By Atiya Firdos
Missing SMS alerts and absence of PIN entry left victims unaware of fraudulent bank transactions for months; authorities are now investigating potential security lapses in banking system
A citizen has approached the Central Division’s Cyber Crime (CEN) police station, alleging fraudulent UPI transactions amounting to approximately `14.8 lakh from his wife’s and son’s private sector bank accounts. The complainant discovered the unauthorised transactions only recently, though they occurred between December 14, 2024, and February 21, 2025.
According to the complaint, all the fraudulent transactions were conducted via UPI without the victims entering their PINs or receiving any SMS notifications. This raises serious concerns about a potential loophole in banking security, as UPI transactions typically require two-factor authentication. The absence of alerts prevented the victims from detecting the fraud in real-time, allowing the scam to go unnoticed for months.
Breakdown of fraudulent transactions
The complainant stated that his wife’s and son’s accounts were targeted, with both debit and credit transactions making it harder to detect the fraud initially.
In his wife’s account, total fraudulent debts amounted to `8,54,698, while credits stood at `1,71,000, resulting in a net loss of `6,83,698.
In his son’s account, fraudulent debits totalled `7,27,087, while credits amounted to `7,36,970.41, leading to a net difference of `9,883.41.
New cybercrime loophole?
This case highlights a troubling new dimension in cyber fraud: the lack of SMS alerts for unauthorised transactions. Typically, banks send real-time SMS alerts for every debit or credit, enabling account holders to take immediate action in case of fraud. However, in this instance, the victims were completely unaware of the transactions, suggesting that fraudsters may have found a way to bypass or suppress these notifications.
Cybercrime experts speculate that the fraudsters could have exploited a vulnerability in the bank’s security system, used a cloned SIM card to intercept notifications, or manipulated banking apps to bypass authentication checks. The police are likely to seek technical expertise to determine how the fraud was executed and whether other customers are at risk.
Authorities are now investigating whether this is an isolated case or part of a larger financial fraud network. The complainant has urged authorities to intervene urgently to recover the lost funds and prevent similar breaches in the future.
As digital transactions become increasingly common, this case raises critical questions about the reliability of UPI security measures and the potential risks if banks fail to provide timely alerts. Investigations are underway.
Images are for reference only.Images and contents gathered automatic from google or 3rd party sources.All rights on the images and contents are with their legal original owners.