RBI Guidelines on Safe Digital Banking Practices to avoid Cyber Frauds

RBI has observed that unscrupulous elements are using innovative social media techniques, mobile phone calls, etc. to defraud/ mislead and has cautioned the members of public to be aware of fraudulent messages, spurious calls, unknown links, false notifications, unauthorized QR Codes, etc. promising help in securing concessions and/ or expediting response from banks/ financial service providers.

RBI Press Release dt. 28/01/2022: Guidelines on Safe Digital Banking Practices for General Public to avoid Cyber Threats and Frauds

As per RBI, the fraudsters attempt to get confidential details like user id, login/ transaction password, one time password (OTP), debit/ credit card details (PIN/ CVV/ Expiry Date) and other personal information. Some of the typical modus operandi being used by fraudsters are,-

i) Vishing: phone calls pretending to be from bank/ non-bank e-wallet providers/ telecom service providers in order to lure customers into sharing confidential details in the pretext of KYC updation, unblocking of account/ SIM-card, crediting debited amount, etc.

ii) Phishing: spoofed emails and/ or SMSs designed to dupe customers into thinking that the communication has originated from their bank/ e-wallet provider and contain links to extract confidential details.

iii) Remote Access: by luring customer to download an application on their mobile phone/ computer which is able to access all the customers’ data on that customer device.

iv) Misuse the ‘collect request’ feature of UPI by sending fake payment requests with messages like ‘Enter your UPI PIN’ to receive money.

v) Fake numbers of banks/ e-wallet providers on webpages/ social media and displayed by search engines, etc.

Safe Digital Banking Practices as per RBI Guidelines

RBI has urged the members of public to follow certain safe digital banking practices, i.e. to take all due precautions, while carrying out any digital banking/ payment transactions (online/ mobile), to help prevent financial/ other losses, as under:

i) Never share your account details such as account number, login ID, password, PIN, UPI-PIN, OTP, ATM/ Debit card/ credit card details with anyone, not even with bank officials, however genuine they might sound.

ii) Any phone call/ email threatening the blocking of your account on the pretext of non-updation of KYC and suggestion to click link for updating the same is a common modus operandi of fraudsters. Do not respond to offers for getting KYC updated/ expedited. Always access the official website of your bank/ NBFC/ e-wallet provider or contact the branch.

iii) Do not download any unknown app on your phone/ device. The app may access your confidential data secretly.

iv) Transactions involving receipt of money do not require scanning barcodes/ QR codes or entering MPIN. Thus, exercise caution if asked to do so.

v) Always access the official website of bank/ NBFC/ e-wallet provider for contact details. Contact numbers on internet search engines may be fraudulent.

vi) Check URLs and domain names received in emails/ SMSs for spelling errors. Use only verified, secured, and trusted websites/ apps for online banking, that is, websites starting with ‘’https’’. In case of suspicion, notify local police/ cybercrime branch immediately.

vii) If you receive an OTP for debiting your account for a transaction not initiated by you, inform your bank/ e-wallet provider immediately. If you receive a debit SMS for a transaction not done, inform your bank/ e-wallet provider immediately and block all modes of debit, including UPI. If you suspect any fraudulent activity in your account, check for any addition to the beneficiary list enabled for internet/ mobile banking.

viii) Do not share the password of your email linked to your bank/ e-wallet account. Do not have common passwords for e-commerce/ social media sites and your bank account/ email linked to your bank account. Avoid banking through public, open or free networks.

ix) Do not set your email password as the word “password” while registering in any website/ application with your email as user-id. The password used for accessing your email, especially if linked with your account, should be unique and used only for email access and not for accessing any other website/ application.

x) Do not be misled by advices intimating deposit of money on your behalf with RBI for foreign remittances, receipt of commission, or wins of lottery.

xi) Regularly check your email and phone messages for alerts from your financial service provider. Report any un-authorized transaction observed to your bank/ NBFC/ Service provider immediately for blocking the card/ account/ wallet, so as to prevent any further losses.

xii) Secure your cards and set daily limit for transactions. You may also set limits and activate/ deactivate for domestic/ international use. This can limit loss due to fraud.

Leave a Reply