  • Voter's Identity Card.
  • Driving Licence.
  • Aadhaar Letter/Card.
  • NREGA Card.
  • PAN Card.

Also read: Tracking GST Payments And Dealing With GST Payment Failures

What is a KYC fraud?

These days, fraudsters trap customers easily by asking them to share their particulars like account login information, card info, and OTP, so that they can get unauthorized access to their bank accounts. In recent days, RBI stated that the number of cases registered on KYC related frauds has doubled and as a result of that, it warned customers not to share their personally identifiable information with an unknown person/organisation. RBI also stated in their website clearly that banks do not ask for such information and customers should be aware of that. If they encounter a fake request for KYC/re-KYC update, they must immediately report it to the concerned bank authorities. They can also report such requests to RBI as well. 

Types of KYC frauds

  • Phishing/vishing

In this method, scamsters collect the information of the users like phone number, date of birth, e-mail address, from various sources like social media, bank data, online application forms, and make a fake call on behalf of their registered bank or company. After that, the user is asked about their KYC information to update the database. Once the user agrees, they are asked to click on a link or are asked to download some fraud app and then share the code. Once the user clicks or shares the code, they are trapped. This is commonly known as phishing/vishing.

If the user is on a call with the fraudster, it isn’t easy to disconnect the call as the scamster doesn’t allow the victim to hang up the phone, because when the user disconnects, the bank alerts about the unlawful transactions being carried out by the fraudster are visible. After the fraud is over, the fraudster disconnects the line. When the victim discovers what has happened, a significant amount of money has already been lost by the user.

  • Smishing

The deceptive technique of sending text messages that appear to come from trustworthy companies to get people to divulge sensitive information like passwords or credit card numbers is known as Smishing. Usually, these text messages contain malicious links or attachments, so that the user clicks on that link or opens the attachment and the fraudster can get into his/her phone and steal the data that is required.

  • Identity theft

When someone takes your data to commit a scam, this is known as identity theft. Your information could be used to apply for credit, file taxes, or get medical assistance. These activities can negatively hamper your credit standings and also cause a great deal of monetary loss. 

  • Fake Re-KYC

If a fraudster calls a customer for updating the KYC information and frightens the client by saying ‘if KYC is not updated, then the account will freeze’, beware. A lot of customers are targeted in this way.

How to complain about KYC frauds?

As per the information given by Cybercrime prevention authorities, one should take the following steps if there has been an unauthorized transaction committed in their account.

  • The grieved party should submit all the summary of the facts, right from how the fraudster communicated to him/her, to the events that followed.
  • They also need to put forward screenshots or copies of the stated messages, emails, or call details.
  • After that, the affected party has to give written evidence like bank statements, screenshots of messages or emails of transactions, etc.
  • With all this paperwork, he/she needs to file a complaint with the local police station.
  • Usually, the investigating officer gathers all the information in hard copy as well as soft copy form.

Also read: Virtual Payment Address (VPA)– A new mode of payment

What are the safety measures to be followed for preventing oneself from KYC scams? 

  • Be wary of unsolicited phone calls, emails, or text messages. It all starts with the scammer pretending to be your friend/relative and a common theme used in this circumstance is that someone in your family met with an accident, and you need to transfer money immediately in order to start the treatment. In this situation, don’t provide a prompt response, verify the caller’s identity, make a phone call to the actual person mentioned, and if you find this story false, disconnect the call quickly.
  • At any time, don’t provide credit/debit card info to someone acting as a bank official or customer support representative.
  • Never put credit card information into a form given by the fraudster. There is a high possibility that your login information may be used to steal your money.
  • Avoid downloading third-party apps that provide your computer access from another location, as it will give direct visibility to your chats and emails.
  • Do not click on any links in scam emails.

These days, not only KYC scams are on the rise but also bank frauds. Bank fraud is a fake impersonation of a bank or other financial institution to obtain money, assets, or other possessions owned or possessed by a financial institution, or to get monetary gain from depositors. There are various types of bank frauds in India and being cautious about them is the need of the hour. 

Types of banking frauds in India

  • Phishing: Phishing is similar to ‘fishing’ in a literal sense. It is a ploy to fish a person’s banking data. It can be in the form of an email, message, or a phone call where fraudster asks for sensitive and classified data like OTP, log-in details, and passwords. 
  • Spear Phishing: Spear phishing, as the name suggests, is a selective phishing shot via e-mail that looks to have come from a reliable person and can also be from someone in your own company like your boss, or a close relative. The subject line of the e-mail is personalized and usually of importance to either existing ventures of progress in the company or can be associated with domestic issues. As soon as the user opens the email and clicks on the link, Trojans or viruses are downloaded, or a form opens on the screen, requiring the receiver to enter in data. 

  • Spoofing: Making a malicious website carry fraud activity behind the scenes is known as spoofing. Fraudsters use the names, graphics, logo designs of the actual website on the hoax website to make them look real. 
  • Vishing: Asking confidential details from someone through a phone call like OTP, Passwords, login credentials, card pin, CVV, or any other personal data is Vishing. The Scamsters trick users by saying that they are from banks and need the info. 
  • Skimming: Taking details from someone’s ATM, debit, or credit card’s magnetic strip and using it is called skimming. For this act, usually, a tiny device or camera is installed in such a way that the skimmer can capture the pin details. It can happen in any place like ATM, hospital, cafes, petrol pumps, etc. 
  • Smishing: It is a mixture of messaging and phishing. If you are receiving messages advising that your account is compromised/it needs to be updated, or you have to register for a new program, then it is a Smishing message. For these acts, even toll-free numbers are used. 
  • SIM Swap: SIM swap is when a fraudster obtains a new SIM card for your registered mobile number from your mobile service provider and uses the new SIM card to obtain the OTP and notifications needed to conduct financial transactions through your bank account. To prevent this fraudulent method, use trusted apps in your smartphone and never play with its security settings. If you are unfortunately the victim of a SIM swap fraud, contact your mobile operator, block the SIM card, and obtain a new one.

Types of ATM frauds in India

Card Shimming: It is done by installing an external (hidden) device on the ATM and getting the information from the card’s magnetic strip.

Card Skimming: It is done by duplicating the card completely without the user’s knowledge.

Card Trapping: A device is installed on the ATM and when the card is inserted it gets trapped. As soon as the user goes to seek help, the trapper enters and takes out the card.

Keyboard Jamming: In this case, buttons like entering, Cancel of ATM are jammed so that the user goes out to seek help, the Scamster enters and withdraws money.

Phishing: Phishing refers to the cloning of the card and usually happens with people who are careless with their monetary transactions.To avoid falling for this fraud activity, educate yourself about phishing, don’t enter your ATM details in untrustworthy websites, change your ATM pin every once in a while, and don’t give your ATM related details to anybody. If you are the victim of this scam, connect to your bank branch quickly, block your card, and get a new one.

Also read: All About CAMS: KRA, KYC, FATCA Status


Fraudsters use different techniques and ways to dupe people. These frauds are happening very frequently. Our protection is in our own hands. We should remain alert all the time and restrain ourselves at all costs to open or click on any suspicious links or attachments. We should also avoid sharing confidential information with anyone over the phone, messages, or through emails.

Kindly report the case to either your card issuing bank or reach out to the nearest Cybercrime. Send an email to cybercell@khatabook.com to report the case.

Important: Never share OTPs, PIN numbers or any other codes that you receive via SMS or other channels. Never share your Account Number or Credit and Debit Card details on a public platform.


Q: What is Card Shimming?


Card Shimming is a type of ATM fraud that is done by installing an external (hidden) device on the ATM and getting the information from the card’s magnetic strip.

Q: How can one complain about KYC fraud in India?


One can go to the local police station to complain and submit the relevant documents. The local police station takes the assistance of the cyber cell authorities.

Q: What are the different ways in which KYC frauds in India are happening?


Different ways in which KYC frauds in India happen are Identity theft, vishing, Smishing, and fake re-KYC.

Q: Why is KYC required?


KYC is required to prevent banks and other financial institutions from being used for money laundering and other illegal activities.

Q: What is the full form of KYC?


The full form of KYC is Know your Customer.

Disclaimer :
The information, product and services provided on this website are provided on an “as is” and “as available” basis without any warranty or representation, express or implied. Khatabook Blogs are meant purely for educational discussion of financial products and services. Khatabook does not make a guarantee that the service will meet your requirements, or that it will be uninterrupted, timely and secure, and that errors, if any, will be corrected. The material and information contained herein is for general information purposes only. Consult a professional before relying on the information to make any legal, financial or business decisions. Use this information strictly at your own risk. Khatabook will not be liable for any false, inaccurate or incomplete information present on the website. Although every effort is made to ensure that the information contained in this website is updated, relevant and accurate, Khatabook makes no guarantees about the completeness, reliability, accuracy, suitability or availability with respect to the website or the information, product, services or related graphics contained on the website for any purpose. Khatabook will not be liable for the website being temporarily unavailable, due to any technical issues or otherwise, beyond its control and for any loss or damage suffered as a result of the use of or access to, or inability to use or access to this website whatsoever.